Overview
overview
7Static
static
3STYLEXP2.7.exe
windows7-x64
7STYLEXP2.7.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...nu.dll
windows7-x64
3$PLUGINSDI...nu.dll
windows10-2004-x64
3$SYSDIR/OEMLINK.htm
windows7-x64
1$SYSDIR/OEMLINK.htm
windows10-2004-x64
1$WINDIR/Re...JC.dll
windows7-x64
1$WINDIR/Re...JC.dll
windows10-2004-x64
1$WINDIR/Re...le.dll
windows7-x64
1$WINDIR/Re...le.dll
windows10-2004-x64
1$WINDIR/Re...E4.dll
windows7-x64
1$WINDIR/Re...E4.dll
windows10-2004-x64
1$WINDIR/Re...le.dll
windows7-x64
1$WINDIR/Re...le.dll
windows10-2004-x64
1$WINDIR/Re...le.dll
windows7-x64
1$WINDIR/Re...le.dll
windows10-2004-x64
1$WINDIR/Re...le.dll
windows7-x64
1$WINDIR/Re...le.dll
windows10-2004-x64
1$WINDIR/Re...le.dll
windows7-x64
1$WINDIR/Re...le.dll
windows10-2004-x64
1$WINDIR/Re...ch.dll
windows7-x64
1$WINDIR/Re...ch.dll
windows10-2004-x64
1$WINDIR/Re...le.dll
windows7-x64
1$WINDIR/Re...le.dll
windows10-2004-x64
1$WINDIR/Re...RT.dll
windows7-x64
1$WINDIR/Re...RT.dll
windows10-2004-x64
1$WINDIR/Re...le.dll
windows7-x64
1$WINDIR/Re...le.dll
windows10-2004-x64
1$WINDIR/Re...P4.dll
windows7-x64
1$WINDIR/Re...P4.dll
windows10-2004-x64
1Analysis
-
max time kernel
117s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
26/06/2024, 00:05
Static task
static1
Behavioral task
behavioral1
Sample
STYLEXP2.7.exe
Resource
win7-20240419-en
windows7-x64
Behavioral task
behavioral2
Sample
STYLEXP2.7.exe
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral6
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
$SYSDIR/OEMLINK.htm
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral8
Sample
$SYSDIR/OEMLINK.htm
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
$WINDIR/Resources/Themes/DZVista YJC/DZVista YJC.dll
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral10
Sample
$WINDIR/Resources/Themes/DZVista YJC/DZVista YJC.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
$WINDIR/Resources/Themes/DZVista YJC/Shell/NormalColor/Shellstyle.dll
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral12
Sample
$WINDIR/Resources/Themes/DZVista YJC/Shell/NormalColor/Shellstyle.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
$WINDIR/Resources/Themes/LE4/LE4.dll
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral14
Sample
$WINDIR/Resources/Themes/LE4/LE4.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
$WINDIR/Resources/Themes/LE4/Shell/Black/shellstyle.dll
Resource
win7-20240419-en
windows7-x64
Behavioral task
behavioral16
Sample
$WINDIR/Resources/Themes/LE4/Shell/Black/shellstyle.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
$WINDIR/Resources/Themes/LE4/Shell/BlackC/shellstyle.dll
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral18
Sample
$WINDIR/Resources/Themes/LE4/Shell/BlackC/shellstyle.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
$WINDIR/Resources/Themes/LE4/Shell/DefaultC/shellstyle.dll
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral20
Sample
$WINDIR/Resources/Themes/LE4/Shell/DefaultC/shellstyle.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
$WINDIR/Resources/Themes/LE4/Shell/NormalColor/shellstyle.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral22
Sample
$WINDIR/Resources/Themes/LE4/Shell/NormalColor/shellstyle.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
$WINDIR/Resources/Themes/Olympic-Torch/Olympic-Torch.dll
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral24
Sample
$WINDIR/Resources/Themes/Olympic-Torch/Olympic-Torch.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
$WINDIR/Resources/Themes/Olympic-Torch/Shell/NormalColor/Shellstyle.dll
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral26
Sample
$WINDIR/Resources/Themes/Olympic-Torch/Shell/NormalColor/Shellstyle.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
$WINDIR/Resources/Themes/Redvista/Redvista_dzART.dll
Resource
win7-20240419-en
windows7-x64
Behavioral task
behavioral28
Sample
$WINDIR/Resources/Themes/Redvista/Redvista_dzART.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
$WINDIR/Resources/Themes/Redvista/Shell/NormalColor/Shellstyle.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral30
Sample
$WINDIR/Resources/Themes/Redvista/Shell/NormalColor/Shellstyle.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
$WINDIR/Resources/Themes/SlanXP4/SlanXP4.dll
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral32
Sample
$WINDIR/Resources/Themes/SlanXP4/SlanXP4.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
General
-
Target
$WINDIR/Resources/Themes/Olympic-Torch/Olympic-Torch.dll
-
Size
1.5MB
-
MD5
913ae4fac9527c6ac9c92270ef961730
-
SHA1
21f2dbabdc6820bec7be6849c37b7d27a8741558
-
SHA256
6c96cbe52ab09913830b7c2f55b7fedc699f12292f8ad56c604eb9bb7d68d18f
-
SHA512
efb566dfff3b8bd5c92a9c0e9221b89ddfe60a6f2371b404c20677ad245ea3d167a70d95a49fded57479de5b4ce9e584c033c71b6f5b9bca54f61eea4800e521
-
SSDEEP
12288:wBjsCVDdsfjsJ1jPBljsUdzWxxO4MqJ5bZKwVf9VcuFUBxL+Jinpjysgjkq3DuL1:lxTr5bMwVf9VxyBxE93G
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2856 wrote to memory of 2904 2856 rundll32.exe 28 PID 2856 wrote to memory of 2904 2856 rundll32.exe 28 PID 2856 wrote to memory of 2904 2856 rundll32.exe 28 PID 2856 wrote to memory of 2904 2856 rundll32.exe 28 PID 2856 wrote to memory of 2904 2856 rundll32.exe 28 PID 2856 wrote to memory of 2904 2856 rundll32.exe 28 PID 2856 wrote to memory of 2904 2856 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$WINDIR\Resources\Themes\Olympic-Torch\Olympic-Torch.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2856 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$WINDIR\Resources\Themes\Olympic-Torch\Olympic-Torch.dll,#12⤵PID:2904
-