Analysis Overview
SHA256
f239037a3b0b29773a9519c2c5dff44c4e11210560cf3585b2a535e8b401887e
Threat Level: Shows suspicious behavior
The file UniqueStudio RCON.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Detects Pyinstaller
Enumerates physical storage devices
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetWindowsHookEx
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-19 07:34
Signatures
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-19 07:34
Reported
2024-06-19 07:45
Platform
win10v2004-20240508-en
Max time kernel
502s
Max time network
512s
Command Line
Signatures
Loads dropped DLL
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\UniqueStudio RCON.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\UniqueStudio RCON.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2012 wrote to memory of 3332 | N/A | C:\Users\Admin\AppData\Local\Temp\UniqueStudio RCON.exe | C:\Users\Admin\AppData\Local\Temp\UniqueStudio RCON.exe |
| PID 2012 wrote to memory of 3332 | N/A | C:\Users\Admin\AppData\Local\Temp\UniqueStudio RCON.exe | C:\Users\Admin\AppData\Local\Temp\UniqueStudio RCON.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\UniqueStudio RCON.exe
"C:\Users\Admin\AppData\Local\Temp\UniqueStudio RCON.exe"
C:\Users\Admin\AppData\Local\Temp\UniqueStudio RCON.exe
"C:\Users\Admin\AppData\Local\Temp\UniqueStudio RCON.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Network
Files
C:\Users\Admin\AppData\Local\Temp\_MEI20122\python312.dll
| MD5 | 5c5602cda7ab8418420f223366fff5db |
| SHA1 | 52f81ee0aef9b6906f7751fd2bbd4953e3f3b798 |
| SHA256 | e7890e38256f04ee0b55ac5276bbf3ac61392c3a3ce150bb5497b709803e17ce |
| SHA512 | 51c3b4f29781bb52c137ddb356e1bc5a37f3a25f0ed7d89416b14ed994121f884cb3e40ccdbb211a8989e3bd137b8df8b28e232f98de8f35b03965cfce4b424f |
C:\Users\Admin\AppData\Local\Temp\_MEI20122\VCRUNTIME140.dll
| MD5 | 4585a96cc4eef6aafd5e27ea09147dc6 |
| SHA1 | 489cfff1b19abbec98fda26ac8958005e88dd0cb |
| SHA256 | a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736 |
| SHA512 | d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286 |
C:\Users\Admin\AppData\Local\Temp\_MEI20122\base_library.zip
| MD5 | 73f91fe1b7771f022020ddf0ac619cde |
| SHA1 | d9ecb3061627c94f2cf6c1b7a34fea2cdbd13df7 |
| SHA256 | 763457ec96d1d2afddffa85523d59aa351208bfdf607f5c5f3fb79a518b6d0c2 |
| SHA512 | cb85666c7e50e3dbf14fc215ec05d9576b884066983fe97fa10a40c6a8d6be11c68ca853e7f7039ec67e6b2d90e8c8a3273039b4b86d91d311bcddcdd831b507 |
C:\Users\Admin\AppData\Local\Temp\_MEI20122\_wmi.pyd
