Analysis Overview
SHA256
3fe0b7957368cdf72a550854e72e11d67fb15a1d49254da1d7d39d94ec5aa6fe
Threat Level: Shows suspicious behavior
The file MARVO M358 mouse setup.[20230506](1).exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Checks installed software on the system
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 14:55
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 14:54
Reported
2024-06-13 14:55
Platform
win10v2004-20240611-en
Max time kernel
15s
Max time network
7s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-LPKIO.tmp\MARVO M358 mouse setup.[20230506](1).tmp | N/A |
| N/A | N/A | C:\Program Files (x86)\MARVO M358 mouse\Gaming Mouse 3.0.exe | N/A |
Checks installed software on the system
Drops file in Program Files directory
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-LPKIO.tmp\MARVO M358 mouse setup.[20230506](1).tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-LPKIO.tmp\MARVO M358 mouse setup.[20230506](1).tmp | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-LPKIO.tmp\MARVO M358 mouse setup.[20230506](1).tmp | N/A |
| N/A | N/A | C:\Program Files (x86)\MARVO M358 mouse\Gaming Mouse 3.0.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\MARVO M358 mouse\Gaming Mouse 3.0.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\MARVO M358 mouse\Gaming Mouse 3.0.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\MARVO M358 mouse\Gaming Mouse 3.0.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\MARVO M358 mouse\Gaming Mouse 3.0.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\MARVO M358 mouse\Gaming Mouse 3.0.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\MARVO M358 mouse\Gaming Mouse 3.0.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\MARVO M358 mouse setup.[20230506](1).exe
"C:\Users\Admin\AppData\Local\Temp\MARVO M358 mouse setup.[20230506](1).exe"
C:\Users\Admin\AppData\Local\Temp\is-LPKIO.tmp\MARVO M358 mouse setup.[20230506](1).tmp
"C:\Users\Admin\AppData\Local\Temp\is-LPKIO.tmp\MARVO M358 mouse setup.[20230506](1).tmp" /SL5="$401C2,3815441,314880,C:\Users\Admin\AppData\Local\Temp\MARVO M358 mouse setup.[20230506](1).exe"
C:\Program Files (x86)\MARVO M358 mouse\Gaming Mouse 3.0.exe
"C:\Program Files (x86)\MARVO M358 mouse\Gaming Mouse 3.0.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| BE | 2.17.107.128:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.107.17.2.in-addr.arpa | udp |
Files
memory/2000-0-0x0000000000400000-0x0000000000457000-memory.dmp
memory/2000-2-0x0000000000401000-0x0000000000412000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-LPKIO.tmp\MARVO M358 mouse setup.[20230506](1).tmp
| MD5 | 2d3f134be86ce48cedc3c8e86b0f755f |
| SHA1 | b0b6aea277b45c26cdc233e771a73dfbe8d2c6a7 |
| SHA256 | f86e7565c99e293a352e04e40a8c13300042f7d7810dbe9573c51f71bc6f9f95 |
| SHA512 | c59d579aa59eb6ef63c6569cfe3385a85119665c7f629beace5e7b948625c5c0565b20909aa31e383c6d9a9a19cdb59300cbba9c87500c37c18c53cd1c47f7ab |
memory/1108-6-0x0000000000400000-0x000000000055D000-memory.dmp
C:\Program Files (x86)\MARVO M358 mouse\skins\is-S2IDM.tmp
| MD5 | aad3b6c3519f0a96f45c44df7694c776 |
| SHA1 | f38dde54b60aa11c6915a802e80f93bfa6bc82cc |
| SHA256 | 53a7d423b30c4c30ae5994c558d1b69acbdd4ab9dbf185e1b7d3d87984a5b113 |
| SHA512 | c6913e08b5f74eb1af6fe89a3f85353f1a55bf220e7571718689f6c3412b9d19bf94074e8995f4711e12b1bb92f4276816acca33e75e1405be88abeeaa6f184b |
C:\Program Files (x86)\MARVO M358 mouse\skins\0_INI_CN\macroReset\is-KROFC.tmp
| MD5 | 42823aa1d29e0f460838537530c27fdd |
| SHA1 | 67d9de2a2967d736e3e8406cdce3e449f308e6d6 |
| SHA256 | e294c86660c8ff04ce280624ac6c410f77243425314f984117af74f958ebd053 |
| SHA512 | 76499351d84030fa36d8e8eed6bc717091a731cf6ab1c412e772925ba3c3e8c2962ec5dc8b36352fe74bad90f1abc1f23f412d3a8b1a44919bca2bf806daec87 |
C:\Program Files (x86)\MARVO M358 mouse\skins\1_INI_EN\is-5F3EE.tmp
| MD5 | c7ac194a9bdd758206ba8f27e692c28c |
| SHA1 | 124a02fee6a2d6798574798803d82930679787c4 |
| SHA256 | 0455836c75b4162aa336649a7a95871112203416d2ab7f82eae68fc48c1e3569 |
| SHA512 | ab3b037dd631c34238ff450c7c0cf2d1982097b83d0f69c82cc85bcdb0b1414ce12b4d1db82d4fb3c09e13cc1578520e0a2d24b385e867833de9382f1f170b77 |
C:\Program Files (x86)\MARVO M358 mouse\skins\1_INI_EN\is-LN6OI.tmp
| MD5 | aaee3adafc19b031a0b02a5271b48ebd |
| SHA1 | 038becd522277cd8e8a1793c0a73d6d2303fb9d4 |
| SHA256 | 066ddaf8e913724736f1de771d9f39a023b4d8d831ac24774cc8fe99fce63c56 |
| SHA512 | 4bfe9554568a1d78d31a7d68c5d7e2f5e7adfcf01b9d90011aff9c6663c2bbdb305dfb57e6d58a9a888135a0aa8bdc3fbcae17dee2f30338b1da3987a444fc8f |
C:\Program Files (x86)\MARVO M358 mouse\skins\1_INI_EN\is-VF1LE.tmp
| MD5 | fae15143f7faed50c175fe01bba808dc |
| SHA1 | 37aa85498eb63e99c6feb9e51a0b8e2e22657730 |
| SHA256 | ccb7fdbee0aac0de4c084a0ae2490e0f548220969621e2298d8bb62bea9ef8bc |
| SHA512 | 121a13638099a90b209a3c2250933d84b279727cdaa19db26fe543e414a87876d170a16cad220b67c880498fd7ab600744921dabf12aed2c45efeeb42d260d6a |
C:\Program Files (x86)\MARVO M358 mouse\skins\1_INI_EN\macro\is-CFF5C.tmp
| MD5 | e86da7ca0068d0cb6c552ff1c2700142 |
| SHA1 | e22e96628eb87f3a52810709c66629071d83bc13 |
| SHA256 | dec4171891a954b8332ec53ffa4207c87c8b07789b12ec45946d80fd7bc25c28 |
| SHA512 | 02b2e3747bff0daa2a433327c28650978f93abb2c9dc0c86237c25f3839d0b0911ad4100a8f0522bd9023fe482d26a2977dccb108e0242c1933e04686eee78ab |
C:\Program Files (x86)\MARVO M358 mouse\skins\config\is-PE3DF.tmp
| MD5 | c92b3ad86ea108c600bdf97623b969b5 |
| SHA1 | 49f7bb9b16fa5177a5d2ccb3c61a933c26434632 |
| SHA256 | 35fd116a76366a0f1871fcf2c47e2fd1eeba0217928c7dc20390f42576892a2b |
| SHA512 | e49ae6e876cf2f535175d55ab69302fb9d240b5c28ddfad2c803c488a2ea1b4d3eedfc5754b7676da448ff71791eca0cc15d17443c31c2e08bb3fa1c3f226bd1 |
C:\Program Files (x86)\MARVO M358 mouse\skins\config\is-GBLTH.tmp
| MD5 | ed48dfcdf4f9d4c262302062547cc712 |
| SHA1 | 5ad9938e0e852700013a5dd24e1d7e08441e2305 |
| SHA256 | 3dac2542ef2df0fdd59fdf296bdd0c7751ecda0aa57a08839817ea303552914f |
| SHA512 | 1c0ec635e37223eb865cd8f7f18b913e319a9d4882ee43de7181250da6c4a9751ad24cf803857a5a92ace045aa024790303371a276ab0c86504ed471fa4a1cee |
C:\Program Files (x86)\MARVO M358 mouse\skins\config\font\is-KQ1ER.tmp
| MD5 | 5673da52c98bb6cb33ada5aaf649703e |
| SHA1 | a18dcbf99c8d2325c2fbf22a64e8cc28a0cf4d3b |
| SHA256 | 16466ef65064e6f3885a6d2806b8949ac1ac38b524dd0cf8fc96565eb4cc28e8 |
| SHA512 | 9728536f1e67069b4c44effc3245d81f61fb79c811a4bd2d3879f57eb220e475dfee0639dbecbe03f411aa8f1e2e84fc38a966ba38982b0b35e2b2a98549583a |
C:\Program Files (x86)\MARVO M358 mouse\skins\MacMenu\is-B3087.tmp
| MD5 | a4825f7ac8461d9d6a90b48475e97279 |
| SHA1 | ff0cb4769c829dfa48c0fa100bc6754ac1f7f6e5 |
| SHA256 | 097931238ce6757b72f26de221ea87cb22e655c61b88333664a91cad30bccd77 |
| SHA512 | 9e5ebdd7e1c9aae4e42f62cb224100637c564820473b05bbdbb0402731e8a4e3110cbc3974d07ca49633d8d6aa18e809ba7e66f361c2e3a204754a80bded2ce4 |
C:\Program Files (x86)\MARVO M358 mouse\skins\MacMenu\is-DSV9P.tmp
| MD5 | ff5ffd33126bd7470978578e03f59181 |
| SHA1 | 6d5156db80170e4847aa0132aaef9b50dcd452f9 |
| SHA256 | 6a0e0b77e36e91a685446b661a42d30910fc14d59efc30c6b85239845417817e |
| SHA512 | 741dbf9a1117a18df56fd9af65543051f7bdb768a4744d304107210f80a7172bfc54e51389b53034ef20896dce79d04c9b4ff4aeb3bd96b85cf09220a1e4c7db |
C:\Program Files (x86)\MARVO M358 mouse\skins\MacMenu\is-H6MBR.tmp
| MD5 | c0e4aa2df74b52c2ef0ffe0dc62f56f9 |
| SHA1 | 562da02df98b7450e08158fdbcf39e8edb6ecd5a |
| SHA256 | 26e89092509c27ce85d2e6202d7c1d1d9d50af0b0b9db48f258b1ec61dd48e16 |
| SHA512 | 85180b791897d483d51ec6b5993d5c6ddc725488fb37266d25bf67c86b02747153850b2c1f1dedda9f0c9d333c6215907e914a0a2a73027f5183631e241072ad |
C:\Program Files (x86)\MARVO M358 mouse\skins\MacMenu\is-RJA23.tmp
| MD5 | e29dd6b507260763c35791f38433ff06 |
| SHA1 | 7436aa9e48eb0fcfff167120441ff3a170bcbb8e |
| SHA256 | 980880feeb902f20a1477023e65dc2829a46dbe3cbc9648536005b19cc9297de |
| SHA512 | b0874ec1b17d96acd979911a5d35f886a0f31bdd5c52d0c3475543dd7017c82d5b4cc5fb07b5619383c0c9ed9c5605f10c4b93eea362f50b7cc644fdb4924445 |
C:\Program Files (x86)\MARVO M358 mouse\Gaming Mouse 3.0.exe
| MD5 | 48b5de558ed287d0e2e6ca61e510e83d |
| SHA1 | b1b4fe460c488f53a83ebb7fb8bd7abff9812661 |
| SHA256 | f736d1262582f031206bc30d0f3e6f528f92fe6cf64bd066ce7de7fc045c30ee |
| SHA512 | 9cb17fa7543a37242c12b7faacb7b1004db8a069b4affdd28dea4a7d74b3628548c50ed3b385128160837708c228d18c02ec790b9a035963cff262a49c90e12d |
C:\Program Files (x86)\MARVO M358 mouse\skins\1_INI_EN\LanguageText.ini
| MD5 | b32e83c49e205feaa725adce59212038 |
| SHA1 | 1f8a35523da218e6717aec32a242ea0bc0a04a15 |
| SHA256 | 22a98a09d61f6a96dc08720e7d2959359055b396e39cf4e0b48c816f27234206 |
| SHA512 | ec2315c18eb629c45e7d5c81761fd0ae9877e91ac38219963e5b3ed36d2d9dab574247c3681578d655e488ab915e8bd5f2a1b91ea1aa5ed5a514543c3de80c14 |
C:\Program Files (x86)\MARVO M358 mouse\skins\1_INI_EN\skin_color.ini
| MD5 | 4b104a9fbd57a415302c9438689582c6 |
| SHA1 | c106da0f57f5c2620bec76697068bc244129004f |
