Analysis
-
max time kernel
30s -
max time network
33s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
15-04-2023 19:34
Static task
static1
Behavioral task
behavioral1
Sample
DotNetAobScanMemory.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
DotNetAobScanMemory.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
Guna.UI.dll
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
Guna.UI.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
SunCheats.exe
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
SunCheats.exe
Resource
win10v2004-20230220-en
General
-
Target
SunCheats.exe
-
Size
1.6MB
-
MD5
477094488967e80d71568a0d76c221c6
-
SHA1
e1ed6993f0ef04daa4d3ae5cea922632fbda02f6
-
SHA256
215835e8acc958790d5c37ac624b8c6fb561e4f1ec633f42bba5ab42c0c62b6b
-
SHA512
2625cd7b67ec9d0814d7a2c8fb7e0d79dfb29603a13c4713c751526424317096ed3c6934bc21dd2f2bb2698da9c50d65f3f4f17a1aee51aa8db7000bcaea35d5
-
SSDEEP
24576:E6sshLltYF/68ehLTwy/szmCQyNTv76R7bmFcH2j4N6ssiLm:EFshhtcinLTf/sHTeFsiy
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe 4900 SunCheats.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 4900 SunCheats.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 4900 SunCheats.exe 4900 SunCheats.exe