| MD5 | ee33f4c8d17d17ad62925e85097b0109 |
| SHA1 | 8c4a03531cf3dbfe6f378fdab9699d51e7888796 |
| SHA256 | 79adca5037d9145309d3bd19f7a26f7bb7da716ee86e01073c6f2a9681e33dad |
| SHA512 | 60b0705a371ad2985db54a91f0e904eea502108663ea3c3fb18ed54671be1932f4f03e8e3fd687a857a5e3500545377b036276c69e821a7d6116b327f5b3d5c1 |
C:\Users\Admin\AppData\Local\Temp\_MEI20122\_ssl.pyd
| MD5 | 9b4e74fd1de0f8a197e4aa1e16749186 |
| SHA1 | 833179b49eb27c9474b5189f59ed7ecf0e6dc9ea |
| SHA256 | a4ce52a9e0daddbbe7a539d1a7eda787494f2173ddcc92a3faf43b7cf597452b |
| SHA512 | ae72b39cb47a859d07a1ee3e73de655678fe809c5c17ffd90797b5985924ddb47ceb5ebe896e50216fb445526c4cbb95e276e5f3810035b50e4604363eb61cd4 |
C:\Users\Admin\AppData\Local\Temp\_MEI20122\_socket.pyd
| MD5 | 899380b2d48df53414b974e11bb711e3 |
| SHA1 | f1d11f7e970a7cd476e739243f8f197fcb3ad590 |
| SHA256 | b38e66e6ee413e5955ef03d619cadd40fca8be035b43093d2342b6f3739e883e |
| SHA512 | 7426ca5e7a404b9628e2966dae544f3e8310c697145567b361825dc0b5c6cd87f2caf567def8cd19e73d68643f2f38c08ff4ff0bb0a459c853f241b8fdf40024 |
C:\Users\Admin\AppData\Local\Temp\_MEI20122\_lzma.pyd
| MD5 | 4e2239ece266230ecb231b306adde070 |
| SHA1 | e807a078b71c660db10a27315e761872ffd01443 |
| SHA256 | 34130d8abe27586ee315262d69af4e27429b7eab1f3131ea375c2bb62cf094be |
| SHA512 | 86e6a1eab3529e600dd5caab6103e34b0f618d67322a5ecf1b80839faa028150c492a5cf865a2292cc8584fba008955da81a50b92301583424401d249c5f1401 |
C:\Users\Admin\AppData\Local\Temp\_MEI20122\_hashlib.pyd
| MD5 | f495d1897a1b52a2b15c20dcecb84b47 |
| SHA1 | 8cb65590a8815bda58c86613b6386b5982d9ec3f |
| SHA256 | e47e76d70d508b62924fe480f30e615b12fdd7745c0aac68a2cddabd07b692ae |
| SHA512 | 725d408892887bebd5bcf040a0ecc6a4e4b608815b9dea5b6f7b95c812715f82079896df33b0830c9f787ffe149b8182e529bb1f78aadd89df264cf8853ee4c4 |
C:\Users\Admin\AppData\Local\Temp\_MEI20122\_decimal.pyd
| MD5 | 21c73e7e0d7dad7a1fe728e3b80ce073 |
| SHA1 | 7b363af01e83c05d0ea75299b39c31d948bbfe01 |
| SHA256 | a28c543976aa4b6d37da6f94a280d72124b429f458d0d57b7dbcf71b4bea8f73 |
| SHA512 | 0357102bffc2ec2bc6ff4d9956d6b8e77ed8558402609e558f1c1ebc1baca6aeaa5220a7781a69b783a54f3e76362d1f74d817e4ee22aac16c7f8c86b6122390 |
C:\Users\Admin\AppData\Local\Temp\_MEI20122\_bz2.pyd
| MD5 | c7ce973f261f698e3db148ccad057c96 |
| SHA1 | 59809fd48e8597a73211c5df64c7292c5d120a10 |
| SHA256 | 02d772c03704fe243c8de2672c210a5804d075c1f75e738d6130a173d08dfcde |
| SHA512 | a924750b1825747a622eef93331fd764d824c954297e37e8dc93a450c11aa7ab3ad7c3b823b11656b86e64de3cd5d409fda15db472488dfaa4bb50341f0b29d1 |