| SHA256 | f7aecdbfc8e622340a316a33ef8141aadcfae6530e66fe525dd720b50208a73f |
| SHA512 | bc1cd6fb73875efed690a50f91149d886a04fd1adaaccc8180b2d7cdf78ebf24a8ad39003f3ab3322d5f73874f9e517fdd3c0003fea8cfef0bf74a1bbc93595b |
C:\Program Files (x86)\MARVO M358 mouse\skins\1_INI_EN\skin_main.ini
| MD5 | 195e097f18e844dd5ec9b4f24d057106 |
| SHA1 | f41df437c709e01d0d8b211bdae3d7f84d494e59 |
| SHA256 | b7ae75ee40a28bb7a17b9ac88e323a01c85ab52c387974a4cbf96d291221ac93 |
| SHA512 | 20c82bb67763537e71bca6493c197a57930979370e350a500204af3ee00a9ec574b05d706590d2b3bf21e43bd8078ec25eeb9e18e6c5745cda57a11e19e55746 |
C:\Program Files (x86)\MARVO M358 mouse\skins\1_INI_EN\skin_advance.ini
| MD5 | 2eec902e29851a380c97bddecfd8506c |
| SHA1 | ddc3e459beb98a6e31405dbe16d9454682cca638 |
| SHA256 | b097b559f0c46f0eb0ad5eb3c216322222042e2a31de21a8e46f7a482cdda10c |
| SHA512 | ba8fa4775846d09c3907d3eeae44baedf3ee1fcb1b6dc9e33b47efa133376395b1c8f6ebb8c33e74f66f75e8ac508f1bfdd540391fbbe92ee69c338a4e91f797 |
C:\Program Files (x86)\MARVO M358 mouse\skins\1_INI_EN\skin_mac.ini
| MD5 | 8cf626cf3ae6ea379d38cac68e6fcca7 |
| SHA1 | 4a035d77d66f58be824fe697d751a443fda0217e |
| SHA256 | 3c41b9e3e455dd314152414f850f00c72a59064284590578fc7552c3ec0ab2be |
| SHA512 | 2a7f832ecc1be330ef71b4b7d66970a021c20736ae4fdb5cc98bb48c100cf3fd4308b3f97533dfdea57fd84812fc6620a6fba237322d851ca4e029cd15c4e551 |
C:\Program Files (x86)\MARVO M358 mouse\skins\main_mask.jpg
| MD5 | 3dda7f2fcda64bc878bfb21fa2344e01 |
| SHA1 | 8bc4e89256458b3d7e12ee495ba9a131c8e95787 |
| SHA256 | 2cb33ba0263b20b4979d9624a203eda7a3776bd0ab8b7aaf258c312f2726e3b8 |
| SHA512 | 8d68e94c3a27501dc05b58a8cc1614129e7ba002011ce6cce2876bb742ff8adfde48a4fe161497643c60b0872d1be5c879e87ac34921341aa7e152dcfd752875 |
memory/1108-644-0x0000000000400000-0x000000000055D000-memory.dmp
memory/2000-645-0x0000000000400000-0x0000000000457000-memory.dmp
C:\Program Files (x86)\MARVO M358 mouse\skins\warning_mask.jpg
| MD5 | 5c8ca7356300dd95250947231a672ddc |
| SHA1 | f2e147e48c72ed903c5f7eeb39e65e64316fb8ed |
| SHA256 | 2fdac0d0f7d69d23d324ee4eb0470bdba0ac71f4877052f45f4348113f7bfc2e |
| SHA512 | fdb2fa9cbd07202ff8bcb92c17c88988ceb317e5f236e0d300c6b7782150d14cd3909ca2fe0aeb7d91e864e5720c065fe521f32e9d8cb0d35cb1a8723ebb0516 |
C:\Program Files (x86)\MARVO M358 mouse\skins\warning_over.jpg
| MD5 | 63ae1e3592b07f24c4c23c576f0b7720 |
| SHA1 | bf5c850a7235ea2368baa7357443c9340d2bc326 |
| SHA256 | 64a533967ee01c5d8244199846469be422b6c8acfe4c26e64b62b2b9e6f302eb |
| SHA512 | 73fa399ff9fd9d3ad07b93f36a1e5dd3014c5c270e6c307a579cd7530765bfce4d7bf8bdf430fee83ec45203779cc5071d8f241c49768d07d796fbaf8c0d4c3e |
C:\Program Files (x86)\MARVO M358 mouse\skins\warning_normal.jpg
| MD5 | af2ee8465e40188de4f382f3f52983f2 |
| SHA1 | cfa7e0f8688e498cb6f46afe127906267e11d06a |
| SHA256 | 059c38c55f569c5ebe9580e24c7504556de860eea2d2eea318508010bb13e091 |
| SHA512 | 3c3e77094392485617f9959b4f789ee51b798534327baadc4bf9e97b0ba285cf6da77222f1e7b7df8adabbd87ea0b92cd753d59f8e87a62cd0a28dc29a6fd609 |