Overview

overview

3

Static

static

3

0db9ac0264...00.exe

windows7-x64

3

0db9ac0264...00.exe

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

7z.dll

windows7-x64

3

7z.dll

windows10-2004-x64

3

7z.exe

windows7-x64

1

7z.exe

windows10-2004-x64

1

WeaselDeployer.exe

windows7-x64

1

WeaselDeployer.exe

windows10-2004-x64

1

WeaselServer.exe

windows7-x64

1

WeaselServer.exe

windows10-2004-x64

1

WinSparkle.dll

windows7-x64

1

WinSparkle.dll

windows10-2004-x64

1

curl.exe

windows7-x64

1

curl.exe

windows10-2004-x64

1

rime-insta...ig.bat

windows7-x64

1

rime-insta...ig.bat

windows10-2004-x64

1

rime-install.bat

windows7-x64

1

rime-install.bat

windows10-2004-x64

1

rime.dll

windows7-x64

1

rime.dll

windows10-2004-x64

1

start_service.bat

windows7-x64

1

start_service.bat

windows10-2004-x64

1

stop_service.bat

windows7-x64

1

stop_service.bat

windows10-2004-x64

1

weasel.dll

windows7-x64

1

weasel.dll

windows10-2004-x64

1

weasel.dll

windows7-x64

3

weasel.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/03/2024, 08:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WinSparkle.dll

  • Size

    2.7MB

  • MD5

    63ef89eaaeaa9fc7dc8207c080181b1b

  • SHA1

    00b17c87f86857cde75f711849b892bdc6f77c75

  • SHA256

    f3c86101e041db5476c4d491ab1175bfac22a26ce41046551b283ad74df27718

  • SHA512

    4924994a885ccdc05475c476245355bec8c659ac993a0514a4e97e126ba787cddcaa597f019f666ccad896f7b892010d3b833610a923393eaaad5b8288a376e7

  • SSDEEP

    24576:Wbn+fbzelhSytKX9geCR4KpvSxVHxY81ciYxgFoOVU7DfyAed/jpmlM5D+3/il/N:Wbn+Iq9ge5KuVRY8KiY1+Aed/Qe5D+i

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\WinSparkle.dll,#1
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads