Malware Analysis Report

2025-05-28 16:49

Sample ID 250118-c42mqs1lbr
Target Project Iconic V3.rar
SHA256 27426ae7867ec686e6dff221ee8b13d59b0bdc13244fde1957442e03e26c07cb
Tags
discovery agilenet
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

27426ae7867ec686e6dff221ee8b13d59b0bdc13244fde1957442e03e26c07cb

Threat Level: Shows suspicious behavior

The file Project Iconic V3.rar was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery agilenet

Obfuscated with Agile.Net obfuscator

Unsigned PE

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-18 02:38

Signatures

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral11

Detonation Overview

Submitted

2025-01-18 02:38

Reported

2025-01-18 02:41

Platform

win7-20240903-en

Max time kernel

122s

Max time network

125s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\PS3 Injector\DevComponents.DotNetBar2.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\PS3 Injector\DevComponents.DotNetBar2.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2025-01-18 02:38

Reported

2025-01-18 02:41

Platform

win10v2004-20241007-en

Max time kernel

94s

Max time network

155s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\PC GSC\maps\mp\gametypes_zm\_clientids.gsc"

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\PC GSC\maps\mp\gametypes_zm\_clientids.gsc"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 7.98.22.2.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 26.252.100.95.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2025-01-18 02:38

Reported

2025-01-18 02:41

Platform

win10v2004-20241007-en

Max time kernel

93s

Max time network

150s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\PS3 Injector\_shellshock.gsc"

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\PS3 Injector\_shellshock.gsc"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 245.131.30.184.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 8.153.16.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2025-01-18 02:38

Reported

2025-01-18 02:41

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

151s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\PS3 Injector\PS3Lib.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\PS3 Injector\PS3Lib.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 245.131.30.184.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 166.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 60.153.16.2.in-addr.arpa udp
US 8.8.8.8:53 26.178.89.13.in-addr.arpa udp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2025-01-18 02:38

Reported

2025-01-18 02:41

Platform

win7-20240729-en

Max time kernel

89s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\PS3 Injector\ProjectIconicEvanescence.exe"

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\PS3 Injector\ProjectIconicEvanescence.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\PS3 Injector\ProjectIconicEvanescence.exe

"C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\PS3 Injector\ProjectIconicEvanescence.exe"

Network

N/A

Files

memory/2532-0-0x00000000741FE000-0x00000000741FF000-memory.dmp

memory/2532-1-0x0000000000800000-0x000000000088C000-memory.dmp

memory/2532-2-0x00000000741F0000-0x00000000748DE000-memory.dmp

memory/2532-3-0x00000000741F0000-0x00000000748DE000-memory.dmp

memory/2532-4-0x00000000741FE000-0x00000000741FF000-memory.dmp

memory/2532-5-0x00000000741F0000-0x00000000748DE000-memory.dmp

Analysis: behavioral17

Detonation Overview

Submitted

2025-01-18 02:38

Reported

2025-01-18 02:41

Platform

win7-20240903-en

Max time kernel

121s

Max time network

122s

Command Line

C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\PS3 Injector\Readme.txt"

Signatures

N/A

Processes

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\PS3 Injector\Readme.txt"

Network

N/A

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2025-01-18 02:38

Reported

2025-01-18 02:41

Platform

win7-20240903-en

Max time kernel

122s

Max time network

123s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\PS3 Injector\XRPC.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\PS3 Injector\XRPC.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2025-01-18 02:38

Reported

2025-01-18 02:41

Platform

win10v2004-20241007-en

Max time kernel

109s

Max time network

111s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\Themes\Deep Blue Theme\config.gsc"

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\Themes\Deep Blue Theme\config.gsc"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 245.131.30.184.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 167.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2025-01-18 02:38

Reported

2025-01-18 02:41

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

153s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\Themes\Default Theme\config.gsc"

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\Themes\Default Theme\config.gsc"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 60.153.16.2.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 245.131.30.184.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 88.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 7.98.22.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2025-01-18 02:38

Reported

2025-01-18 02:41

Platform

win10v2004-20241007-en

Max time kernel

91s

Max time network

125s

Command Line

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3.rar"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Processes

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3.rar"

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 7.98.22.2.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 167.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2025-01-18 02:38

Reported

2025-01-18 02:41

Platform

win7-20240903-en

Max time kernel

118s

Max time network

120s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\Themes\Cave's Theme\config.gsc"

Signatures

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000_Classes\Local Settings C:\Windows\system32\rundll32.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\Themes\Cave's Theme\config.gsc"

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\Themes\Cave's Theme\config.gsc

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\Themes\Cave's Theme\config.gsc"

Network

N/A

Files

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

MD5 c06671635f5b768b82f2ec68cc00e996
SHA1 7d9d880054b85144e7b0840f580bd25fc4cc6aab
SHA256 cbcad10bd279d8f56f649ea968181e72ecbd9a2b769491274fc112b41fbe5357
SHA512 33f91a7e094d7ef0220925a978305bb50d378d0759735838205f5e6ca91df3d000398c561d6aa728e18c974a69bcc9fb760181a415a8de5ca7b5b178dbab029e

Analysis: behavioral10

Detonation Overview

Submitted

2025-01-18 02:38

Reported

2025-01-18 02:41

Platform

win10v2004-20241007-en

Max time kernel

93s

Max time network

142s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\PC GSC\maps\mp\gametypes_zm\_shellshock.gsc"

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\PC GSC\maps\mp\gametypes_zm\_shellshock.gsc"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 245.131.30.184.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 166.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 26.252.100.95.in-addr.arpa udp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2025-01-18 02:38

Reported

2025-01-18 02:41

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

151s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\PS3 Injector\DevComponents.DotNetBar2.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\PS3 Injector\DevComponents.DotNetBar2.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 60.153.16.2.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 245.131.30.184.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 26.252.100.95.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 5.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2025-01-18 02:38

Reported

2025-01-18 02:41

Platform

win7-20240903-en

Max time kernel

122s

Max time network

126s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\PS3 Injector\_shellshock.gsc"

Signatures

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_Classes\Local Settings C:\Windows\system32\rundll32.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\PS3 Injector\_shellshock.gsc"

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\PS3 Injector\_shellshock.gsc

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\PS3 Injector\_shellshock.gsc"

Network

N/A

Files

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

MD5 95420d4bb78a1c3aff58aae6e514a969
SHA1 5b22db482cb8c9b162e99f63163e4d38cb40278d
SHA256 fa402590fabbb7df57daa37fa0ba6f22f3009d73f0965e7f06bef97bb5b23b3a
SHA512 e5310dd901ba17a2afdd0cd420e772836272f0912ad322e0f0c278018c474add6f436f0895e9019919a02df948a7b21ddbf913263b6285f0b285cca5143ad586

Analysis: behavioral26

Detonation Overview

Submitted

2025-01-18 02:38

Reported

2025-01-18 02:41

Platform

win10v2004-20241007-en

Max time kernel

95s

Max time network

146s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\Themes\Blood Theme\config.gsc"

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\Themes\Blood Theme\config.gsc"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 8.153.16.2.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 245.131.30.184.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 167.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-18 02:38

Reported

2025-01-18 02:41

Platform

win7-20240903-en

Max time kernel

149s

Max time network

120s

Command Line

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3.rar"

Signatures

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8BB96711-D545-11EF-A02E-FA59FB4FA467} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_Classes\Local Settings C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_Classes\Local Settings C:\Windows\system32\rundll32.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3.rar"

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://appdata/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2604 CREDAT:275457 /prefetch:2

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Project Iconic V3.rar

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Project Iconic V3.rar

Network

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2025-01-18 02:38

Reported

2025-01-18 02:41

Platform

win7-20240903-en

Max time kernel

119s

Max time network

123s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\Console GSC\maps\mp\gametypes_zm\_clientids.gsc"

Signatures

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_Classes\Local Settings C:\Windows\system32\rundll32.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\Console GSC\maps\mp\gametypes_zm\_clientids.gsc"

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\Console GSC\maps\mp\gametypes_zm\_clientids.gsc

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\Console GSC\maps\mp\gametypes_zm\_clientids.gsc"

Network

N/A

Files

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

MD5 8bd77bcc02046d43083ea000064af838
SHA1 1e214a585d5b61c52b0bf172c8ba54ea2d609382
SHA256 250d784659b4fa14fda52a183f6b62062281b60ff127947b4e8ace03a91607f8
SHA512 582c8e4196552fbaea6e931a2a72d1278b339b172c48d2496b9d54f8a812bafeebc16218ca287c0543f24bf081973370e87da6915db6e211329aec6b699192ae

Analysis: behavioral18

Detonation Overview

Submitted

2025-01-18 02:38

Reported

2025-01-18 02:41

Platform

win10v2004-20241007-en

Max time kernel

94s

Max time network

145s

Command Line

C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\PS3 Injector\Readme.txt"

Signatures

N/A

Processes

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\PS3 Injector\Readme.txt"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 245.131.30.184.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2025-01-18 02:38

Reported

2025-01-18 02:41

Platform

win7-20241010-en

Max time kernel

118s

Max time network

120s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\Themes\Default Theme\config.gsc"

Signatures

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_Classes\Local Settings C:\Windows\system32\rundll32.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\Themes\Default Theme\config.gsc"

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\Themes\Default Theme\config.gsc

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\Themes\Default Theme\config.gsc"

Network

N/A

Files

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

MD5 07beae21a6cfa5ea009b844a5c160947
SHA1 db5b03d5529939b13af2c5d9d7c2af8c7fe85a18
SHA256 4723a0190c28c572d85e2a45fcc6af2c4256d22635f91cc13f489d4f242eb279
SHA512 32d13dc44c78ce7d9c233043ff9272e9821491cb30adc41604b768461487fe8287a22b7db91020dbc0017b3132f76993dc5addfe16b3e579071dac5cf0f6eac4

Analysis: behavioral4

Detonation Overview

Submitted

2025-01-18 02:38

Reported

2025-01-18 02:41

Platform

win10v2004-20241007-en

Max time kernel

95s

Max time network

99s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\Console GSC\maps\mp\gametypes_zm\_clientids.gsc"

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\Console GSC\maps\mp\gametypes_zm\_clientids.gsc"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 8.153.16.2.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 245.131.30.184.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 27.252.100.95.in-addr.arpa udp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2025-01-18 02:38

Reported

2025-01-18 02:41

Platform

win7-20240903-en

Max time kernel

119s

Max time network

123s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\PS3 Injector\PS3Lib.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\PS3 Injector\PS3Lib.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2025-01-18 02:38

Reported

2025-01-18 02:41

Platform

win10v2004-20241007-en

Max time kernel

93s

Max time network

137s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\PS3 Injector\ProjectIconicEvanescence.exe"

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\PS3 Injector\ProjectIconicEvanescence.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\PS3 Injector\ProjectIconicEvanescence.exe

"C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\PS3 Injector\ProjectIconicEvanescence.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 245.131.30.184.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 167.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 8.153.16.2.in-addr.arpa udp

Files

memory/4164-0-0x0000000074D0E000-0x0000000074D0F000-memory.dmp

memory/4164-1-0x0000000000650000-0x00000000006DC000-memory.dmp

memory/4164-2-0x00000000054D0000-0x0000000005A74000-memory.dmp

memory/4164-3-0x0000000004FC0000-0x0000000005052000-memory.dmp

memory/4164-4-0x0000000074D00000-0x00000000754B0000-memory.dmp

memory/4164-5-0x0000000004FB0000-0x0000000004FBA000-memory.dmp

memory/4164-6-0x0000000074D00000-0x00000000754B0000-memory.dmp

memory/4164-7-0x0000000074D0E000-0x0000000074D0F000-memory.dmp

memory/4164-8-0x0000000074D00000-0x00000000754B0000-memory.dmp

Analysis: behavioral23

Detonation Overview

Submitted

2025-01-18 02:38

Reported

2025-01-18 02:41

Platform

win7-20241010-en

Max time kernel

14s

Max time network

19s

Command Line

C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\Readme.txt"

Signatures

N/A

Processes

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\Readme.txt"

Network

N/A

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2025-01-18 02:38

Reported

2025-01-18 02:41

Platform

win10v2004-20241007-en

Max time kernel

95s

Max time network

98s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\Themes\Cave's Theme\config.gsc"

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\Themes\Cave's Theme\config.gsc"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 245.131.30.184.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 167.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 60.153.16.2.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2025-01-18 02:38

Reported

2025-01-18 02:41

Platform

win7-20240903-en

Max time kernel

120s

Max time network

121s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\Themes\Deep Blue Theme\config.gsc"

Signatures

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_Classes\Local Settings C:\Windows\system32\rundll32.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\Themes\Deep Blue Theme\config.gsc"

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\Themes\Deep Blue Theme\config.gsc

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\Themes\Deep Blue Theme\config.gsc"

Network

N/A

Files

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

MD5 8023ff26b2626c96584b2e4e6eac937b
SHA1 71acb48c3e9b568e4e30a0bfe740b5d619d6e5d7
SHA256 3cdc64df436e4e7533a5d62fe369513e883aa144a28d6b5366c6d5843489763f
SHA512 21553e677d2f2a4dd6021b124588aceefeb9f1a81f0c35575bd15b587c5e3b34ae18e822945f979aa83f778ddd90436bf6e57860c5d77a8fe2441551931b1221

Analysis: behavioral5

Detonation Overview

Submitted

2025-01-18 02:38

Reported

2025-01-18 02:41

Platform

win7-20240903-en

Max time kernel

120s

Max time network

121s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\Console GSC\maps\mp\gametypes_zm\_shellshock.gsc"

Signatures

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_Classes\Local Settings C:\Windows\system32\rundll32.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\Console GSC\maps\mp\gametypes_zm\_shellshock.gsc"

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\Console GSC\maps\mp\gametypes_zm\_shellshock.gsc

