Analysis
-
max time kernel
502s -
max time network
512s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
19-06-2024 07:34
Behavioral task
behavioral1
Sample
UniqueStudio RCON.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
UniqueStudio RCON.pyc
Resource
win10v2004-20240611-en
General
-
Target
UniqueStudio RCON.exe
-
Size
35.9MB
-
MD5
5e9a51b0802bdc23c8fc5aa7fcfaab06
-
SHA1
60dbcbbc5c8b43cb7da7eaff001deb4affea47dc
-
SHA256
f239037a3b0b29773a9519c2c5dff44c4e11210560cf3585b2a535e8b401887e
-
SHA512
2676c0f3aa1376a5aba155d2a04ff972e6a3cc379e3f13f7e44e5fe7bdc15461f6c240025d382080f16461336206d88b2fdbf9bc24618bb70ceca9b0ec5ad24d
-
SSDEEP
786432:x+gX4BMdhwzTQXR5FbPp6FcSS5U/LT2KzVyPVL9jvzVSPZW+e5Jz9M:zXGMK4XR3bLSCU/+6yPlhvhSPZW+ePq
Malware Config
Signatures
-
Loads dropped DLL 34 IoCs
Processes:
UniqueStudio RCON.exepid process 3332 UniqueStudio RCON.exe 3332 UniqueStudio RCON.exe 3332 UniqueStudio RCON.exe 3332 UniqueStudio RCON.exe 3332 UniqueStudio RCON.exe 3332 UniqueStudio RCON.exe 3332 UniqueStudio RCON.exe 3332 UniqueStudio RCON.exe 3332 UniqueStudio RCON.exe 3332 UniqueStudio RCON.exe 3332 UniqueStudio RCON.exe 3332 UniqueStudio RCON.exe 3332 UniqueStudio RCON.exe 3332 UniqueStudio RCON.exe 3332 UniqueStudio RCON.exe 3332 UniqueStudio RCON.exe 3332 UniqueStudio RCON.exe 3332 UniqueStudio RCON.exe 3332 UniqueStudio RCON.exe 3332 UniqueStudio RCON.exe 3332 UniqueStudio RCON.exe 3332 UniqueStudio RCON.exe 3332 UniqueStudio RCON.exe 3332 UniqueStudio RCON.exe 3332 UniqueStudio RCON.exe 3332 UniqueStudio RCON.exe 3332 UniqueStudio RCON.exe 3332 UniqueStudio RCON.exe 3332 UniqueStudio RCON.exe 3332 UniqueStudio RCON.exe 3332 UniqueStudio RCON.exe 3332 UniqueStudio RCON.exe 3332 UniqueStudio RCON.exe 3332 UniqueStudio RCON.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
UniqueStudio RCON.exepid process 3332 UniqueStudio RCON.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
UniqueStudio RCON.exepid process 3332 UniqueStudio RCON.exe -
Suspicious use of WriteProcessMemory 2 IoCs
Processes:
UniqueStudio RCON.exedescription pid process target process PID 2012 wrote to memory of 3332 2012 UniqueStudio RCON.exe UniqueStudio RCON.exe PID 2012 wrote to memory of 3332 2012 UniqueStudio RCON.exe UniqueStudio RCON.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\UniqueStudio RCON.exe"C:\Users\Admin\AppData\Local\Temp\UniqueStudio RCON.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2012 -
