Overview
overview
6Static
static
3Wa0Desktop...op.exe
windows7-x64
6Wa0Desktop...op.exe
windows10-2004-x64
6Wa0Desktop...eb.dll
windows7-x64
3Wa0Desktop...eb.dll
windows10-2004-x64
3Wa0Desktop...in.dll
windows7-x64
3Wa0Desktop...in.dll
windows10-2004-x64
3Wa0Desktop...in.dll
windows7-x64
3Wa0Desktop...in.dll
windows10-2004-x64
3Wa0Desktop/stop.bat
windows7-x64
1Wa0Desktop/stop.bat
windows10-2004-x64
1Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
13-09-2024 20:47
Static task
static1
Behavioral task
behavioral1
Sample
Wa0Desktop/Wa0Desktop.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Wa0Desktop/Wa0Desktop.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
Wa0Desktop/res/dlls/wa0web.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
Wa0Desktop/res/dlls/wa0web.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
Wa0Desktop/res/plugin/timer/fsplugin.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
Wa0Desktop/res/plugin/timer/fsplugin.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
Wa0Desktop/res/plugin/webClip/fsplugin.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
Wa0Desktop/res/plugin/webClip/fsplugin.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
Wa0Desktop/stop.bat
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
Wa0Desktop/stop.bat
Resource
win10v2004-20240802-en
General
-
Target
Wa0Desktop/res/dlls/wa0web.dll
-
Size
64KB
-
MD5
06644abecb8596af6c5b7c73027f2010
-
SHA1
38f8880a8652825e8efb7674d6abb162b0cb1a66
-
SHA256
4c6598c4de743cfaa536093f40b5c5fe65fbcbd0b0d2acd2000a965be62cbb7b
-
SHA512
75be2dabf04b5f8a353a3e75cf0aecb794890248f6448af0852d5ac829502d70ddbd7ff5c4376d03c3e12d80f2c48308ecd68461627c60e860a8a1ed62f92a05
-
SSDEEP
384:bLS5a8hFRjah/rzEMyppEJEECazf3SYpNZVMqfPxwUbsdgnt6QPcrr8t:4bRjc/rzE3pp1oL35pzVrfGUzvPY8
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2396 wrote to memory of 2696 2396 rundll32.exe 31 PID 2396 wrote to memory of 2696 2396 rundll32.exe 31 PID 2396 wrote to memory of 2696 2396 rundll32.exe 31 PID 2396 wrote to memory of 2696 2396 rundll32.exe 31 PID 2396 wrote to memory of 2696 2396 rundll32.exe 31 PID 2396 wrote to memory of 2696 2396 rundll32.exe 31 PID 2396 wrote to memory of 2696 2396 rundll32.exe 31
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\Wa0Desktop\res\dlls\wa0web.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2396 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\Wa0Desktop\res\dlls\wa0web.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:2696
-