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\Console GSC\maps\mp\gametypes_zm\_shellshock.gsc"

Network

N/A

Files

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

MD5 fed9ef4da221248c3fffbbac5a1d0f08
SHA1 8e3ba0ab0922b3c333ae4c28cc71241b6e974b36
SHA256 8fb33882a2ba051e73836dbc028e1efbf692cb3d7a848ab62519203c451f9c8b
SHA512 624f23576a277abfcf6aaf93a7a50202d92f0f679c5a1b69fd4ecac963861d776be80319498a0e2153721e43a8908ab6501481dd847ecb9408cc25a16c519859

Analysis: behavioral6

Detonation Overview

Submitted

2025-01-18 02:38

Reported

2025-01-18 02:41

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

151s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\Console GSC\maps\mp\gametypes_zm\_shellshock.gsc"

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\Console GSC\maps\mp\gametypes_zm\_shellshock.gsc"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 245.131.30.184.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 166.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 8.153.16.2.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2025-01-18 02:38

Reported

2025-01-18 02:41

Platform

win7-20240903-en

Max time kernel

121s

Max time network

122s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\PC GSC\maps\mp\gametypes_zm\_clientids.gsc"

Signatures

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000_Classes\Local Settings C:\Windows\system32\rundll32.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\PC GSC\maps\mp\gametypes_zm\_clientids.gsc"

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\PC GSC\maps\mp\gametypes_zm\_clientids.gsc

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\PC GSC\maps\mp\gametypes_zm\_clientids.gsc"

Network

N/A

Files

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

MD5 b74e4c370a623ee060f825caf628cb99
SHA1 8115c11857f4df6ab9060e94cf46babd23fb2e82
SHA256 34124d45f5c754806319e8010836f45160bfbb68f681dd86c237789a680bcd86
SHA512 e7e64d1c681dd9f5a62c2fbef2db75500e9a4edec1f7e909288e174865f688c18bb4a1657a8d0db07ec2e454d5bfeb60e74d53b2f0c0e28804ddf43fe2e5783b

Analysis: behavioral9

Detonation Overview

Submitted

2025-01-18 02:38

Reported

2025-01-18 02:41

Platform

win7-20240903-en

Max time kernel

120s

Max time network

121s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\PC GSC\maps\mp\gametypes_zm\_shellshock.gsc"

Signatures

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_Classes\Local Settings C:\Windows\system32\rundll32.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\PC GSC\maps\mp\gametypes_zm\_shellshock.gsc"

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\PC GSC\maps\mp\gametypes_zm\_shellshock.gsc

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\PC GSC\maps\mp\gametypes_zm\_shellshock.gsc"

Network

N/A

Files

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

MD5 21e2a30b1c56dab851760969f256e99c
SHA1 5260fa8592da56ba6c3f1121fdf2c4d5abceda72
SHA256 c4321f52b080b008bf60a9c3981d20ad81c116f582fdfd89a5395ab7c41c5dfd
SHA512 7f62fb57b2d71859321ce2b8dbde443e8559dd38f83f3eeeeda825bf6821cfa8db6b8cccfd451efb1e652bd56b659757786916cca62711067d2fbc451c357469

Analysis: behavioral20

Detonation Overview

Submitted

2025-01-18 02:38

Reported

2025-01-18 02:41

Platform

win10v2004-20241007-en

Max time kernel

95s

Max time network

100s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\PS3 Injector\XRPC.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\PS3 Injector\XRPC.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 8.153.16.2.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 7.98.22.2.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2025-01-18 02:38

Reported

2025-01-18 02:41

Platform

win10v2004-20241007-en

Max time kernel

94s

Max time network

149s

Command Line

C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\Readme.txt"

Signatures

N/A

Processes

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\Readme.txt"

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 245.131.30.184.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 167.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2025-01-18 02:38

Reported

2025-01-18 02:41

Platform

win7-20240903-en

Max time kernel

119s

Max time network

120s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\Themes\Blood Theme\config.gsc"

Signatures

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_Classes\Local Settings C:\Windows\system32\rundll32.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\Themes\Blood Theme\config.gsc"

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\Themes\Blood Theme\config.gsc

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\Themes\Blood Theme\config.gsc"

Network

N/A

Files

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

MD5 ef57041f731de757cd544027ceeb4e99
SHA1 d7756bd49bd203a0b19dbbcc7865b723f2fbdf96
SHA256 4573892172fe44c4ea07ab27dd31bd2b88d0da0dc2bbadaf6655ba99535d7023
SHA512 006c30d2324dec3329c7e54be685ca68cefca26b398893567dedc06f250b46f8bff81348d0ce3fae248087f807b36a43c218f6186383e72193bef8473044bfff