a991a97f4c58a1f712d18abe64d3c377b915ffa5dda963190711f8a9d82c58d9

Resubmissions

10-05-2023 00:40

230510-a1fvrafd5y 7

26-04-2023 00:05

230426-adcjtaff9z 7

Analysis

max time kernel
140s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2023 00:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Redragon_K552RGB-1_Mechanical_Keyboard.exe
Size

5.8MB
MD5

d72e60caa7e65e1e8d309870c0d8f25c
SHA1

ccd98d2da47c8f30365d4f54fa13897f05cbda50
SHA256

a991a97f4c58a1f712d18abe64d3c377b915ffa5dda963190711f8a9d82c58d9
SHA512

a98733a9239b2f427134d7b950b06f6deedb91dd1897243617f64f5b6a541e7087831cf522799a72e2b4d80781805bcb62321777c40ab84c9869feea09f8e1b8
SSDEEP

98304:/ow1bvsnWVMVpLgmrI+8nOXM7PflY9Tb5ievxBKk1kj1x:/BsfpLHI+3WG5Eep9kj1x

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4848	ISBEW64.exe

Loads dropped DLL 8 IoCs

pid	Process
1748	Redragon_K552RGB-1_Mechanical_Keyboard.exe
1748	Redragon_K552RGB-1_Mechanical_Keyboard.exe
1748	Redragon_K552RGB-1_Mechanical_Keyboard.exe
1748	Redragon_K552RGB-1_Mechanical_Keyboard.exe
1748	Redragon_K552RGB-1_Mechanical_Keyboard.exe
1748	Redragon_K552RGB-1_Mechanical_Keyboard.exe
1748	Redragon_K552RGB-1_Mechanical_Keyboard.exe
1748	Redragon_K552RGB-1_Mechanical_Keyboard.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1748 wrote to memory of 4848	1748	Redragon_K552RGB-1_Mechanical_Keyboard.exe	83
PID 1748 wrote to memory of 4848	1748	Redragon_K552RGB-1_Mechanical_Keyboard.exe	83

C:\Users\Admin\AppData\Local\Temp\Redragon_K552RGB-1_Mechanical_Keyboard.exe
"C:\Users\Admin\AppData\Local\Temp\Redragon_K552RGB-1_Mechanical_Keyboard.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1748
- C:\Users\Admin\AppData\Local\Temp\{D9F7C926-9617-48AB-8DC9-EB458F6086C6}\ISBEW64.exe
  C:\Users\Admin\AppData\Local\Temp\{D9F7C926-9617-48AB-8DC9-EB458F6086C6}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E9AA5C10-0097-4225-B27C-238738D17136}
  2⤵
  - Executes dropped EXE
  PID:4848

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\{7407EDA1-2EA2-4288-9E0E-21BDD2D35AA2}\Disk1\ISSetup.dll

Filesize
542KB

MD5
2dd1c4a68e2a8a401018f5efdab5adde

SHA1
13fc964947516230c70d38281d0312bc1afe13c0

SHA256
7c173cdaea8e3a3cc95b7196681cb904f3996f81289d5890b30f38c99eba45ae

SHA512
c69f3e46d36e07e6093f66cf072c83fc8c7249ff86c9cd84168ee46dbb7a621d562cee7de5685b408bd5f71889d6433e99ff8045955e5b8ab2c9eeb71941d165

Download Submit
C:\Users\Admin\AppData\Local\Temp\{7407EDA1-2EA2-4288-9E0E-21BDD2D35AA2}\Disk1\ISSetup.dll

Filesize
542KB

MD5
2dd1c4a68e2a8a401018f5efdab5adde

SHA1
13fc964947516230c70d38281d0312bc1afe13c0

SHA256
7c173cdaea8e3a3cc95b7196681cb904f3996f81289d5890b30f38c99eba45ae

SHA512
c69f3e46d36e07e6093f66cf072c83fc8c7249ff86c9cd84168ee46dbb7a621d562cee7de5685b408bd5f71889d6433e99ff8045955e5b8ab2c9eeb71941d165

Download Submit
C:\Users\Admin\AppData\Local\Temp\{7407EDA1-2EA2-4288-9E0E-21BDD2D35AA2}\Disk1\ISSetup.dll

Filesize
542KB

MD5
2dd1c4a68e2a8a401018f5efdab5adde

SHA1
13fc964947516230c70d38281d0312bc1afe13c0

SHA256
7c173cdaea8e3a3cc95b7196681cb904f3996f81289d5890b30f38c99eba45ae

SHA512
c69f3e46d36e07e6093f66cf072c83fc8c7249ff86c9cd84168ee46dbb7a621d562cee7de5685b408bd5f71889d6433e99ff8045955e5b8ab2c9eeb71941d165

Download Submit
C:\Users\Admin\AppData\Local\Temp\{7407EDA1-2EA2-4288-9E0E-21BDD2D35AA2}\_Setup.dll

Filesize
153KB

MD5
7d0a617a8820e4615d3af7012938214c

SHA1
625dc413c271403512e77cbc15eac534a78b5522

SHA256
f8ccb1f1bf5c6d066056c67644b43b561f994a909f2d0d4c53071016f2dccd1e

SHA512
67c3e2c71c07022575e92ad0038e95dd1899311f680fe7dd7296a2dddb2e4235a8b5962e4b00679992917e3a93fa719337f8f5ec317d1fe493d992e4f27b2869

Download Submit
C:\Users\Admin\AppData\Local\Temp\{7407EDA1-2EA2-4288-9E0E-21BDD2D35AA2}\_Setup.dll

Filesize
153KB

MD5
7d0a617a8820e4615d3af7012938214c

SHA1
625dc413c271403512e77cbc15eac534a78b5522

SHA256
f8ccb1f1bf5c6d066056c67644b43b561f994a909f2d0d4c53071016f2dccd1e

SHA512
67c3e2c71c07022575e92ad0038e95dd1899311f680fe7dd7296a2dddb2e4235a8b5962e4b00679992917e3a93fa719337f8f5ec317d1fe493d992e4f27b2869

Download Submit
C:\Users\Admin\AppData\Local\Temp\{7407EDA1-2EA2-4288-9E0E-21BDD2D35AA2}\_Setup.dll

Filesize
153KB

MD5
7d0a617a8820e4615d3af7012938214c

SHA1
625dc413c271403512e77cbc15eac534a78b5522

SHA256
f8ccb1f1bf5c6d066056c67644b43b561f994a909f2d0d4c53071016f2dccd1e

SHA512
67c3e2c71c07022575e92ad0038e95dd1899311f680fe7dd7296a2dddb2e4235a8b5962e4b00679992917e3a93fa719337f8f5ec317d1fe493d992e4f27b2869

Download Submit
C:\Users\Admin\AppData\Local\Temp\{7407EDA1-2EA2-4288-9E0E-21BDD2D35AA2}\setup.ini

Filesize
518B

MD5
a8205272bf9fc388990573541b17d61a

SHA1
0d07b7d41e6f73a41de8d78191640362a7c4a3f3

SHA256
d51862f4eb722609936cc29588297c6bfa278464e6f8bfcc575d4a332026819f

SHA512
db6d995ec54fbd336d7855e7772f44605aa89d4a25d810570a3da98242f55aeb2e052e516951402c4ee7e73c8a94fc2bbeae23af62934817b8e89fb08c6711d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\{D9F7C926-9617-48AB-8DC9-EB458F6086C6}\ISBEW64.exe

Filesize
114KB

MD5
2a276ba2b7782476302c59d0f760f4bc

SHA1
43bbb884a7b65534c417ae5a3f3f17f7e80e2f7d

SHA256
d3294cc8c750c4bd63016e87e9d2c53a501c173567f4edb9a3c6f1bd9836064a

SHA512
6bed8d3291ed422aed187637838bfb957ea59c772be3bc52c12242474712f411e174afe55ed6955b910a8ce3635f1552260063cf6db428a4e34bc76a4e3e01f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\{D9F7C926-9617-48AB-8DC9-EB458F6086C6}\ISBEW64.exe