C:\Users\Admin\AppData\Local\Temp\_MEI20122\VCRUNTIME140_1.dll
| MD5 | 7e668ab8a78bd0118b94978d154c85bc |
| SHA1 | dbac42a02a8d50639805174afd21d45f3c56e3a0 |
| SHA256 | e4b533a94e02c574780e4b333fcf0889f65ed00d39e32c0fbbda2116f185873f |
| SHA512 | 72bb41db17256141b06e2eaeb8fc65ad4abdb65e4b5f604c82b9e7e7f60050734137d602e0f853f1a38201515655b6982f2761ee0fa77c531aa58591c95f0032 |
C:\Users\Admin\AppData\Local\Temp\_MEI20122\python3.dll
| MD5 | 77896345d4e1c406eeff011f7a920873 |
| SHA1 | ee8cdd531418cfd05c1a6792382d895ac347216f |
| SHA256 | 1e9224ba7190b6301ef47befa8e383d0c55700255d04a36f7dac88ea9573f2fb |
| SHA512 | 3e98b1b605d70244b42a13a219f9e124944da199a88ad4302308c801685b0c45a037a76ded319d08dbf55639591404665befe2091f0f4206a9472fee58d55c22 |
C:\Users\Admin\AppData\Local\Temp\_MEI20122\PyQt5\Qt5\bin\Qt5Gui.dll
| MD5 | 47307a1e2e9987ab422f09771d590ff1 |
| SHA1 | 0dfc3a947e56c749a75f921f4a850a3dcbf04248 |
| SHA256 | 5e7d2d41b8b92a880e83b8cc0ca173f5da61218604186196787ee1600956be1e |
| SHA512 | 21b1c133334c7ca7bbbe4f00a689c580ff80005749da1aa453cceb293f1ad99f459ca954f54e93b249d406aea038ad3d44d667899b73014f884afdbd9c461c14 |
C:\Users\Admin\AppData\Local\Temp\_MEI20122\PyQt5\Qt5\bin\Qt5Widgets.dll
| MD5 | 4cd1f8fdcd617932db131c3688845ea8 |
| SHA1 | b090ed884b07d2d98747141aefd25590b8b254f9 |
| SHA256 | 3788c669d4b645e5a576de9fc77fca776bf516d43c89143dc2ca28291ba14358 |
| SHA512 | 7d47d2661bf8fac937f0d168036652b7cfe0d749b571d9773a5446c512c58ee6bb081fec817181a90f4543ebc2367c7f8881ff7f80908aa48a7f6bb261f1d199 |
C:\Users\Admin\AppData\Local\Temp\_MEI20122\PyQt5\QtWidgets.pyd
| MD5 | 9cde8433816662eaeb762c8e6fe77e6b |
| SHA1 | d9d69268af89c4134ed94c768baedd6abbce7557 |
| SHA256 | e732f15729fa69c3067dc33abb60e241570398aa9ab3359d9ff2a9714d1a1e4c |
| SHA512 | 3f6dfc0fdc9eeb4f5d041aaf5d0420091f7230bf60796e979503d345ce9a74e0f23dd229c31207221c8509bab1edde616ff9803776708a5b4097a7338d372c54 |
C:\Users\Admin\AppData\Local\Temp\_MEI20122\PyQt5\Qt5\bin\Qt5Core.dll
| MD5 | 817520432a42efa345b2d97f5c24510e |
| SHA1 | fea7b9c61569d7e76af5effd726b7ff6147961e5 |
| SHA256 | 8d2ff4ce9096ddccc4f4cd62c2e41fc854cfd1b0d6e8d296645a7f5fd4ae565a |
| SHA512 | 8673b26ec5421fce8e23adf720de5690673bb4ce6116cb44ebcc61bbbef12c0ad286dfd675edbed5d8d000efd7609c81aae4533180cf4ec9cd5316e7028f7441 |
C:\Users\Admin\AppData\Local\Temp\_MEI20122\unicodedata.pyd
| MD5 | a1388676824ce6347d31d6c6a7a1d1b5 |
| SHA1 | 27dd45a5c9b7e61bb894f13193212c6d5668085b |
| SHA256 | 2480a78815f619a631210e577e733c9bafecb7f608042e979423c5850ee390ff |
