Windows Analysis Report
REDRAGON Gaming Mouse.exe

Overview

General Information

Sample Name: REDRAGON Gaming Mouse.exe
Analysis ID: 708245
MD5: 55fe4ee7603acfe95ac3da87f701ad05
SHA1: 0a924938d54dad52d00bfe8d4e09cc8fd9c92361
SHA256: 7e6c76db8bf23796814972eab33cdb4c1bb6ff7a7a0f705ae847f7ab49e3ea26
Infos:

Detection

Score: 12
Range: 0 - 100
Whitelisted: false
Confidence: 60%

Signatures

Obfuscated command line found
Uses 32bit PE files
Antivirus or Machine Learning detection for unpacked file
Sample file is different than original file name gathered from version info
PE file contains strange resources
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Creates files inside the system directory
Queries keyboard layouts
Found dropped PE file which has not been started or loaded
PE file contains executable resources (Code or Archives)

Classification

Antivirus or Machine Learning detection for unpacked file
Source: 1.2.REDRAGON Gaming Mouse.tmp.5057a70.0.unpack Avira: Label: TR/Patched.Ren.Gen
Uses 32bit PE files
Source: REDRAGON Gaming Mouse.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: REDRAGON Gaming Mouse.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: REDRAGON Gaming Mouse.tmp, 00000001.00000002.587017828.0000000005269000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://dejavu-fonts.org
Source: REDRAGON Gaming Mouse.exe, 00000000.00000003.310902377.000000007FD40000.00000004.00001000.00020000.00000000.sdmp, REDRAGON Gaming Mouse.exe, 00000000.00000003.310669381.0000000002370000.00000004.00001000.00020000.00000000.sdmp, REDRAGON Gaming Mouse.tmp, 00000001.00000000.312540941.0000000000401000.00000020.00000001.01000000.00000004.sdmp String found in binary or memory: http://www.innosetup.com/
Source: REDRAGON Gaming Mouse.exe String found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: REDRAGON Gaming Mouse.exe, 00000000.00000003.310902377.000000007FD40000.00000004.00001000.00020000.00000000.sdmp, REDRAGON Gaming Mouse.exe, 00000000.00000003.310669381.0000000002370000.00000004.00001000.00020000.00000000.sdmp, REDRAGON Gaming Mouse.tmp, 00000001.00000000.312540941.0000000000401000.00000020.00000001.01000000.00000004.sdmp String found in binary or memory: http://www.remobjects.com/ps
Uses 32bit PE files
Source: REDRAGON Gaming Mouse.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Sample file is different than original file name gathered from version info
Source: REDRAGON Gaming Mouse.exe, 00000000.00000003.310835868.00000000024D1000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameshfolder.dll~/ vs REDRAGON Gaming Mouse.exe
Source: REDRAGON Gaming Mouse.exe, 00000000.00000003.311170050.000000007FE9D000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameshfolder.dll~/ vs REDRAGON Gaming Mouse.exe
PE file contains strange resources
Source: REDRAGON Gaming Mouse.exe Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: REDRAGON Gaming Mouse.tmp.0.dr Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: REDRAGON Gaming Mouse.tmp.0.dr Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Creates files inside the system directory
Source: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp File created: C:\Windows\unins000.dat Jump to behavior
PE file contains executable resources (Code or Archives)
Source: REDRAGON Gaming Mouse.tmp.0.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: REDRAGON Gaming Mouse.tmp.0.dr Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: C:\Users\user\Desktop\REDRAGON Gaming Mouse.exe File read: C:\Users\user\Desktop\REDRAGON Gaming Mouse.exe Jump to behavior
Source: C:\Users\user\Desktop\REDRAGON Gaming Mouse.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\REDRAGON Gaming Mouse.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\REDRAGON Gaming Mouse.exe "C:\Users\user\Desktop\REDRAGON Gaming Mouse.exe"
Source: C:\Users\user\Desktop\REDRAGON Gaming Mouse.exe Process created: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp "C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp" /SL5="$4028C,19156318,421888,C:\Users\user\Desktop\REDRAGON Gaming Mouse.exe"
Source: C:\Users\user\Desktop\REDRAGON Gaming Mouse.exe Process created: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp "C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp" /SL5="$4028C,19156318,421888,C:\Users\user\Desktop\REDRAGON Gaming Mouse.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp File created: C:\Program Files (x86)\REDRAGON Gaming Mouse Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp File created: C:\Users\user\AppData\Local\Programs Jump to behavior
Source: C:\Users\user\Desktop\REDRAGON Gaming Mouse.exe File created: C:\Users\user\AppData\Local\Temp\is-LH247.tmp Jump to behavior
Source: REDRAGON Gaming Mouse.exe String found in binary or memory: /LOADINF="filename"
Source: classification engine Classification label: clean12.winEXE@3/796@0/0
Source: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp Automated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp Window found: window name: TMainForm Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: REDRAGON Gaming Mouse.exe Static file information: File size 19602731 > 1048576
Source: REDRAGON Gaming Mouse.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Data Obfuscation
barindex
Obfuscated command line found
Source: C:\Users\user\Desktop\REDRAGON Gaming Mouse.exe Process created: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp "C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp" /SL5="$4028C,19156318,421888,C:\Users\user\Desktop\REDRAGON Gaming Mouse.exe"
Source: C:\Users\user\Desktop\REDRAGON Gaming Mouse.exe Process created: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp "C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp" /SL5="$4028C,19156318,421888,C:\Users\user\Desktop\REDRAGON Gaming Mouse.exe" Jump to behavior
Drops PE files
Source: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp File created: C:\Users\user\AppData\Local\Temp\is-CRAFL.tmp\_isetup\_setup64.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp File created: C:\Windows\unins000.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp File created: C:\Windows\is-TLV8F.tmp Jump to dropped file
Source: C:\Users\user\Desktop\REDRAGON Gaming Mouse.exe File created: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp Jump to dropped file
Drops PE files to the windows directory (C:\Windows)
Source: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp File created: C:\Windows\unins000.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp File created: C:\Windows\is-TLV8F.tmp Jump to dropped file
Source: C:\Users\user\Desktop\REDRAGON Gaming Mouse.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Queries keyboard layouts
Source: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04090409 Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-CRAFL.tmp\_isetup\_setup64.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp Dropped PE file which has not been started: C:\Windows\unins000.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp Dropped PE file which has not been started: C:\Windows\is-TLV8F.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LH247.tmp\REDRAGON Gaming Mouse.tmp Process information queried: ProcessInformation Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 708245 Sample: REDRAGON Gaming Mouse.exe Startdate: 23/09/2022 Architecture: WINDOWS Score: 12 14 Obfuscated command line found 2->14 6 REDRAGON Gaming Mouse.exe 2 2->6         started        process3 file4 12 C:\Users\user\...\REDRAGON Gaming Mouse.tmp, PE32 6->12 dropped 16 Obfuscated command line found 6->16 10 REDRAGON Gaming Mouse.tmp 5 508 6->10         started        signatures5 process6
No contacted IP infos