a77210dc3ae1df36cab033e2b52ca8c656bd5cbc5257a79220526f32f4bf5949 | Triage

Submit
Reports

Overview

overview

8

Static

static

3

Onn Setup2...08.exe

windows10-2004-x64

8

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...in.dll

windows10-2004-x64

1

$PLUGINSDI...zU.dll

windows10-2004-x64

3

CommFunc.dll

windows10-2004-x64

1

DLL3S_UsbA...32.dll

windows10-2004-x64

3

DLL3S_UsbA...64.dll

windows10-2004-x64

1

DLL3S_UsbA...32.dll

windows10-2004-x64

3

DLL3S_UsbA...64.dll

windows10-2004-x64

1

Driver/CommFunc.dll

windows10-2004-x64

1

Driver/DIFxAPI.dll

windows10-2004-x64

1

Driver/DIFxCmd.exe

windows10-2004-x64

1

Driver/HHT...tr.sys

windows10-2004-x64

1

Driver/Mou...vi.sys

windows10-2004-x64

1

Driver/devcon.exe

windows10-2004-x64

1

Driver/x64...PI.dll

windows10-2004-x64

1

Driver/x64...md.exe

windows10-2004-x64

1

Driver/x64...ve.bat

windows10-2004-x64

1

Driver/x64...up.bat

windows10-2004-x64

5

Driver/x64/HHTHid.sys

windows10-2004-x64

1

Driver/x64...tr.sys

windows10-2004-x64

1

Driver/x64...vi.sys

windows10-2004-x64

1

Driver/x64...id.exe

windows10-2004-x64

8

Driver/x64...vi.sys

windows10-2004-x64

1

Driver/x64...vi.sys

windows10-2004-x64

1

Driver/x64/devcon.exe

windows10-2004-x64

1

DrvInDll.dll

windows10-2004-x64

1

DuiLib.dll

windows10-2004-x64

3

HidServ.dll

windows10-2004-x64

1

HookDLL.dll

windows10-2004-x64

1

KbDaemon.exe

windows10-2004-x64

1

Analysis

max time kernel
94s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25-05-2024 22:17

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Onn Setup20240320V1.0.0.8.08.exe

