e2e15826b69778e381f25ac8f2b109a377b23f7cf79b5f482e81f4d28c30f95e

Analysis

max time kernel
1790s
max time network
1561s
platform
windows7_x64
resource
win7-20231215-de
resource tags

arch:x64arch:x86image:win7-20231215-delocale:de-deos:windows7-x64systemwindows
submitted
06/01/2024, 19:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CheatEngine75.exe
Size

3.1MB
MD5

609fea742d34dc1d53f0eeb4873b1a0a
SHA1

3232c52da3cb8f47a870162a35cdd75fcae60aea
SHA256

e2e15826b69778e381f25ac8f2b109a377b23f7cf79b5f482e81f4d28c30f95e
SHA512

27da89901268d153fd7158162fc8f2f3b99ec9a4aa24c281f93b500466552af776b00f0a33182386a62934c3e553561cbc23d3f5ebb0ea0366c04e046e1bcc90
SSDEEP

98304:wSiW4opH4opH4op4U9tNz9RGa/xlbLP/h4:ZDBDBD1t3Hbb+

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1636	CheatEngine75.tmp

Loads dropped DLL 3 IoCs

pid	Process
2320	CheatEngine75.exe
1636	CheatEngine75.tmp
1636	CheatEngine75.tmp

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1636	CheatEngine75.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 1636	2320	CheatEngine75.exe	18
PID 2320 wrote to memory of 1636	2320	CheatEngine75.exe	18
PID 2320 wrote to memory of 1636	2320	CheatEngine75.exe	18
PID 2320 wrote to memory of 1636	2320	CheatEngine75.exe	18
PID 2320 wrote to memory of 1636	2320	CheatEngine75.exe	18
PID 2320 wrote to memory of 1636	2320	CheatEngine75.exe	18
PID 2320 wrote to memory of 1636	2320	CheatEngine75.exe	18

C:\Users\Admin\AppData\Local\Temp\CheatEngine75.exe
"C:\Users\Admin\AppData\Local\Temp\CheatEngine75.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Users\Admin\AppData\Local\Temp\is-5ADP8.tmp\CheatEngine75.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-5ADP8.tmp\CheatEngine75.tmp" /SL5="$4011C,2335682,780800,C:\Users\Admin\AppData\Local\Temp\CheatEngine75.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-4Q30V.tmp\logo.png

Filesize
258KB

MD5
6b7cb2a5a8b301c788c3792802696fe8

SHA1
da93950273b0c256dab64bb3bb755ac7c14f17f3

SHA256
3eed2e41bc6ca0ae9a5d5ee6d57ca727e5cba6ac8e8c5234ac661f9080cedadf

SHA512
4183dbb8fd7de5fd5526a79b62e77fc30b8d1ec34ebaa3793b4f28beb36124084533e08b595f77305522bc847edfed1f9388c0d2ece66e6ac8acb7049b48ee86

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5ADP8.tmp\CheatEngine75.tmp

Filesize
1.9MB

MD5
e34503f6d20a184fda9192302427b259

SHA1
7e7203e5ba234418e29477dfd12757774ddcd334

SHA256
7feceb01c10127e3b8a06475c88b0df2d5d78e9ae3ddba310cc2d15c4416d800

SHA512
a2722ac8ac01aad79a60f532e7a750a020609dededea046881f2cc2d499a21d618037061843c7edc904b9bad08c4394fec61d52c996d3a31228f2eb41fefbd57

Download Submit
\Users\Admin\AppData\Local\Temp\is-4Q30V.tmp\botva2.dll

Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
\Users\Admin\AppData\Local\Temp\is-4Q30V.tmp\zbShieldUtils.dll

Filesize
1.1MB

MD5
77e92cb89c9cacb95bb77048a904096e

SHA1
791ab822a5db7ef8d7da258bc3bd0616a78e9398

SHA256
c370c6ea2803ece25ed87e7bb28c6783cee8d7e8147df8db9e2d0563bf3111f4

SHA512
6933ed9cbcce0ff9e67e283fce4dee86f54b38bde993ec4959935063ed3e36a03c9e3de293641d574c8793026d3159e642006f4f811455d98b66f7ea27161841

Download Submit
\Users\Admin\AppData\Local\Temp\is-5ADP8.tmp\CheatEngine75.tmp

Filesize
2.4MB

MD5
e889b5171611f88d467e6072a067e08e

SHA1
9d1b7a47b2f5a99a3323ef712dfdcca30bef9615

SHA256
fe7f0606223c340dbbd93224663f84bdd8cef8a5c25625344083b7d1eb3541bd

SHA512
cf516afa17b78c61bd75b40754d1ecbf362ca39ff763cf8b600f3e8495cfd356034eae164d37e0cfa3b131e7b58f9d2b23deb5079626242475f92ccfbbfaabda

Download Submit
memory/1636-21-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1636-18-0x0000000000400000-0x00000000006EE000-memory.dmp

Filesize
2.9MB

Download
memory/1636-20-0x0000000000400000-0x00000000006EE000-memory.dmp

Filesize
2.9MB

Download
memory/1636-25-0x0000000000400000-0x00000000006EE000-memory.dmp

Filesize
2.9MB

Download
memory/1636-28-0x0000000000400000-0x00000000006EE000-memory.dmp

Filesize
2.9MB

Download
memory/1636-32-0x0000000003DC0000-0x0000000003DCF000-memory.dmp

Filesize
60KB

Download
memory/1636-8-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1636-39-0x0000000000400000-0x00000000006EE000-memory.dmp

Filesize
2.9MB

Download
memory/1636-40-0x0000000003DC0000-0x0000000003DCF000-memory.dmp

Filesize
60KB

Download
memory/2320-1-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/2320-17-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads