Overview

overview

7

Static

static

3

Cheat.zip

windows10-2004-x64

1

Cheat.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    1793s
  • max time network
    1168s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-12-2023 18:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Cheat.exe

  • Size

    29.6MB

  • MD5

    21f48fe74e4d8fe827f217bee2be54a7

  • SHA1

    476b1e86627c52edb9a133c1945598d1abaef2dd

  • SHA256

    e813b7ca003c8c13c0f1e9feb2e62190df2fb08b3ac3f5ecd30f3abc961232ce

  • SHA512

    d89c42d5a2b7a91b8b964405d685e8ce674c7474c9e7dfe1009aae4527ffcf8526c593d5aa0479df7b65bd253ba7f884912873dea605ccc650becdb3ae20c16c

  • SSDEEP

    786432:s+XVHW5Vlae8/M8WeQag3Z5ksG95EGNL1B4FMm:s8U5WRE8PQag3ZJM2GN8

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Cheat.exe
    "C:\Users\Admin\AppData\Local\Temp\Cheat.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4772
    • C:\Users\Admin\AppData\Local\Temp\is-4S6O6.tmp\Cheat.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-4S6O6.tmp\Cheat.tmp" /SL5="$10006A,30157316,832512,C:\Users\Admin\AppData\Local\Temp\Cheat.exe"
      2⤵
      • Executes dropped EXE
      PID:4636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-4S6O6.tmp\Cheat.tmp
    Filesize

    3.1MB

    MD5

    e78183c14ad34af5dce03b6ef88a90f2

    SHA1

    24b86455af4933549758e3e61eac080e71ff6d17

    SHA256

    c07e92fb65f7e27ed28250e7764aca3f366066228db9cc161ccb3af9bdf8015e

    SHA512

    2759590d95e3c7cd5af7a0c93b01629c902fd61306666b3a49950d9ce1111c6e3315f728fa48f4fd53a8e5cda27f9961aad3afc41adfe3c58efee6d1e6c4ef47

    Download Submit

  • memory/4636-6-0x0000000000D30000-0x0000000000D31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4636-9-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/4636-12-0x0000000000D30000-0x0000000000D31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4772-1-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

    Download

  • memory/4772-8-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

    Download