C:\Users\Admin\AppData\Local\Temp\UniqueStudio RCON.exe"C:\Users\Admin\AppData\Local\Temp\UniqueStudio RCON.exe"2⤵
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3332
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4316
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
576KB
MD501b946a2edc5cc166de018dbb754b69c
SHA1dbe09b7b9ab2d1a61ef63395111d2eb9b04f0a46
SHA25688f55d86b50b0a7e55e71ad2d8f7552146ba26e927230daf2e26ad3a971973c5
SHA51265dc3f32faf30e62dfdecb72775df870af4c3a32a0bf576ed1aaae4b16ac6897b62b19e01dc2bf46f46fbe3f475c061f79cbe987eda583fee1817070779860e5
-
Filesize
30KB
MD50fe6d52eb94c848fe258dc0ec9ff4c11
SHA195cc74c64ab80785f3893d61a73b8a958d24da29
SHA256446c48c1224c289bd3080087fe15d6759416d64f4136addf30086abd5415d83f
SHA512c39a134210e314627b0f2072f4ffc9b2ce060d44d3365d11d8c1fe908b3b9403ebdd6f33e67d556bd052338d0ed3d5f16b54d628e8290fd3a155f55d36019a86
-
Filesize
5.7MB
MD5817520432a42efa345b2d97f5c24510e
SHA1fea7b9c61569d7e76af5effd726b7ff6147961e5
SHA2568d2ff4ce9096ddccc4f4cd62c2e41fc854cfd1b0d6e8d296645a7f5fd4ae565a
SHA5128673b26ec5421fce8e23adf720de5690673bb4ce6116cb44ebcc61bbbef12c0ad286dfd675edbed5d8d000efd7609c81aae4533180cf4ec9cd5316e7028f7441
-
Filesize
6.7MB
MD547307a1e2e9987ab422f09771d590ff1
SHA10dfc3a947e56c749a75f921f4a850a3dcbf04248
SHA2565e7d2d41b8b92a880e83b8cc0ca173f5da61218604186196787ee1600956be1e
SHA51221b1c133334c7ca7bbbe4f00a689c580ff80005749da1aa453cceb293f1ad99f459ca954f54e93b249d406aea038ad3d44d667899b73014f884afdbd9c461c14
-
Filesize
5.2MB
MD54cd1f8fdcd617932db131c3688845ea8
SHA1b090ed884b07d2d98747141aefd25590b8b254f9
SHA2563788c669d4b645e5a576de9fc77fca776bf516d43c89143dc2ca28291ba14358
SHA5127d47d2661bf8fac937f0d168036652b7cfe0d749b571d9773a5446c512c58ee6bb081fec817181a90f4543ebc2367c7f8881ff7f80908aa48a7f6bb261f1d199
-
Filesize
43KB
MD56bc084255a5e9eb8df2bcd75b4cd0777
SHA1cf071ad4e512cd934028f005cabe06384a3954b6
SHA2561f0f5f2ce671e0f68cf96176721df0e5e6f527c8ca9cfa98aa875b5a3816d460
SHA512b822538494d13bda947655af791fed4daa811f20c4b63a45246c8f3befa3ec37ff1aa79246c89174fe35d76ffb636fa228afa4bda0bd6d2c41d01228b151fd89
-
Filesize
40KB
MD5313f89994f3fea8f67a48ee13359f4ba
SHA18c7d4509a0caa1164cc9415f44735b885a2f3270
SHA25642dde60befcf1d9f96b8366a9988626b97d7d0d829ebea32f756d6ecd9ea99a8
SHA51206e5026f5db929f242104a503f0d501a9c1dc92973dd0e91d2daf5b277d190082de8d37ace7edf643c70aa98bb3d670defe04ce89b483da4f34e629f8ed5fecf
-
Filesize
38KB
MD552fd90e34fe8ded8e197b532bd622ef7
SHA1834e280e00bae48a9e509a7dc909bea3169bdce2