Resource

win10v2004-20240426-en

discovery persistence

windows10-2004-x64

16 signatures

120 seconds

Behavioral task

behavioral2

Sample

$PLUGINSDIR/BgWorker.dll

Resource

win10v2004-20240426-en

windows10-2004-x64

2 signatures

120 seconds

Behavioral task

behavioral3

Sample

$PLUGINSDIR/System.dll

Resource

win10v2004-20240426-en

windows10-2004-x64

2 signatures

120 seconds

Behavioral task

behavioral4

Sample

$PLUGINSDIR/nsNiuniuSkin.dll

Resource

win10v2004-20240426-en

windows10-2004-x64

1 signatures

120 seconds

Behavioral task

behavioral5

Sample

$PLUGINSDIR/nsis7zU.dll

Resource

win10v2004-20240508-en

windows10-2004-x64

2 signatures

120 seconds

Behavioral task

behavioral6

Sample

CommFunc.dll

Resource

win10v2004-20240426-en

windows10-2004-x64

1 signatures

120 seconds

Behavioral task

behavioral7

Sample

DLL3S_UsbAudio16xx_Debug_x32.dll

Resource

win10v2004-20240508-en

windows10-2004-x64

2 signatures

120 seconds

Behavioral task

behavioral8

Sample

DLL3S_UsbAudio16xx_Debug_x64.dll

Resource

win10v2004-20240508-en

windows10-2004-x64

0 signatures

120 seconds

Behavioral task

behavioral9

Sample

DLL3S_UsbAudio16xx_x32.dll

Resource

win10v2004-20240426-en

windows10-2004-x64

2 signatures

120 seconds

Behavioral task

behavioral10

Sample

DLL3S_UsbAudio16xx_x64.dll

Resource

win10v2004-20240426-en

windows10-2004-x64

0 signatures

120 seconds

Behavioral task

behavioral11

Sample

Driver/CommFunc.dll

Resource

win10v2004-20240508-en

windows10-2004-x64

1 signatures

120 seconds

Behavioral task

behavioral12

Sample

Driver/DIFxAPI.dll

Resource

win10v2004-20240508-en

windows10-2004-x64

1 signatures

120 seconds

Behavioral task

behavioral13

Sample

Driver/DIFxCmd.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

120 seconds

Behavioral task

behavioral14

Sample

Driver/HHTHidMouFiltr.sys

Resource

win10v2004-20240508-en

windows10-2004-x64

0 signatures

120 seconds

Behavioral task

behavioral15

Sample

Driver/MouFiltr_Evi.sys

Resource

win10v2004-20240426-en

windows10-2004-x64

0 signatures

120 seconds

Behavioral task

behavioral16

Sample

Driver/devcon.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

0 signatures

120 seconds

Behavioral task

behavioral17

Sample

Driver/x64/DIFxAPI.dll

Resource

win10v2004-20240426-en

windows10-2004-x64

0 signatures

120 seconds

Behavioral task

behavioral18

Sample

Driver/x64/DIFxCmd.exe

Resource

win10v2004-20240426-en

windows10-2004-x64

0 signatures

120 seconds

Behavioral task

behavioral19

Sample

Driver/x64/Driver_Remove.bat

Resource

win10v2004-20240508-en

windows10-2004-x64

1 signatures

120 seconds

Behavioral task

behavioral20

Sample

Driver/x64/Driver_Setup.bat

Resource

win10v2004-20240508-en

windows10-2004-x64

6 signatures

120 seconds

Behavioral task

behavioral21

Sample

Driver/x64/HHTHid.sys

Resource

win10v2004-20240508-en

windows10-2004-x64

0 signatures

120 seconds

Behavioral task

behavioral22

Sample

Driver/x64/HHTHidMouFiltr.sys

Resource

win10v2004-20240426-en

windows10-2004-x64

0 signatures

120 seconds

Behavioral task

behavioral23

Sample

Driver/x64/HidFiltr_Evi.sys

Resource

win10v2004-20240508-en

windows10-2004-x64

0 signatures

120 seconds

Behavioral task

behavioral24

Sample

Driver/x64/InstallDriver_HHTHid.exe

Resource

win10v2004-20240426-en

windows10-2004-x64

9 signatures

120 seconds

Behavioral task

behavioral25

Sample

Driver/x64/KbFiltr_Evi.sys

Resource

win10v2004-20240426-en

windows10-2004-x64

0 signatures

120 seconds

Behavioral task

behavioral26

Sample

Driver/x64/MouFiltr_Evi.sys

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

120 seconds

Behavioral task

behavioral27

Sample

Driver/x64/devcon.exe

Resource

win10v2004-20240426-en

windows10-2004-x64

0 signatures

120 seconds

Behavioral task

behavioral28

Sample

DrvInDll.dll

Resource

win10v2004-20240426-en

windows10-2004-x64

1 signatures

120 seconds

Behavioral task

behavioral29

Sample

DuiLib.dll

Resource

win10v2004-20240508-en

windows10-2004-x64

2 signatures

120 seconds

Behavioral task

behavioral30

Sample

HidServ.dll

Resource

win10v2004-20240426-en

windows10-2004-x64

1 signatures

120 seconds

Behavioral task

behavioral31

Sample

HookDLL.dll

Resource

win10v2004-20240508-en

windows10-2004-x64

2 signatures

120 seconds

Behavioral task

behavioral32

Sample

KbDaemon.exe

Resource

win10v2004-20240426-en

windows10-2004-x64

0 signatures

120 seconds

Report Analysis Logs

General

Target

Driver/x64/HidFiltr_Evi.sys
Size

29KB
MD5

111d4505d71a92ddc2997ef6fbf6269f
SHA1

bdf2f64d0e66c89913e986fbf978cf372b1104af
SHA256

5d7627ffde70ba97437fd413b3c0be8fe5e46eab944c376245be0664ef4e83e8
SHA512

5e3b9db65d12db1635edc9dbf019606379e3ca870b68a0155a0d3a0a80e56115079a3f1252aa2d53536071ec20e868d7cdb88d0033aa064b7b0ebf2f1f4887d2
SSDEEP

384:EOAIj9ZzBoJLoPf0rl9c3jlPaknYPL6iUHeMZHoiWPFRWw2Ktkl9xhve:E9ABE+Gl9c3xPakhkHW18

Score

1^/10

Malware Config

Signatures

Processes

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Driver\x64\HidFiltr_Evi.sys
1⤵
PID:3892
- C:\Users\Admin\AppData\Local\Temp\Driver\x64\HidFiltr_Evi.sys
  C:\Users\Admin\AppData\Local\Temp\Driver\x64\HidFiltr_Evi.sys
  2⤵
  PID:632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/632-0-0x0000000000010000-0x0000000000019000-memory.dmp

Filesize
36KB

Download

© 2018-2024

Terms | Privacy