| SHA512 | 26ea1b33f14f08bb91027e0d35ac03f6203b4dfeee602bb592c5292ab089b27ff6922da2804a9e8a28e47d4351b32cf93445d894f00b4ad6e2d0c35c6c7f1d89 |
C:\Users\Admin\AppData\Local\Temp\_MEI20122\PyQt5\Qt5\bin\VCRUNTIME140_1.dll
| MD5 | 6bc084255a5e9eb8df2bcd75b4cd0777 |
| SHA1 | cf071ad4e512cd934028f005cabe06384a3954b6 |
| SHA256 | 1f0f5f2ce671e0f68cf96176721df0e5e6f527c8ca9cfa98aa875b5a3816d460 |
| SHA512 | b822538494d13bda947655af791fed4daa811f20c4b63a45246c8f3befa3ec37ff1aa79246c89174fe35d76ffb636fa228afa4bda0bd6d2c41d01228b151fd89 |
memory/3332-165-0x00007FF815FC0000-0x00007FF8164B0000-memory.dmp
memory/3332-166-0x00007FF814DE0000-0x00007FF815321000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI20122\PyQt5\QtCore.pyd
| MD5 | d6d51c8f5e381cbba49d54e507a41220 |
| SHA1 | 86deaab67d3fc4e26bc81db89faec720a5d8a3a4 |
| SHA256 | 5a2aed6f96abec6905e6a36d33bc00d2c23e13f6333ea0545a32ab57b33a7c47 |
| SHA512 | 3b3b386d3d0a8865348a574740473325a1a7deac6a9b767fbca253e1de90412aa76e4e9b36d9586f3307f10ee567adb34d85bf21751e568e86ec66683131fbf0 |
C:\Users\Admin\AppData\Local\Temp\_MEI20122\PyQt5\QtGui.pyd
| MD5 | a931566050607d6a9feb94cef82672d9 |
| SHA1 | 405a7e907631efef51bea7952d4d725b6402d5a2 |
| SHA256 | 8c425d163b0c650cb8dc4662625de4998bed2ad9a3f2e04a8664e2e72a69f845 |
| SHA512 | 263a23f1346ecf1a042f3c697c8f40aefb99e134c06ee87edeef47c170e7113327a9c51143af83e4fa1589970f22c2606bf6f4bb4ebff7be3ee3e3acfde4a258 |
memory/3332-174-0x00007FF814900000-0x00007FF814B65000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI20122\libssl-3.dll
| MD5 | bfc834bb2310ddf01be9ad9cff7c2a41 |
| SHA1 | fb1d601b4fcb29ff1b13b0d2ed7119bd0472205c |
| SHA256 | 41ad1a04ca27a7959579e87fbbda87c93099616a64a0e66260c983381c5570d1 |
| SHA512 | 6af473c7c0997f2847ebe7cee8ef67cd682dee41720d4f268964330b449ba71398fda8954524f9a97cc4cdf9893b8bdc7a1cf40e9e45a73f4f35a37f31c6a9c3 |
C:\Users\Admin\AppData\Local\Temp\_MEI20122\libcrypto-3.dll
| MD5 | 51e8a5281c2092e45d8c97fbdbf39560 |
| SHA1 | c499c810ed83aaadce3b267807e593ec6b121211 |
| SHA256 | 2a234b5aa20c3faecf725bbb54fb33f3d94543f78fa7045408e905593e49960a |
| SHA512 | 98b91719b0975cb38d3b3c7b6f820d184ef1b64d38ad8515be0b8b07730e2272376b9e51631fe9efd9b8a1709fea214cf3f77b34eeb9fd282eb09e395120e7cb |
C:\Users\Admin\AppData\Local\Temp\_MEI20122\select.pyd
| MD5 | bffff83a000baf559f3eb2b599a1b7e8 |
| SHA1 | 7f9238bda6d0c7cc5399c6b6ab3b42d21053f467 |
| SHA256 | bc71fbdfd1441d62dd86d33ff41b35dc3cc34875f625d885c58c8dc000064dab |
