Overview
overview
8Static
static
3Onn Setup2...08.exe
windows10-2004-x64
8$PLUGINSDI...er.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...in.dll
windows10-2004-x64
1$PLUGINSDI...zU.dll
windows10-2004-x64
3CommFunc.dll
windows10-2004-x64
1DLL3S_UsbA...32.dll
windows10-2004-x64
3DLL3S_UsbA...64.dll
windows10-2004-x64
1DLL3S_UsbA...32.dll
windows10-2004-x64
3DLL3S_UsbA...64.dll
windows10-2004-x64
1Driver/CommFunc.dll
windows10-2004-x64
1Driver/DIFxAPI.dll
windows10-2004-x64
1Driver/DIFxCmd.exe
windows10-2004-x64
1Driver/HHT...tr.sys
windows10-2004-x64
1Driver/Mou...vi.sys
windows10-2004-x64
1Driver/devcon.exe
windows10-2004-x64
1Driver/x64...PI.dll
windows10-2004-x64
1Driver/x64...md.exe
windows10-2004-x64
1Driver/x64...ve.bat
windows10-2004-x64
1Driver/x64...up.bat
windows10-2004-x64
5Driver/x64/HHTHid.sys
windows10-2004-x64
1Driver/x64...tr.sys
windows10-2004-x64
1Driver/x64...vi.sys
windows10-2004-x64
1Driver/x64...id.exe
windows10-2004-x64
8Driver/x64...vi.sys
windows10-2004-x64
1Driver/x64...vi.sys
windows10-2004-x64
1Driver/x64/devcon.exe
windows10-2004-x64
1DrvInDll.dll
windows10-2004-x64
1DuiLib.dll
windows10-2004-x64
3HidServ.dll
windows10-2004-x64
1HookDLL.dll
windows10-2004-x64
1KbDaemon.exe
windows10-2004-x64
1Analysis
-
max time kernel
91s -
max time network
133s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
25-05-2024 22:17
Static task
static1
Behavioral task
behavioral1
Sample
Onn Setup20240320V1.0.0.8.08.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral2
Sample
$PLUGINSDIR/BgWorker.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral4
Sample
$PLUGINSDIR/nsNiuniuSkin.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsis7zU.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral6
Sample
CommFunc.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
DLL3S_UsbAudio16xx_Debug_x32.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral8
Sample
DLL3S_UsbAudio16xx_Debug_x64.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
DLL3S_UsbAudio16xx_x32.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral10
Sample
DLL3S_UsbAudio16xx_x64.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Driver/CommFunc.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
Driver/DIFxAPI.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Driver/DIFxCmd.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral14
Sample
Driver/HHTHidMouFiltr.sys
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Driver/MouFiltr_Evi.sys
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
Driver/devcon.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Driver/x64/DIFxAPI.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral18
Sample
Driver/x64/DIFxCmd.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Driver/x64/Driver_Remove.bat
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral20
Sample
Driver/x64/Driver_Setup.bat
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Driver/x64/HHTHid.sys
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral22
Sample
Driver/x64/HHTHidMouFiltr.sys
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Driver/x64/HidFiltr_Evi.sys
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral24
Sample
Driver/x64/InstallDriver_HHTHid.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Driver/x64/KbFiltr_Evi.sys
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral26
Sample
Driver/x64/MouFiltr_Evi.sys
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Driver/x64/devcon.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral28
Sample
DrvInDll.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
DuiLib.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral30
Sample
HidServ.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
HookDLL.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral32
Sample
KbDaemon.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
General
-
Target
HidServ.dll
-
Size
42KB
-
MD5
19cfb1ba0fe750d30daefa7ee5a58a9f
-
SHA1
423330915d96d3530c0cf3fa4cdb62d0117d5242
-
SHA256
7f511e25c92f465c81fb3629eecab79ac7ea506413ff32003b370a4787b724d9
-
SHA512
373306858c0547ddcaafef332c0cf8b018469cd3f4a8b480c4051f4da1d6b3439b2f1be52bbf8a2b38e515767d2b38ab1f6db2ff4e84ff1f8e2598dc96fb5c57
-
SSDEEP
768:X1avQg88rk/mJzNwAy5/c9WZXx5xutrhNb1ut:X1hgPQAy5/c8ZBv2rjb1M
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2660 wrote to memory of 1364 2660 rundll32.exe 86 PID 2660 wrote to memory of 1364 2660 rundll32.exe 86 PID 2660 wrote to memory of 1364 2660 rundll32.exe 86