SHA25636174dd4c5f37c5f065c7a26e0ac65c4c3a41fdc0416882af856a23a5d03bb9d
SHA512ef3fb3770808b3690c11a18316b0c1c56c80198c1b1910e8aa198df8281ba4e13dc9a6179bb93a379ad849304f6bb934f23e6bbd3d258b274cc31856de0fc12b
-
Filesize
43KB
MD5ad84af4d585643ff94bfa6de672b3284
SHA15d2df51028fbeb7f6b52c02add702bc3fa781e08
SHA256f4a229a082d16f80016f366156a2b951550f1e9df6d4177323bbedd92a429909
SHA512b68d83a4a1928eb3390deb9340cb27b8a3eb221c2e0be86211ef318b4dd34b37531ca347c73cce79a640c5b06fbd325e10f8c37e0cee2581f22abfbff5cc0d55
-
Filesize
37KB
MD5a9abd4329ca364d4f430eddcb471be59
SHA1c00a629419509929507a05aebb706562c837e337
SHA2561982a635db9652304131c9c6ff9a693e70241600d2ef22b354962aa37997de0b
SHA512004ea8ae07c1a18b0b461a069409e4061d90401c8555dd23dbf164a08e96732f7126305134bfaf8b65b0406315f218e05b5f0f00bedb840fb993d648ce996756
-
Filesize
411KB
MD516abcceb70ba20e73858e8f1912c05cd
SHA14b3a32b166ab5bbbee229790fdae9cbc84f936ba
SHA256fb4e980cb5fafa8a4cd4239329aed93f7c32ed939c94b61fb2df657f3c6ad158
SHA5123e5c83967bf31c9b7f1720059dd51aa4338e518b076b0461541c781b076135e9cb9cbceb13a8ec9217104517fbcc356bdd3ffaca7956d1c939e43988151f6273
-
Filesize
31KB
MD5c0de135782fa0235a0ea8e97898eaf2a
SHA1fcf5fd99239bf4e0b17b128b0ebec144c7a17de2
SHA256b3498f0a10ac4cb42cf7213db4944a34594ff36c78c50a0f249c9085d1b1ff39
SHA5127bd5f90ccab3cf50c55eaf14f7ef21e05d3c893fa7ac9846c6ca98d6e6d177263ac5eb8a85a34501bcfca0da7f0b6c39769726f4090fca2231ee64869b81cf0b
-
Filesize
30KB
MD5a913276fa25d2e6fd999940454c23093
SHA1785b7bc7110218ec0e659c0e5ace9520aa451615
SHA2565b641dec81aec1cf7ac0cce9fc067bb642fbd32da138a36e3bdac3bb5b36c37a
SHA512cebe48e6e6c5cdf8fc339560751813b8de11d2471a3dab7d648df5b313d85735889d4e704e8eec0ad1084ab43be0ebdfbacd038aeac46d7a951efb3a7ce838eb
-
Filesize
380KB
MD59c0acf12d3d25384868dcd81c787f382
SHA1c6e877aba3fb3d2f21d86be300e753e23bb0b74e
SHA256825174429ced6b3dab18115dbc6c9da07bf5248c86ec1bd5c0dcaeca93b4c22d
SHA51245594fa3c5d7c4f26325927bb8d51b0b88e162e3f5e7b7f39a5d72437606383e9fdc8f83a77f814e45aff254914514ae52c1d840a6c7b98767f362ed3f4fc5bd
-
Filesize
824KB
MD52f6d88f8ec3047deaf174002228219ab
SHA1eb7242bb0fe74ea78a17d39c76310a7cdd1603a8
SHA25605d1e7364dd2a672df3ca44dd6fd85bed3d3dc239dcfe29bfb464f10b4daa628
SHA5120a895ba11c81af14b5bd1a04a450d6dcca531063307c9ef076e9c47bd15f4438837c5d425caee2150f3259691f971d6ee61154748d06d29e4e77da3110053b54
-
Filesize
736KB
MD56407499918557594916c6ab1ffef1e99
SHA15a57c6b3ffd51fc5688d5a28436ad2c2e70d3976
