33b2a709f8aa6cab3f9304db9d4a3e23d6b3c035857ff7dbc1b3295e4a6b4002

Analysis

max time kernel
49s
max time network
152s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
09/06/2023, 09:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OrangenWare Lite/Cheat/Orangenware_Lite.exe
Size

391KB
MD5

aa7c1ce89bbd14a9a19a8cc20b96b57e
SHA1

44f27c8fdb59a50598a4f40898d811de66681f32
SHA256

d2e7d126239c75cee59b51b2aa6b2e008e2cd5d0bb452631661d22ff2472986c
SHA512

b503dbf09df2e5b458f491983352f7999343f11d5bd96c68c8b40a56f297989ce637a7dfb8148c5d92ef25f0b45626f6afdaccaec826621de07e4785ecf340c9
SSDEEP

6144:om0kWuQLy3UShr4YTcWI9ArPhMGAIIvYAYP1mAinQx35lA3xC552TUqeM9IUukRb:om0kdr5cA7JJtNUxCj2AqeMQmMn

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 420 wrote to memory of 4852	420	Orangenware_Lite.exe	67
PID 420 wrote to memory of 4852	420	Orangenware_Lite.exe	67
PID 420 wrote to memory of 4932	420	Orangenware_Lite.exe	68
PID 420 wrote to memory of 4932	420	Orangenware_Lite.exe	68
PID 420 wrote to memory of 4268	420	Orangenware_Lite.exe	69
PID 420 wrote to memory of 4268	420	Orangenware_Lite.exe	69
PID 420 wrote to memory of 3528	420	Orangenware_Lite.exe	70
PID 420 wrote to memory of 3528	420	Orangenware_Lite.exe	70
PID 420 wrote to memory of 2124	420	Orangenware_Lite.exe	71
PID 420 wrote to memory of 2124	420	Orangenware_Lite.exe	71
PID 420 wrote to memory of 2180	420	Orangenware_Lite.exe	72
PID 420 wrote to memory of 2180	420	Orangenware_Lite.exe	72
PID 420 wrote to memory of 2980	420	Orangenware_Lite.exe	73
PID 420 wrote to memory of 2980	420	Orangenware_Lite.exe	73
PID 420 wrote to memory of 4084	420	Orangenware_Lite.exe	74
PID 420 wrote to memory of 4084	420	Orangenware_Lite.exe	74
PID 420 wrote to memory of 744	420	Orangenware_Lite.exe	75
PID 420 wrote to memory of 744	420	Orangenware_Lite.exe	75
PID 420 wrote to memory of 3516	420	Orangenware_Lite.exe	76
PID 420 wrote to memory of 3516	420	Orangenware_Lite.exe	76
PID 420 wrote to memory of 4044	420	Orangenware_Lite.exe	77
PID 420 wrote to memory of 4044	420	Orangenware_Lite.exe	77
PID 420 wrote to memory of 4292	420	Orangenware_Lite.exe	78
PID 420 wrote to memory of 4292	420	Orangenware_Lite.exe	78
PID 420 wrote to memory of 2752	420	Orangenware_Lite.exe	79
PID 420 wrote to memory of 2752	420	Orangenware_Lite.exe	79
PID 420 wrote to memory of 2732	420	Orangenware_Lite.exe	80
PID 420 wrote to memory of 2732	420	Orangenware_Lite.exe	80

C:\Users\Admin\AppData\Local\Temp\OrangenWare Lite\Cheat\Orangenware_Lite.exe
"C:\Users\Admin\AppData\Local\Temp\OrangenWare Lite\Cheat\Orangenware_Lite.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:420
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4852
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4932
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4268
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3528
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2124
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2180
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2980
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4084
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:744
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3516
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4044
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4292
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2752
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/420-118-0x000002B855D90000-0x000002B855D91000-memory.dmp

Filesize
4KB

Download
memory/420-119-0x000002B855D90000-0x000002B855D91000-memory.dmp

Filesize
4KB

Download
memory/420-117-0x000002B855D90000-0x000002B855D91000-memory.dmp

Filesize
4KB

Download
memory/420-120-0x000002B855D90000-0x000002B855D91000-memory.dmp

Filesize
4KB

Download
memory/420-121-0x000002B855D90000-0x000002B855D91000-memory.dmp

Filesize
4KB

Download
memory/420-122-0x000002B855D90000-0x000002B855D91000-memory.dmp

Filesize
4KB

Download
memory/420-123-0x000002B855D90000-0x000002B855D91000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads