Overview
overview
8Static
static
3Onn Setup2...08.exe
windows10-2004-x64
8$PLUGINSDI...er.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...in.dll
windows10-2004-x64
1$PLUGINSDI...zU.dll
windows10-2004-x64
3CommFunc.dll
windows10-2004-x64
1DLL3S_UsbA...32.dll
windows10-2004-x64
3DLL3S_UsbA...64.dll
windows10-2004-x64
1DLL3S_UsbA...32.dll
windows10-2004-x64
3DLL3S_UsbA...64.dll
windows10-2004-x64
1Driver/CommFunc.dll
windows10-2004-x64
1Driver/DIFxAPI.dll
windows10-2004-x64
1Driver/DIFxCmd.exe
windows10-2004-x64
1Driver/HHT...tr.sys
windows10-2004-x64
1Driver/Mou...vi.sys
windows10-2004-x64
1Driver/devcon.exe
windows10-2004-x64
1Driver/x64...PI.dll
windows10-2004-x64
1Driver/x64...md.exe
windows10-2004-x64
1Driver/x64...ve.bat
windows10-2004-x64
1Driver/x64...up.bat
windows10-2004-x64
5Driver/x64/HHTHid.sys
windows10-2004-x64
1Driver/x64...tr.sys
windows10-2004-x64
1Driver/x64...vi.sys
windows10-2004-x64
1Driver/x64...id.exe
windows10-2004-x64
8Driver/x64...vi.sys
windows10-2004-x64
1Driver/x64...vi.sys
windows10-2004-x64
1Driver/x64/devcon.exe
windows10-2004-x64
1DrvInDll.dll
windows10-2004-x64
1DuiLib.dll
windows10-2004-x64
3HidServ.dll
windows10-2004-x64
1HookDLL.dll
windows10-2004-x64
1KbDaemon.exe
windows10-2004-x64
1Analysis
-
max time kernel
98s -
max time network
105s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
25-05-2024 22:17
Static task
static1
Behavioral task
behavioral1
Sample
Onn Setup20240320V1.0.0.8.08.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral2
Sample
$PLUGINSDIR/BgWorker.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral4
Sample
$PLUGINSDIR/nsNiuniuSkin.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsis7zU.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral6
Sample
CommFunc.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
DLL3S_UsbAudio16xx_Debug_x32.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral8
Sample
DLL3S_UsbAudio16xx_Debug_x64.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
DLL3S_UsbAudio16xx_x32.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral10
Sample
DLL3S_UsbAudio16xx_x64.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Driver/CommFunc.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
Driver/DIFxAPI.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Driver/DIFxCmd.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral14
Sample
Driver/HHTHidMouFiltr.sys
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Driver/MouFiltr_Evi.sys
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
Driver/devcon.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Driver/x64/DIFxAPI.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral18
Sample
Driver/x64/DIFxCmd.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Driver/x64/Driver_Remove.bat
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral20
Sample
Driver/x64/Driver_Setup.bat
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Driver/x64/HHTHid.sys
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral22
Sample
Driver/x64/HHTHidMouFiltr.sys
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Driver/x64/HidFiltr_Evi.sys
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral24
Sample
Driver/x64/InstallDriver_HHTHid.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Driver/x64/KbFiltr_Evi.sys
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral26
Sample
Driver/x64/MouFiltr_Evi.sys
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Driver/x64/devcon.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral28
Sample
DrvInDll.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
DuiLib.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral30
Sample
HidServ.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
HookDLL.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral32
Sample
KbDaemon.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
General
-
Target
$PLUGINSDIR/nsNiuniuSkin.dll
-
Size
896KB
-
MD5
1834fd72e6a7387749d014a30b53d6ac
-
SHA1
e6c51f9f578e86e376501fc08f6d80cfe11bdb52
-
SHA256
148cb136ff5ae9711ddb869b5f22065ee89e13eaf5081ce39c07dbe89ccd97b7
-
SHA512
c8247a7916c718311a0f458cbb2133d77e3950609bb2c4b9470a9a7725a1d4d595422fb8c3c42f34629fd045675c72b221fee26a5188b9df4a0f3099857ec204
-
SSDEEP
24576:/pIQCUFPxa+iDkpxMJIpgT62mQh8lZIn:oUFPxarJICm25oZE
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4884 wrote to memory of 2596 4884 rundll32.exe 83 PID 4884 wrote to memory of 2596 4884 rundll32.exe 83 PID 4884 wrote to memory of 2596 4884 rundll32.exe 83