Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

Valorant C...ax.exe

windows7-x64

7

Valorant C...ax.exe

windows10-2004-x64

7

password.txt

windows7-x64

1

password.txt

windows10-2004-x64

1

Analysis

  • max time kernel
    52s
  • max time network
    37s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    15/03/2023, 20:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Valorant Checker by Xinax.exe

  • Size

    2.0MB

  • MD5

    91061e34a8dbc6156e3fa75dc322e4b0

  • SHA1

    628a4c88f0a3823e07ae055df36bae6b36049419

  • SHA256

    68e98c4079707047d46a02729663551e5eafb34e76bccd018d0beee25dc70ed0

  • SHA512

    6029bed5c4486d0ff4bc348eb924cc9901d57d6781af818b5add937a55fc5cc9acfdc1a7dd01021de13d0e685d3f71bc865730fcd2f47e92797de29413aaaf22

  • SSDEEP

    49152:IBJgkNXymHeCn46zWhYhJseQLTKNWAGM9SwE:yWkxddnK+OiUAGMw

Score
7/10

Malware Config

Signatures

  • .NET Reactor proctector 8 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Drops startup file 2 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 8 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Kills process with taskkill 1 IoCs
    evasion
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Valorant Checker by Xinax.exe
    "C:\Users\Admin\AppData\Local\Temp\Valorant Checker by Xinax.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1488
    • C:\Users\Admin\AppData\Local\Temp\RarSFX0\Valorant Checker by Xinax.exe
      "C:\Users\Admin\AppData\Local\Temp\RarSFX0\Valorant Checker by Xinax.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:484
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmpB50E.tmp.bat
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1092
        • C:\Windows\SysWOW64\chcp.com
          chcp 65001
          4⤵
            PID:2012
          • C:\Windows\SysWOW64\taskkill.exe
            TaskKill /F /IM 484
            4⤵
            • Kills process with taskkill
            • Suspicious use of AdjustPrivilegeToken
            PID:888
          • C:\Windows\SysWOW64\timeout.exe
            Timeout /T 2 /Nobreak
            4⤵
            • Delays execution with timeout.exe
            PID:568
      • C:\Users\Admin\AppData\Local\Temp\RarSFX0\Valorant_Checker by Xinax.exe
        "C:\Users\Admin\AppData\Local\Temp\RarSFX0\Valorant_Checker by Xinax.exe"
        2⤵
        • Drops startup file
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:1840
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:1456
      • C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\AUDIODG.EXE 0x568
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:268

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\RarSFX0\Valorant Checker by Xinax.exe
        Filesize

        1.8MB

        MD5

        13c6d746798d94c90d5a96cf72f61a6b

        SHA1

        18624a712489d513855bb7f5c482af2ce5165aa5

        SHA256

        63d9faf84349fd5984937713409c3afc6c3150b6a0d18909031e1022b45fa28a

        SHA512

        034d653db4ef1167c29170795bc7482f667c9b8b0cb8f63e211631239c666acf650d20976bfe4ffbb550b8fbf7c704f3fd8e23bb5a666122fe88398f1fb1b071

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\RarSFX0\Valorant Checker by Xinax.exe
        Filesize

        1.8MB

        MD5

        13c6d746798d94c90d5a96cf72f61a6b

        SHA1

        18624a712489d513855bb7f5c482af2ce5165aa5

        SHA256

        63d9faf84349fd5984937713409c3afc6c3150b6a0d18909031e1022b45fa28a

        SHA512

        034d653db4ef1167c29170795bc7482f667c9b8b0cb8f63e211631239c666acf650d20976bfe4ffbb550b8fbf7c704f3fd8e23bb5a666122fe88398f1fb1b071

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\RarSFX0\Valorant Checker by Xinax.exe
        Filesize

        1.8MB

        MD5

        13c6d746798d94c90d5a96cf72f61a6b

        SHA1

        18624a712489d513855bb7f5c482af2ce5165aa5

        SHA256

        63d9faf84349fd5984937713409c3afc6c3150b6a0d18909031e1022b45fa28a

        SHA512

        034d653db4ef1167c29170795bc7482f667c9b8b0cb8f63e211631239c666acf650d20976bfe4ffbb550b8fbf7c704f3fd8e23bb5a666122fe88398f1fb1b071

