Overview

overview

3

Static

static

3

ValorantAimbot.exe

windows7-x64

ValorantAimbot.exe

windows10-2004-x64

Analysis

  • max time kernel
    20s
  • max time network
    24s
  • platform
    windows7_x64
  • resource
    win7-20230621-en
  • resource tags

    arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
  • submitted
    27/06/2023, 04:29

Sharing

Copy URL Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    ValorantAimbot.exe

  • Size

    130KB

  • MD5

    c2b8f73cd3499ba4924660e056ea057a

  • SHA1

    42b7738039283379b3950dd6709f9a22f220b93f

  • SHA256

    dfd8631d100532fe58139b8bb90dd85dc42a2c563f7ec57289b440d011cacfa5

  • SHA512

    fbe55e1e3a28e165efa933dae837da832452937ee5a993d5b628f898c57b2c5dbe5d9ed3da28898bc5e036dcbe0c12713d5947aeaaac8597449f33b8234c9840

  • SSDEEP

    3072:i7DhdC6kzWypvaQ0FxyNTBflrZjuwh67h4mM05/:iBlkZvaF4NTBdrhF65vB

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ValorantAimbot.exe
    "C:\Users\Admin\AppData\Local\Temp\ValorantAimbot.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1308
    • C:\Windows\system32\cmd.exe
      "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\687.tmp\688.tmp\689.bat C:\Users\Admin\AppData\Local\Temp\ValorantAimbot.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1320
      • C:\Windows\system32\shutdown.exe
        shutdown -s -f -t 15 -c "HAHAHAHAHA HACKEADO BY N1TR0zzzz, todas suas senhas foram enviada a database"
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1104
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:296
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x1
      1⤵
        PID:1676

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\687.tmp\688.tmp\689.bat
              Filesize

              41KB

              MD5

              46848869f9bfcbd5383fb50632aed40c

              SHA1

              bb7f10e88900dadc9e074085a388f43a4f6c4635

              SHA256

              346f2a01ac715c941b2b938ab817786d7a17224a914007584fef91e678300b0b

              SHA512

              7363208958a8e23e21c1fc24e9e0428b9ce30df69c06ddc570dde3b4f35b3f891d7df31496535f2da75194b4024b87b0f5c0517e0e0ce1a0208f171a26390775

              Download Submit

            • memory/296-56-0x00000000028C0000-0x00000000028C1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1676-57-0x00000000026E0000-0x00000000026E1000-memory.dmp

              Filesize

              4KB

              Download