SHA25654097626faae718a4bc8e436c85b4ded8f8fb7051b2b9563a29aee4ed5c32b7b
SHA5128e8abb563a508e7e75241b9720a0e7ae9c1a59dd23788c74e4ed32a028721f56546792d6cca326f3d6aa0a62fdedc63bf41b8b74187215cd3b26439f40233f4d
-
Filesize
470KB
MD51edcb08c16d30516483a4cbb7d81e062
SHA14760915f1b90194760100304b8469a3b2e97e2bc
SHA2569c3b2fa2383eeed92bb5810bdcf893ae30fa654a30b453ab2e49a95e1ccf1631
SHA5120a923495210b2dc6eb1acedaf76d57b07d72d56108fd718bd0368d2c2e78ae7ac848b90d90c8393320a3d800a38e87796965afd84da8c1df6c6b244d533f0f39
-
Filesize
1.4MB
MD54931fcd0e86c4d4f83128dc74e01eaad
SHA1ac1d0242d36896d4dda53b95812f11692e87d8df
SHA2563333ba244c97264e3bd19db5953efa80a6e47aaced9d337ac3287ec718162b85
SHA5120396bccda43856950afe4e7b16e0f95d4d48b87473dc90cf029e6ddfd0777e1192c307cfe424eae6fb61c1b479f0ba1ef1e4269a69c843311a37252cf817d84d
-
Filesize
66KB
MD5f66f6e9eda956f72e3bb113407035e61
SHA197328524da8e82f5f92878f1c0421b38ecec1e6c
SHA256e23fbc1bec6ceedfa9fd305606a460d9cac5d43a66d19c0de36e27632fddd952
SHA5127ff76e83c8d82016ab6bd349f10405f30deebe97e8347c6762eb71a40009f9a2978a0d8d0c054cf7a3d2d377563f6a21b97ddefd50a9ac932d43cc124d7c4918
-
Filesize
140KB
MD553a85f51054b7d58d8ad7c36975acb96
SHA1893a757ca01472a96fb913d436aa9f8cfb2a297f
SHA256d9b21182952682fe7ba63af1df24e23ace592c35b3f31eceef9f0eabeb5881b9
SHA51235957964213b41f1f21b860b03458404fbf11daf03d102fbea8c2b2f249050cefbb348edc3f22d8ecc3cb8abfdc44215c2dc9da029b4f93a7f40197bd0c16960
-
Filesize
2.4MB
MD5d6d51c8f5e381cbba49d54e507a41220
SHA186deaab67d3fc4e26bc81db89faec720a5d8a3a4
SHA2565a2aed6f96abec6905e6a36d33bc00d2c23e13f6333ea0545a32ab57b33a7c47
SHA5123b3b386d3d0a8865348a574740473325a1a7deac6a9b767fbca253e1de90412aa76e4e9b36d9586f3307f10ee567adb34d85bf21751e568e86ec66683131fbf0
-
Filesize
2.4MB
MD5a931566050607d6a9feb94cef82672d9
SHA1405a7e907631efef51bea7952d4d725b6402d5a2
SHA2568c425d163b0c650cb8dc4662625de4998bed2ad9a3f2e04a8664e2e72a69f845
SHA512263a23f1346ecf1a042f3c697c8f40aefb99e134c06ee87edeef47c170e7113327a9c51143af83e4fa1589970f22c2606bf6f4bb4ebff7be3ee3e3acfde4a258
-
Filesize
4.9MB
MD59cde8433816662eaeb762c8e6fe77e6b
SHA1d9d69268af89c4134ed94c768baedd6abbce7557
SHA256e732f15729fa69c3067dc33abb60e241570398aa9ab3359d9ff2a9714d1a1e4c
SHA5123f6dfc0fdc9eeb4f5d041aaf5d0420091f7230bf60796e979503d345ce9a74e0f23dd229c31207221c8509bab1edde616ff9803776708a5b4097a7338d372c54
-
Filesize
117KB
MD55377602344083cca28f03caa6442c699
SHA19bdb21e90dfde0f92889da296c3d6c06dbf5be3e
SHA2564e1a8a32a84dd2098eea849a804885ce7cd0fb7c6fa3513f1cb60bc4e7578171
SHA512fdc735ffcdd929ee0a9f8436ef6ba17598c4675b83a390b5a4ab6a5b42cc95a3dad6d449e3202d7a4156c76f0deff43d46e78421d0d22e061112cee4ef6227eb
-
Filesize
106KB
MD54585a96cc4eef6aafd5e27ea09147dc6
SHA1489cfff1b19abbec98fda26ac8958005e88dd0cb
SHA256a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736
SHA512d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286
-
Filesize
48KB
MD57e668ab8a78bd0118b94978d154c85bc
SHA1dbac42a02a8d50639805174afd21d45f3c56e3a0
SHA256e4b533a94e02c574780e4b333fcf0889f65ed00d39e32c0fbbda2116f185873f
SHA51272bb41db17256141b06e2eaeb8fc65ad4abdb65e4b5f604c82b9e7e7f60050734137d602e0f853f1a38201515655b6982f2761ee0fa77c531aa58591c95f0032
-
Filesize
82KB
MD5c7ce973f261f698e3db148ccad057c96
SHA159809fd48e8597a73211c5df64c7292c5d120a10
SHA25602d772c03704fe243c8de2672c210a5804d075c1f75e738d6130a173d08dfcde
SHA512a924750b1825747a622eef93331fd764d824c954297e37e8dc93a450c11aa7ab3ad7c3b823b11656b86e64de3cd5d409fda15db472488dfaa4bb50341f0b29d1
-
Filesize
247KB
MD521c73e7e0d7dad7a1fe728e3b80ce073
SHA17b363af01e83c05d0ea75299b39c31d948bbfe01
SHA256a28c543976aa4b6d37da6f94a280d72124b429f458d0d57b7dbcf71b4bea8f73
SHA5120357102bffc2ec2bc6ff4d9956d6b8e77ed8558402609e558f1c1ebc1baca6aeaa5220a7781a69b783a54f3e76362d1f74d817e4ee22aac16c7f8c86b6122390
-
Filesize
63KB
MD5f495d1897a1b52a2b15c20dcecb84b47
SHA18cb65590a8815bda58c86613b6386b5982d9ec3f
SHA256e47e76d70d508b62924fe480f30e615b12fdd7745c0aac68a2cddabd07b692ae
SHA512725d408892887bebd5bcf040a0ecc6a4e4b608815b9dea5b6f7b95c812715f82079896df33b0830c9f787ffe149b8182e529bb1f78aadd89df264cf8853ee4c4
-
Filesize
155KB
MD54e2239ece266230ecb231b306adde070
SHA1e807a078b71c660db10a27315e761872ffd01443
SHA25634130d8abe27586ee315262d69af4e27429b7eab1f3131ea375c2bb62cf094be
SHA51286e6a1eab3529e600dd5caab6103e34b0f618d67322a5ecf1b80839faa028150c492a5cf865a2292cc8584fba008955da81a50b92301583424401d249c5f1401
-
Filesize
81KB
MD5899380b2d48df53414b974e11bb711e3
SHA1f1d11f7e970a7cd476e739243f8f197fcb3ad590
SHA256b38e66e6ee413e5955ef03d619cadd40fca8be035b43093d2342b6f3739e883e
SHA5127426ca5e7a404b9628e2966dae544f3e8310c697145567b361825dc0b5c6cd87f2caf567def8cd19e73d68643f2f38c08ff4ff0bb0a459c853f241b8fdf40024
-
Filesize
173KB
MD59b4e74fd1de0f8a197e4aa1e16749186
SHA1833179b49eb27c9474b5189f59ed7ecf0e6dc9ea
SHA256a4ce52a9e0daddbbe7a539d1a7eda787494f2173ddcc92a3faf43b7cf597452b
SHA512ae72b39cb47a859d07a1ee3e73de655678fe809c5c17ffd90797b5985924ddb47ceb5ebe896e50216fb445526c4cbb95e276e5f3810035b50e4604363eb61cd4