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\RarSFX0\Valorant_Checker by Xinax.exe
        Filesize

        135KB

        MD5

        b03d6a21639e1221fba85ffe3d6355e7

        SHA1

        3f1e46f1b833d5598ceeaad293feec837fc4da57

        SHA256

        e809f5a609f862e6352337569249959867dea6a55ab3552f32d385e9c921ae0b

        SHA512

        e8715b273a90dd53557212685519297cb211a72400b52ff0d33141f0f6aeeb9e7c2bd4067069d132e532cfdee138d1444cd323fb6fdb8f6fdbdcefe366ad99f0

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\RarSFX0\Valorant_Checker by Xinax.exe
        Filesize

        135KB

        MD5

        b03d6a21639e1221fba85ffe3d6355e7

        SHA1

        3f1e46f1b833d5598ceeaad293feec837fc4da57

        SHA256

        e809f5a609f862e6352337569249959867dea6a55ab3552f32d385e9c921ae0b

        SHA512

        e8715b273a90dd53557212685519297cb211a72400b52ff0d33141f0f6aeeb9e7c2bd4067069d132e532cfdee138d1444cd323fb6fdb8f6fdbdcefe366ad99f0

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\RarSFX0\Valorant_Checker by Xinax.exe
        Filesize

        135KB

        MD5

        b03d6a21639e1221fba85ffe3d6355e7

        SHA1

        3f1e46f1b833d5598ceeaad293feec837fc4da57

        SHA256

        e809f5a609f862e6352337569249959867dea6a55ab3552f32d385e9c921ae0b

        SHA512

        e8715b273a90dd53557212685519297cb211a72400b52ff0d33141f0f6aeeb9e7c2bd4067069d132e532cfdee138d1444cd323fb6fdb8f6fdbdcefe366ad99f0

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\tmpB50E.tmp.bat
        Filesize

        56B

        MD5

        a97137e5681a993aca5d5da385941f9c

        SHA1

        9ba8d69d97888fa6137f48c6d1f60752bedba86b

        SHA256

        d1b1e7535a9bedad8ee5cc43099fe87cbe7990a84987de49f3a76d97c6925ae6

        SHA512

        2bae639aba1e726076b33b059aec3898ba2d8425c2aa793b2257deaa8beeff446bb6a4b849f9ea22bcb59308bf9b240b2b4927a99489b64ea13de256b4a64081

        Download Submit

      • \Users\Admin\AppData\Local\Temp\RarSFX0\Valorant Checker by Xinax.exe
        Filesize

        1.8MB

        MD5

        13c6d746798d94c90d5a96cf72f61a6b

        SHA1

        18624a712489d513855bb7f5c482af2ce5165aa5

        SHA256

        63d9faf84349fd5984937713409c3afc6c3150b6a0d18909031e1022b45fa28a

        SHA512

        034d653db4ef1167c29170795bc7482f667c9b8b0cb8f63e211631239c666acf650d20976bfe4ffbb550b8fbf7c704f3fd8e23bb5a666122fe88398f1fb1b071

        Download Submit

      • \Users\Admin\AppData\Local\Temp\RarSFX0\Valorant Checker by Xinax.exe
        Filesize

        1.8MB

        MD5

        13c6d746798d94c90d5a96cf72f61a6b

        SHA1

        18624a712489d513855bb7f5c482af2ce5165aa5

        SHA256

        63d9faf84349fd5984937713409c3afc6c3150b6a0d18909031e1022b45fa28a

        SHA512

        034d653db4ef1167c29170795bc7482f667c9b8b0cb8f63e211631239c666acf650d20976bfe4ffbb550b8fbf7c704f3fd8e23bb5a666122fe88398f1fb1b071

        Download Submit

      • \Users\Admin\AppData\Local\Temp\RarSFX0\Valorant Checker by Xinax.exe
        Filesize

        1.8MB

        MD5

        13c6d746798d94c90d5a96cf72f61a6b

        SHA1

        18624a712489d513855bb7f5c482af2ce5165aa5

        SHA256

        63d9faf84349fd5984937713409c3afc6c3150b6a0d18909031e1022b45fa28a

        SHA512

        034d653db4ef1167c29170795bc7482f667c9b8b0cb8f63e211631239c666acf650d20976bfe4ffbb550b8fbf7c704f3fd8e23bb5a666122fe88398f1fb1b071