Filesize
114KB

MD5
2a276ba2b7782476302c59d0f760f4bc

SHA1
43bbb884a7b65534c417ae5a3f3f17f7e80e2f7d

SHA256
d3294cc8c750c4bd63016e87e9d2c53a501c173567f4edb9a3c6f1bd9836064a

SHA512
6bed8d3291ed422aed187637838bfb957ea59c772be3bc52c12242474712f411e174afe55ed6955b910a8ce3635f1552260063cf6db428a4e34bc76a4e3e01f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\{D9F7C926-9617-48AB-8DC9-EB458F6086C6}\{A71AC821-8709-4EAD-96A4-47782176B1BB}\DIFxData.ini

Filesize
86B

MD5
10baa5b67536f4433f37534b9c8bb828

SHA1
82e5c34b1279afda223b639b49078d03c52875f5

SHA256
1b9fd5c1f18357bd459be20bfcbf47ee18fa0c5d5cc42f6aed2705d5868b65f4

SHA512
49c6798ebb3b6137cafb78b88350d02094367523dcf8f9e580de1941e514b8b3df786d1d817090e5dab80ac4d0d015796b2ce28b296db31d111e0d0bbaeebb37

Download Submit
C:\Users\Admin\AppData\Local\Temp\{D9F7C926-9617-48AB-8DC9-EB458F6086C6}\{A71AC821-8709-4EAD-96A4-47782176B1BB}\FontData.ini

Filesize
39B

MD5
00f313e3e007599349a0c4d81c7807c4

SHA1
f0171f15aab836a1979d3833e46b5e59e4ea32e0

SHA256
766ee687d90b0217eb41cb85aca04375bdc24db986a33536631f864b7ce1a08a

SHA512
8bb25a62c0b1640dec36403a493ed54c05f7cde7b7357c8faea785a79c4b76bbe6a3d6fe78db52b558a37abac90c2b2e8b13868a76294554d51670e9fa8764ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\{D9F7C926-9617-48AB-8DC9-EB458F6086C6}\{A71AC821-8709-4EAD-96A4-47782176B1BB}\VASData.ini

Filesize
30B

MD5
b16ff78e4420d4049da82fffe3026d31

SHA1
612be1fde59d3d4534a4d8e0947b65060ed6146b

SHA256
029f695d7a558a0070bdb42c07d35c7ae436fbd0688079b7ada58093505d9579

SHA512
8042f5a1f12ef644b7def42c52c90a252ff4a6c099956530cff8147daf2edd8934f5bc79bb560f550d47755fead71a1d0fbe7d52fdc0fb30a0ad64471beaaf7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{D9F7C926-9617-48AB-8DC9-EB458F6086C6}\{A71AC821-8709-4EAD-96A4-47782176B1BB}\_IsRes.dll

Filesize
545KB

MD5
936570437cdd944172b100e677603523

SHA1
97e56b29733846d4ffef7791830f3e9ae355783a

SHA256
682e00f308be80c69172b0e7d76f2ed555b7838be7b7f61774687aa1cdf1ce8b

SHA512
d357c39570079e2ce64c0affb0c33b46033c41244df9812e69b7bff7cc75287ea103bbe27dc7ae775b41d4a2dc0fe1088ad04369b6b435dbdb5ef70145ab9df4

Download Submit
C:\Users\Admin\AppData\Local\Temp\{D9F7C926-9617-48AB-8DC9-EB458F6086C6}\{A71AC821-8709-4EAD-96A4-47782176B1BB}\_IsRes.dll

Filesize
545KB

MD5
936570437cdd944172b100e677603523

SHA1
97e56b29733846d4ffef7791830f3e9ae355783a

SHA256
682e00f308be80c69172b0e7d76f2ed555b7838be7b7f61774687aa1cdf1ce8b

SHA512
d357c39570079e2ce64c0affb0c33b46033c41244df9812e69b7bff7cc75287ea103bbe27dc7ae775b41d4a2dc0fe1088ad04369b6b435dbdb5ef70145ab9df4

Download Submit
C:\Users\Admin\AppData\Local\Temp\{D9F7C926-9617-48AB-8DC9-EB458F6086C6}\{A71AC821-8709-4EAD-96A4-47782176B1BB}\_IsRes.dll