| SHA512 | 3c0ba0cf356a727066ae0d0d6523440a882aafb3ebdf70117993effd61395deebf179948f8c7f5222d59d1ed748c71d9d53782e16bd2f2eccc296f2f8b4fc948 |
memory/3332-171-0x00007FF814B70000-0x00007FF814DD3000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI20122\PyQt5\sip.cp312-win_amd64.pyd
| MD5 | 5377602344083cca28f03caa6442c699 |
| SHA1 | 9bdb21e90dfde0f92889da296c3d6c06dbf5be3e |
| SHA256 | 4e1a8a32a84dd2098eea849a804885ce7cd0fb7c6fa3513f1cb60bc4e7578171 |
| SHA512 | fdc735ffcdd929ee0a9f8436ef6ba17598c4675b83a390b5a4ab6a5b42cc95a3dad6d449e3202d7a4156c76f0deff43d46e78421d0d22e061112cee4ef6227eb |
C:\Users\Admin\AppData\Local\Temp\_MEI20122\PyQt5\Qt5\bin\MSVCP140_1.dll
| MD5 | 0fe6d52eb94c848fe258dc0ec9ff4c11 |
| SHA1 | 95cc74c64ab80785f3893d61a73b8a958d24da29 |
| SHA256 | 446c48c1224c289bd3080087fe15d6759416d64f4136addf30086abd5415d83f |
| SHA512 | c39a134210e314627b0f2072f4ffc9b2ce060d44d3365d11d8c1fe908b3b9403ebdd6f33e67d556bd052338d0ed3d5f16b54d628e8290fd3a155f55d36019a86 |
C:\Users\Admin\AppData\Local\Temp\_MEI20122\PyQt5\Qt5\bin\MSVCP140.dll
| MD5 | 01b946a2edc5cc166de018dbb754b69c |
| SHA1 | dbe09b7b9ab2d1a61ef63395111d2eb9b04f0a46 |
| SHA256 | 88f55d86b50b0a7e55e71ad2d8f7552146ba26e927230daf2e26ad3a971973c5 |
| SHA512 | 65dc3f32faf30e62dfdecb72775df870af4c3a32a0bf576ed1aaae4b16ac6897b62b19e01dc2bf46f46fbe3f475c061f79cbe987eda583fee1817070779860e5 |
C:\Users\Admin\AppData\Local\Temp\_MEI20122\PyQt5\Qt5\plugins\platforms\qwindows.dll
| MD5 | 4931fcd0e86c4d4f83128dc74e01eaad |
| SHA1 | ac1d0242d36896d4dda53b95812f11692e87d8df |
| SHA256 | 3333ba244c97264e3bd19db5953efa80a6e47aaced9d337ac3287ec718162b85 |
| SHA512 | 0396bccda43856950afe4e7b16e0f95d4d48b87473dc90cf029e6ddfd0777e1192c307cfe424eae6fb61c1b479f0ba1ef1e4269a69c843311a37252cf817d84d |
memory/3332-187-0x000001490E700000-0x000001490E710000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI20122\PyQt5\Qt5\plugins\platforms\qwebgl.dll
| MD5 | 1edcb08c16d30516483a4cbb7d81e062 |
| SHA1 | 4760915f1b90194760100304b8469a3b2e97e2bc |
| SHA256 | 9c3b2fa2383eeed92bb5810bdcf893ae30fa654a30b453ab2e49a95e1ccf1631 |
| SHA512 | 0a923495210b2dc6eb1acedaf76d57b07d72d56108fd718bd0368d2c2e78ae7ac848b90d90c8393320a3d800a38e87796965afd84da8c1df6c6b244d533f0f39 |
C:\Users\Admin\AppData\Local\Temp\_MEI20122\PyQt5\Qt5\plugins\platforms\qoffscreen.dll
| MD5 | 6407499918557594916c6ab1ffef1e99 |
| SHA1 | 5a57c6b3ffd51fc5688d5a28436ad2c2e70d3976 |
| SHA256 | 54097626faae718a4bc8e436c85b4ded8f8fb7051b2b9563a29aee4ed5c32b7b |
