Overview
overview
10Static
static
10WeChatSetup.exe
windows7-x64
4WeChatSetup.exe
windows10-2004-x64
4$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...ll.dll
windows7-x64
1$PLUGINSDI...ll.dll
windows10-2004-x64
1$PLUGINSDI...st.dll
windows7-x64
3$PLUGINSDI...st.dll
windows10-2004-x64
3Uninstall.exe
windows7-x64
4Uninstall.exe
windows10-2004-x64
4$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...ll.dll
windows7-x64
1$PLUGINSDI...ll.dll
windows10-2004-x64
1WeChat.exe
windows7-x64
10WeChat.exe
windows10-2004-x64
10WechatAppLauncher.exe
windows7-x64
1WechatAppLauncher.exe
windows10-2004-x64
1[3.9.9.43]...dk.dll
windows7-x64
1[3.9.9.43]...dk.dll
windows10-2004-x64
1host/wmpf_...rt.dll
windows7-x64
1host/wmpf_...rt.dll
windows10-2004-x64
1host/wmpf_...64.dll
windows7-x64
1host/wmpf_...64.dll
windows10-2004-x64
1runtime/Co...on.dll
windows7-x64
1runtime/Co...on.dll
windows10-2004-x64
1runtime/ConfSdk.dll
windows7-x64
1runtime/ConfSdk.dll
windows10-2004-x64
1Analysis
-
max time kernel
121s -
max time network
140s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
16-03-2024 10:26
Behavioral task
behavioral1
Sample
WeChatSetup.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral2
Sample
WeChatSetup.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral4
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
$PLUGINSDIR/WeChatInstallDll.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral8
Sample
$PLUGINSDIR/WeChatInstallDll.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
$PLUGINSDIR/nsInstallAssist.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral10
Sample
$PLUGINSDIR/nsInstallAssist.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Uninstall.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral12
Sample
Uninstall.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral14
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
$PLUGINSDIR/System.dll
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral16
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
$PLUGINSDIR/WeChatInstallDll.dll
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral18
Sample
$PLUGINSDIR/WeChatInstallDll.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
WeChat.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral20
Sample
WeChat.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
WechatAppLauncher.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral22
Sample
WechatAppLauncher.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
[3.9.9.43]/ConfSdk.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral24
Sample
[3.9.9.43]/ConfSdk.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
host/wmpf_host_export.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral26
Sample
host/wmpf_host_export.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
host/wmpf_host_export_x64.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral28
Sample
host/wmpf_host_export_x64.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
runtime/ComponentVerification.dll
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral30
Sample
runtime/ComponentVerification.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
runtime/ConfSdk.dll
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral32
Sample
runtime/ConfSdk.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
General
-
Target
host/wmpf_host_export.dll
-
Size
1.8MB
-
MD5
557263e28dc6c1416cea8b43a9a47282
-
SHA1
bb2306ef4e99dc0b10aa8ab51bb2872ed2a5d45a
-
SHA256
d40ebacc2c08b72aa48dbe613ef2bc4cfe65bf0fcd63254239308fc4ae0eb226
-
SHA512
b8fd24c566d770a452ecb5d227ccfe2ae8afc37d1c797d064adda63ec34a606c3ac882b2a366e4828c5c4869e249e2cf9dd9852185d63da9ff4bfc6c71c3d686
-
SSDEEP
24576:e+JpOhdC4YyHBU8p4aolR7esO2YgdlnL6tO/MbcTuMilTfYR01Is0B2o5pvy82+f:kC4YyHBP4DesjgsYOmP0B1i+
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2692 wrote to memory of 2600 2692 rundll32.exe 28 PID 2692 wrote to memory of 2600 2692 rundll32.exe 28 PID 2692 wrote to memory of 2600 2692 rundll32.exe 28 PID 2692 wrote to memory of 2600 2692 rundll32.exe 28 PID 2692 wrote to memory of 2600 2692 rundll32.exe 28 PID 2692 wrote to memory of 2600 2692 rundll32.exe 28 PID 2692 wrote to memory of 2600 2692 rundll32.exe 28