        Download Submit

      • \Users\Admin\AppData\Local\Temp\RarSFX0\Valorant Checker by Xinax.exe
        Filesize

        1.8MB

        MD5

        13c6d746798d94c90d5a96cf72f61a6b

        SHA1

        18624a712489d513855bb7f5c482af2ce5165aa5

        SHA256

        63d9faf84349fd5984937713409c3afc6c3150b6a0d18909031e1022b45fa28a

        SHA512

        034d653db4ef1167c29170795bc7482f667c9b8b0cb8f63e211631239c666acf650d20976bfe4ffbb550b8fbf7c704f3fd8e23bb5a666122fe88398f1fb1b071

        Download Submit

      • \Users\Admin\AppData\Local\Temp\RarSFX0\Valorant_Checker by Xinax.exe
        Filesize

        135KB

        MD5

        b03d6a21639e1221fba85ffe3d6355e7

        SHA1

        3f1e46f1b833d5598ceeaad293feec837fc4da57

        SHA256

        e809f5a609f862e6352337569249959867dea6a55ab3552f32d385e9c921ae0b

        SHA512

        e8715b273a90dd53557212685519297cb211a72400b52ff0d33141f0f6aeeb9e7c2bd4067069d132e532cfdee138d1444cd323fb6fdb8f6fdbdcefe366ad99f0

        Download Submit

      • \Users\Admin\AppData\Local\Temp\RarSFX0\Valorant_Checker by Xinax.exe
        Filesize

        135KB

        MD5

        b03d6a21639e1221fba85ffe3d6355e7

        SHA1

        3f1e46f1b833d5598ceeaad293feec837fc4da57

        SHA256

        e809f5a609f862e6352337569249959867dea6a55ab3552f32d385e9c921ae0b

        SHA512

        e8715b273a90dd53557212685519297cb211a72400b52ff0d33141f0f6aeeb9e7c2bd4067069d132e532cfdee138d1444cd323fb6fdb8f6fdbdcefe366ad99f0

        Download Submit

      • \Users\Admin\AppData\Local\Temp\RarSFX0\Valorant_Checker by Xinax.exe
        Filesize

        135KB

        MD5

        b03d6a21639e1221fba85ffe3d6355e7

        SHA1

        3f1e46f1b833d5598ceeaad293feec837fc4da57

        SHA256

        e809f5a609f862e6352337569249959867dea6a55ab3552f32d385e9c921ae0b

        SHA512

        e8715b273a90dd53557212685519297cb211a72400b52ff0d33141f0f6aeeb9e7c2bd4067069d132e532cfdee138d1444cd323fb6fdb8f6fdbdcefe366ad99f0

        Download Submit

      • \Users\Admin\AppData\Local\Temp\RarSFX0\Valorant_Checker by Xinax.exe
        Filesize

        135KB

        MD5

        b03d6a21639e1221fba85ffe3d6355e7

        SHA1

        3f1e46f1b833d5598ceeaad293feec837fc4da57

        SHA256

        e809f5a609f862e6352337569249959867dea6a55ab3552f32d385e9c921ae0b

        SHA512

        e8715b273a90dd53557212685519297cb211a72400b52ff0d33141f0f6aeeb9e7c2bd4067069d132e532cfdee138d1444cd323fb6fdb8f6fdbdcefe366ad99f0

        Download Submit

      • memory/484-76-0x0000000000DD0000-0x0000000000E10000-memory.dmp

        Filesize

        256KB

        Download

      • memory/484-73-0x0000000000DD0000-0x0000000000E10000-memory.dmp

        Filesize

        256KB

        Download

      • memory/484-72-0x0000000000E20000-0x0000000000FF6000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/1840-94-0x0000000000180000-0x00000000001A8000-memory.dmp

        Filesize

        160KB

        Download

      • memory/1840-96-0x000000001ADB0000-0x000000001AE30000-memory.dmp

        Filesize

        512KB

        Download

      • memory/1840-97-0x00000000004F0000-0x00000000004F1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1840-98-0x000000001ADB0000-0x000000001AE30000-memory.dmp

        Filesize

        512KB

        Download