| SHA512 | 8e8abb563a508e7e75241b9720a0e7ae9c1a59dd23788c74e4ed32a028721f56546792d6cca326f3d6aa0a62fdedc63bf41b8b74187215cd3b26439f40233f4d |
C:\Users\Admin\AppData\Local\Temp\_MEI20122\PyQt5\Qt5\plugins\platforms\qminimal.dll
| MD5 | 2f6d88f8ec3047deaf174002228219ab |
| SHA1 | eb7242bb0fe74ea78a17d39c76310a7cdd1603a8 |
| SHA256 | 05d1e7364dd2a672df3ca44dd6fd85bed3d3dc239dcfe29bfb464f10b4daa628 |
| SHA512 | 0a895ba11c81af14b5bd1a04a450d6dcca531063307c9ef076e9c47bd15f4438837c5d425caee2150f3259691f971d6ee61154748d06d29e4e77da3110053b54 |
C:\Users\Admin\AppData\Local\Temp\_MEI20122\PyQt5\Qt5\plugins\styles\qwindowsvistastyle.dll
| MD5 | 53a85f51054b7d58d8ad7c36975acb96 |
| SHA1 | 893a757ca01472a96fb913d436aa9f8cfb2a297f |
| SHA256 | d9b21182952682fe7ba63af1df24e23ace592c35b3f31eceef9f0eabeb5881b9 |
| SHA512 | 35957964213b41f1f21b860b03458404fbf11daf03d102fbea8c2b2f249050cefbb348edc3f22d8ecc3cb8abfdc44215c2dc9da029b4f93a7f40197bd0c16960 |
C:\Users\Admin\AppData\Local\Temp\_MEI20122\PyQt5\Qt5\plugins\platformthemes\qxdgdesktopportal.dll
| MD5 | f66f6e9eda956f72e3bb113407035e61 |
| SHA1 | 97328524da8e82f5f92878f1c0421b38ecec1e6c |
| SHA256 | e23fbc1bec6ceedfa9fd305606a460d9cac5d43a66d19c0de36e27632fddd952 |
| SHA512 | 7ff76e83c8d82016ab6bd349f10405f30deebe97e8347c6762eb71a40009f9a2978a0d8d0c054cf7a3d2d377563f6a21b97ddefd50a9ac932d43cc124d7c4918 |
C:\Users\Admin\AppData\Local\Temp\_MEI20122\PyQt5\Qt5\plugins\imageformats\qico.dll
| MD5 | a9abd4329ca364d4f430eddcb471be59 |
| SHA1 | c00a629419509929507a05aebb706562c837e337 |
| SHA256 | 1982a635db9652304131c9c6ff9a693e70241600d2ef22b354962aa37997de0b |
| SHA512 | 004ea8ae07c1a18b0b461a069409e4061d90401c8555dd23dbf164a08e96732f7126305134bfaf8b65b0406315f218e05b5f0f00bedb840fb993d648ce996756 |
C:\Users\Admin\AppData\Local\Temp\_MEI20122\PyQt5\Qt5\plugins\imageformats\qtiff.dll
| MD5 | 9c0acf12d3d25384868dcd81c787f382 |
| SHA1 | c6e877aba3fb3d2f21d86be300e753e23bb0b74e |
| SHA256 | 825174429ced6b3dab18115dbc6c9da07bf5248c86ec1bd5c0dcaeca93b4c22d |
| SHA512 | 45594fa3c5d7c4f26325927bb8d51b0b88e162e3f5e7b7f39a5d72437606383e9fdc8f83a77f814e45aff254914514ae52c1d840a6c7b98767f362ed3f4fc5bd |
C:\Users\Admin\AppData\Local\Temp\_MEI20122\PyQt5\Qt5\plugins\imageformats\qtga.dll
| MD5 | a913276fa25d2e6fd999940454c23093 |
| SHA1 | 785b7bc7110218ec0e659c0e5ace9520aa451615 |
| SHA256 | 5b641dec81aec1cf7ac0cce9fc067bb642fbd32da138a36e3bdac3bb5b36c37a |
| SHA512 | cebe48e6e6c5cdf8fc339560751813b8de11d2471a3dab7d648df5b313d85735889d4e704e8eec0ad1084ab43be0ebdfbacd038aeac46d7a951efb3a7ce838eb |