Filesize
545KB

MD5
936570437cdd944172b100e677603523

SHA1
97e56b29733846d4ffef7791830f3e9ae355783a

SHA256
682e00f308be80c69172b0e7d76f2ed555b7838be7b7f61774687aa1cdf1ce8b

SHA512
d357c39570079e2ce64c0affb0c33b46033c41244df9812e69b7bff7cc75287ea103bbe27dc7ae775b41d4a2dc0fe1088ad04369b6b435dbdb5ef70145ab9df4

Download Submit
C:\Users\Admin\AppData\Local\Temp\{D9F7C926-9617-48AB-8DC9-EB458F6086C6}\{A71AC821-8709-4EAD-96A4-47782176B1BB}\isrt.dll

Filesize
217KB

MD5
0f68d760fb480a1b039ca7d6b877d24c

SHA1
259d101a49646c3abe17114111ff9aa7df1b8fc2

SHA256
5974ce20a780d384383cfc24af4dc62bc22ca67ce1d76ea9981c42631480ab63

SHA512
d551553ceca5b9ba86f7422893df78ce71167096cbeae65319c344abf57601e8e6c8f9779a9a45ed28ce32c3e1c477b843d8ad4437e0643c0fabf56ab7f586d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\{D9F7C926-9617-48AB-8DC9-EB458F6086C6}\{A71AC821-8709-4EAD-96A4-47782176B1BB}\isrt.dll

Filesize
217KB

MD5
0f68d760fb480a1b039ca7d6b877d24c

SHA1
259d101a49646c3abe17114111ff9aa7df1b8fc2

SHA256
5974ce20a780d384383cfc24af4dc62bc22ca67ce1d76ea9981c42631480ab63

SHA512
d551553ceca5b9ba86f7422893df78ce71167096cbeae65319c344abf57601e8e6c8f9779a9a45ed28ce32c3e1c477b843d8ad4437e0643c0fabf56ab7f586d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\{D9F7C926-9617-48AB-8DC9-EB458F6086C6}\{A71AC821-8709-4EAD-96A4-47782176B1BB}\isrt.dll

Filesize
217KB

MD5
0f68d760fb480a1b039ca7d6b877d24c

SHA1
259d101a49646c3abe17114111ff9aa7df1b8fc2

SHA256
5974ce20a780d384383cfc24af4dc62bc22ca67ce1d76ea9981c42631480ab63

SHA512
d551553ceca5b9ba86f7422893df78ce71167096cbeae65319c344abf57601e8e6c8f9779a9a45ed28ce32c3e1c477b843d8ad4437e0643c0fabf56ab7f586d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\{D9F7C926-9617-48AB-8DC9-EB458F6086C6}\{A71AC821-8709-4EAD-96A4-47782176B1BB}\setup.inx

Filesize
227KB

MD5
0b751177573c8b6231c70e10a5b59599

SHA1
5488cc1e0560d6f52332b414bc6ab34bc39512d6

SHA256
b4b7711ef9dd7395985acc080d239c24892affb9dc846aca0c9fd66995f2693c

SHA512
b462691787403127a421b1a936cddfebc18cd1e55ed46575a1bf50bc45d32de0b9a1e6891c74bea877c2d7919fe37a726b32827b257bc3d2927d9666cf614eb3

Download Submit
memory/1748-233-0x00000000051F0000-0x0000000005279000-memory.dmp

Filesize
548KB

Download
memory/1748-228-0x0000000002320000-0x0000000002322000-memory.dmp

Filesize
8KB

Download
memory/1748-227-0x0000000004F40000-0x0000000004FC8000-memory.dmp

Filesize
544KB

Download
memory/1748-161-0x0000000000AA0000-0x0000000000AA2000-memory.dmp

Filesize
8KB

Download
memory/1748-160-0x00000000027A0000-0x000000000293A000-memory.dmp

Filesize
1.6MB

Download
memory/1748-260-0x00000000027A0000-0x000000000293A000-memory.dmp

Filesize
1.6MB

Download
memory/1748-261-0x0000000004F40000-0x0000000004FC8000-memory.dmp

Filesize
544KB

Download