-
Filesize
35KB
MD5ee33f4c8d17d17ad62925e85097b0109
SHA18c4a03531cf3dbfe6f378fdab9699d51e7888796
SHA25679adca5037d9145309d3bd19f7a26f7bb7da716ee86e01073c6f2a9681e33dad
SHA51260b0705a371ad2985db54a91f0e904eea502108663ea3c3fb18ed54671be1932f4f03e8e3fd687a857a5e3500545377b036276c69e821a7d6116b327f5b3d5c1
-
Filesize
1.3MB
MD573f91fe1b7771f022020ddf0ac619cde
SHA1d9ecb3061627c94f2cf6c1b7a34fea2cdbd13df7
SHA256763457ec96d1d2afddffa85523d59aa351208bfdf607f5c5f3fb79a518b6d0c2
SHA512cb85666c7e50e3dbf14fc215ec05d9576b884066983fe97fa10a40c6a8d6be11c68ca853e7f7039ec67e6b2d90e8c8a3273039b4b86d91d311bcddcdd831b507
-
Filesize
4.9MB
MD551e8a5281c2092e45d8c97fbdbf39560
SHA1c499c810ed83aaadce3b267807e593ec6b121211
SHA2562a234b5aa20c3faecf725bbb54fb33f3d94543f78fa7045408e905593e49960a
SHA51298b91719b0975cb38d3b3c7b6f820d184ef1b64d38ad8515be0b8b07730e2272376b9e51631fe9efd9b8a1709fea214cf3f77b34eeb9fd282eb09e395120e7cb
-
Filesize
771KB
MD5bfc834bb2310ddf01be9ad9cff7c2a41
SHA1fb1d601b4fcb29ff1b13b0d2ed7119bd0472205c
SHA25641ad1a04ca27a7959579e87fbbda87c93099616a64a0e66260c983381c5570d1
SHA5126af473c7c0997f2847ebe7cee8ef67cd682dee41720d4f268964330b449ba71398fda8954524f9a97cc4cdf9893b8bdc7a1cf40e9e45a73f4f35a37f31c6a9c3
-
Filesize
66KB
MD577896345d4e1c406eeff011f7a920873
SHA1ee8cdd531418cfd05c1a6792382d895ac347216f
SHA2561e9224ba7190b6301ef47befa8e383d0c55700255d04a36f7dac88ea9573f2fb
SHA5123e98b1b605d70244b42a13a219f9e124944da199a88ad4302308c801685b0c45a037a76ded319d08dbf55639591404665befe2091f0f4206a9472fee58d55c22
-
Filesize
6.6MB
MD55c5602cda7ab8418420f223366fff5db
SHA152f81ee0aef9b6906f7751fd2bbd4953e3f3b798
SHA256e7890e38256f04ee0b55ac5276bbf3ac61392c3a3ce150bb5497b709803e17ce
SHA51251c3b4f29781bb52c137ddb356e1bc5a37f3a25f0ed7d89416b14ed994121f884cb3e40ccdbb211a8989e3bd137b8df8b28e232f98de8f35b03965cfce4b424f
-
Filesize
30KB
MD5bffff83a000baf559f3eb2b599a1b7e8
SHA17f9238bda6d0c7cc5399c6b6ab3b42d21053f467
SHA256bc71fbdfd1441d62dd86d33ff41b35dc3cc34875f625d885c58c8dc000064dab
SHA5123c0ba0cf356a727066ae0d0d6523440a882aafb3ebdf70117993effd61395deebf179948f8c7f5222d59d1ed748c71d9d53782e16bd2f2eccc296f2f8b4fc948
-
Filesize
1.1MB
MD5a1388676824ce6347d31d6c6a7a1d1b5
SHA127dd45a5c9b7e61bb894f13193212c6d5668085b
SHA2562480a78815f619a631210e577e733c9bafecb7f608042e979423c5850ee390ff
SHA51226ea1b33f14f08bb91027e0d35ac03f6203b4dfeee602bb592c5292ab089b27ff6922da2804a9e8a28e47d4351b32cf93445d894f00b4ad6e2d0c35c6c7f1d89