C:\Users\Admin\AppData\Local\Temp\_MEI20122\PyQt5\Qt5\plugins\imageformats\qsvg.dll
| MD5 | c0de135782fa0235a0ea8e97898eaf2a |
| SHA1 | fcf5fd99239bf4e0b17b128b0ebec144c7a17de2 |
| SHA256 | b3498f0a10ac4cb42cf7213db4944a34594ff36c78c50a0f249c9085d1b1ff39 |
| SHA512 | 7bd5f90ccab3cf50c55eaf14f7ef21e05d3c893fa7ac9846c6ca98d6e6d177263ac5eb8a85a34501bcfca0da7f0b6c39769726f4090fca2231ee64869b81cf0b |
C:\Users\Admin\AppData\Local\Temp\_MEI20122\PyQt5\Qt5\plugins\imageformats\qjpeg.dll
| MD5 | 16abcceb70ba20e73858e8f1912c05cd |
| SHA1 | 4b3a32b166ab5bbbee229790fdae9cbc84f936ba |
| SHA256 | fb4e980cb5fafa8a4cd4239329aed93f7c32ed939c94b61fb2df657f3c6ad158 |
| SHA512 | 3e5c83967bf31c9b7f1720059dd51aa4338e518b076b0461541c781b076135e9cb9cbceb13a8ec9217104517fbcc356bdd3ffaca7956d1c939e43988151f6273 |
C:\Users\Admin\AppData\Local\Temp\_MEI20122\PyQt5\Qt5\plugins\imageformats\qicns.dll
| MD5 | ad84af4d585643ff94bfa6de672b3284 |
| SHA1 | 5d2df51028fbeb7f6b52c02add702bc3fa781e08 |
| SHA256 | f4a229a082d16f80016f366156a2b951550f1e9df6d4177323bbedd92a429909 |
| SHA512 | b68d83a4a1928eb3390deb9340cb27b8a3eb221c2e0be86211ef318b4dd34b37531ca347c73cce79a640c5b06fbd325e10f8c37e0cee2581f22abfbff5cc0d55 |
C:\Users\Admin\AppData\Local\Temp\_MEI20122\PyQt5\Qt5\plugins\imageformats\qgif.dll
| MD5 | 52fd90e34fe8ded8e197b532bd622ef7 |
| SHA1 | 834e280e00bae48a9e509a7dc909bea3169bdce2 |
| SHA256 | 36174dd4c5f37c5f065c7a26e0ac65c4c3a41fdc0416882af856a23a5d03bb9d |
| SHA512 | ef3fb3770808b3690c11a18316b0c1c56c80198c1b1910e8aa198df8281ba4e13dc9a6179bb93a379ad849304f6bb934f23e6bbd3d258b274cc31856de0fc12b |
C:\Users\Admin\AppData\Local\Temp\_MEI20122\PyQt5\Qt5\plugins\iconengines\qsvgicon.dll
| MD5 | 313f89994f3fea8f67a48ee13359f4ba |
| SHA1 | 8c7d4509a0caa1164cc9415f44735b885a2f3270 |
| SHA256 | 42dde60befcf1d9f96b8366a9988626b97d7d0d829ebea32f756d6ecd9ea99a8 |
| SHA512 | 06e5026f5db929f242104a503f0d501a9c1dc92973dd0e91d2daf5b277d190082de8d37ace7edf643c70aa98bb3d670defe04ce89b483da4f34e629f8ed5fecf |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-19 07:34
Reported
2024-06-19 07:45
Platform
win10v2004-20240611-en
Max time kernel
595s
Max time network
599s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\UniqueStudio RCON.pyc"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4268,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=4164 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1384,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=3928 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.178.89.13.in-addr.arpa | udp |