543a201d0a4ab2e487db61022719c3ccb74054c42f851b1582f41b2146c8ffa2 | Triage

Analysis

max time kernel
33s
max time network
39s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2023, 22:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

CS2 Bhop_[unknowncheats.me]_.exe
Size

444KB
MD5

ddfda1f4f000dd283aeacf61bbf09e94
SHA1

dece52d7bcb5b25c216fc5b5edd66a80c2cac1e5
SHA256

543a201d0a4ab2e487db61022719c3ccb74054c42f851b1582f41b2146c8ffa2
SHA512

7a5f0cf34b84fec3774be35ea2f9f6e14414da692c6d8c66c7cf7be2d80a4243e058c488b74b7b7be0fb6bfa434d50f8e6a8e3ad45cba47c1309a554b6535c9e
SSDEEP

12288:ofsVoCyy14HcQCOLD/JsShH2gTy88V9ibL:o0VoCdkcQhbF7yg

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1192-0-0x00007FF7CF750000-0x00007FF7CF85B000-memory.dmp	upx
behavioral2/memory/1192-1-0x00007FF7CF750000-0x00007FF7CF85B000-memory.dmp	upx
behavioral2/memory/1192-2-0x00007FF7CF750000-0x00007FF7CF85B000-memory.dmp	upx
behavioral2/memory/1192-3-0x00007FF7CF750000-0x00007FF7CF85B000-memory.dmp	upx

AutoIT Executable 3 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral2/memory/1192-1-0x00007FF7CF750000-0x00007FF7CF85B000-memory.dmp	autoit_exe
behavioral2/memory/1192-2-0x00007FF7CF750000-0x00007FF7CF85B000-memory.dmp	autoit_exe
behavioral2/memory/1192-3-0x00007FF7CF750000-0x00007FF7CF85B000-memory.dmp	autoit_exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1192	CS2 Bhop_[unknowncheats.me]_.exe
1192	CS2 Bhop_[unknowncheats.me]_.exe
1192	CS2 Bhop_[unknowncheats.me]_.exe
1192	CS2 Bhop_[unknowncheats.me]_.exe
1192	CS2 Bhop_[unknowncheats.me]_.exe
1192	CS2 Bhop_[unknowncheats.me]_.exe
1192	CS2 Bhop_[unknowncheats.me]_.exe
1192	CS2 Bhop_[unknowncheats.me]_.exe
1192	CS2 Bhop_[unknowncheats.me]_.exe
1192	CS2 Bhop_[unknowncheats.me]_.exe

C:\Users\Admin\AppData\Local\Temp\CS2 Bhop_[unknowncheats.me]_.exe
"C:\Users\Admin\AppData\Local\Temp\CS2 Bhop_[unknowncheats.me]_.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1192-0-0x00007FF7CF750000-0x00007FF7CF85B000-memory.dmp

Filesize
1.0MB

Download
memory/1192-1-0x00007FF7CF750000-0x00007FF7CF85B000-memory.dmp

Filesize
1.0MB

Download
memory/1192-2-0x00007FF7CF750000-0x00007FF7CF85B000-memory.dmp

Filesize
1.0MB

Download
memory/1192-3-0x00007FF7CF750000-0x00007FF7CF85B000-memory.dmp

Filesize
1.0MB

Download