ebb5d35149b7de84c0483c9071d4412976796c0b76ede033d8b271b72b5eb64e

Analysis

max time kernel
118s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 14:34

Target

NovaClosetCheat.exe
Size

84.5MB
MD5

1c771b7beced636731f297820c9396b9
SHA1

b908ba323a605c723abb552218f4bb9d522ee75c
SHA256

ebb5d35149b7de84c0483c9071d4412976796c0b76ede033d8b271b72b5eb64e
SHA512

d0f223a711fd02b4df12d8baa32b4ba9e2cd153f2e5edde8524a9b049adf7ddf57240fde4bb6c30e1837910b5a261bafe793ca04935ab96c8393fab92c7f6594
SSDEEP

1572864:aiRiJDePU1e4iamkhLDyPl4QiZh3/tQE88nZGjSYukZg7jaE7pPZNl8W9hP50d:aiRj4e4iadhLDy943r/tQonZODzZgvli

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
564	NovaClosetCheat.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2856-0-0x000000013F480000-0x000000013F4E9000-memory.dmp	upx
behavioral1/memory/2856-1282-0x000000013F480000-0x000000013F4E9000-memory.dmp	upx
behavioral1/files/0x000400000001d9ba-1287.dat	upx
behavioral1/memory/564-1288-0x000000013F480000-0x000000013F4E9000-memory.dmp	upx
behavioral1/memory/564-1291-0x000000013F480000-0x000000013F4E9000-memory.dmp	upx
behavioral1/memory/2856-2575-0x000000013F480000-0x000000013F4E9000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2856 wrote to memory of 564	2856	NovaClosetCheat.exe	28
PID 2856 wrote to memory of 564	2856	NovaClosetCheat.exe	28
PID 2856 wrote to memory of 564	2856	NovaClosetCheat.exe	28

C:\Users\Admin\AppData\Local\Temp\NovaClosetCheat.exe
"C:\Users\Admin\AppData\Local\Temp\NovaClosetCheat.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2856
- C:\Users\Admin\AppData\Local\Temp\NovaClosetCheat.exe
  "C:\Users\Admin\AppData\Local\Temp\NovaClosetCheat.exe"
  2⤵
  - Loads dropped DLL
  PID:564

C:\Users\Admin\AppData\Local\Temp\_MEI28562\python311.dll

Filesize
1.6MB

MD5
527923fc1de5a440980010ea5a4aaba1

SHA1
ab2b5659b82a014e0804ab1a69412a465ae37d49

SHA256
d94637faaa6d0dbd87c7ad6193831af4553648f4c3024a8a8d8adf549f516c91

SHA512
51a67b02e49a36d11828831f334f4242dfa1c0ac557ed50892b5a7f4d6ff153edab5458c312e57d80ed1b40434037c75c9e933ccbf4a187ec57685bdb42cdfb6

Download Submit
memory/564-1288-0x000000013F480000-0x000000013F4E9000-memory.dmp

Filesize
420KB

Download
memory/564-1290-0x000007FEF58D0000-0x000007FEF5EB8000-memory.dmp

Filesize
5.9MB

Download
memory/564-1291-0x000000013F480000-0x000000013F4E9000-memory.dmp

Filesize
420KB

Download
memory/2856-0-0x000000013F480000-0x000000013F4E9000-memory.dmp

Filesize
420KB

Download
memory/2856-1282-0x000000013F480000-0x000000013F4E9000-memory.dmp

Filesize
420KB

Download
memory/2856-1286-0x0000000000310000-0x0000000000379000-memory.dmp

Filesize
420KB

Download
memory/2856-2575-0x000000013F480000-0x000000013F4E9000-memory.dmp

Filesize
420KB

Download