Analysis

  • max time kernel
    17s
  • max time network
    31s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-03-2023 20:44

Errors

Reason
Machine shutdown

General

  • Target

    Install VALORANT.exe

  • Size

    66.1MB

  • MD5

    fa9763834a8a3f39afbbcbf775b71ea8

  • SHA1

    2a88d1871f25c475d5e670c266eb2acc9dc5e7bb

  • SHA256

    0bdc1bf1724e6e265599895c5ef0f0104e4cbb2f8c373abba5ed2111ba77b8af

  • SHA512

    4628cacb7fe7dfe01fdc04bd7c024c90df8a2e42ab54a534316ffbf65c6e6fe13806fb83fbba6dcd664a6daaff18825ee493cb3ed2fa9c3b4f8b9c8ca979e9d5

  • SSDEEP

    1572864:InRkzKSp8K0UNl/Ywrt9E7lzPF5KBBhDIVIbjUp1xDn:vNp8KnAtqBBhDIVNjr

Score
1/10

Malware Config

Signatures

  • Modifies data under HKEY_USERS 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Install VALORANT.exe
    "C:\Users\Admin\AppData\Local\Temp\Install VALORANT.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:628
    • C:\Users\Admin\AppData\Local\Temp\Install VALORANT.exe
      "C:\Users\Admin\AppData\Local\Temp\Install VALORANT.exe" --agent --riotclient-app-port=49744 --riotclient-auth-token=gEt715UrGv2GZa2l0nVpRg --app-root=C:/Users/Admin/AppData/Local/Temp "--data-root=C:/ProgramData/Riot Games/Metadata" "--update-root=C:/ProgramData/Riot Games/Metadata/Install VALORANT/Update" "--log-root=C:/Users/Admin/AppData/Local/Riot Games/Install VALORANT/Logs" "--user-data-root=C:/Users/Admin/AppData/Local/Riot Games/Install VALORANT" --session-id=15bef23e-8f0c-524e-b18e-5588cc92916c
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2088
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x4 /state0:0xa3992855 /state1:0x41c64e6d
    1⤵
    • Modifies data under HKEY_USERS
    • Suspicious use of SetWindowsHookEx
    PID:624

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Riot Games\machine.cfg
    Filesize

    39B

    MD5

    437094db3f8034a5e222405e50b00b6d

    SHA1

    bdc08071be41e8533aadf8d437cee081a07827a4

    SHA256

    ec1d67cb7abdc589fbbd543b2e487d0843b18b88240009befce4155dec90d830

    SHA512

    1253ca626a68931d2d53a88f3006c31c422dab4ed5d4e311b9bfaee441e54dc9120e67c2cfd159f2d2eea22bc849055cd4103bd40a10c01570f0b4f5b7e09e68