Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1790s -
max time network
1561s -
platform
windows7_x64 -
resource
win7-20231215-de -
resource tags
arch:x64arch:x86image:win7-20231215-delocale:de-deos:windows7-x64systemwindows -
submitted
06/01/2024, 19:47
Static task
static1
Behavioral task
behavioral1
Sample
CheatEngine75.exe
Resource
win7-20231215-de
General
-
Target
CheatEngine75.exe
-
Size
3.1MB
-
MD5
609fea742d34dc1d53f0eeb4873b1a0a
-
SHA1
3232c52da3cb8f47a870162a35cdd75fcae60aea
-
SHA256
e2e15826b69778e381f25ac8f2b109a377b23f7cf79b5f482e81f4d28c30f95e
-
SHA512
27da89901268d153fd7158162fc8f2f3b99ec9a4aa24c281f93b500466552af776b00f0a33182386a62934c3e553561cbc23d3f5ebb0ea0366c04e046e1bcc90
-
SSDEEP
98304:wSiW4opH4opH4op4U9tNz9RGa/xlbLP/h4:ZDBDBD1t3Hbb+
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1636 CheatEngine75.tmp -
Loads dropped DLL 3 IoCs
pid Process 2320 CheatEngine75.exe 1636 CheatEngine75.tmp 1636 CheatEngine75.tmp -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1636 CheatEngine75.tmp -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2320 wrote to memory of 1636 2320 CheatEngine75.exe 18 PID 2320 wrote to memory of 1636 2320 CheatEngine75.exe 18 PID 2320 wrote to memory of 1636 2320 CheatEngine75.exe 18 PID 2320 wrote to memory of 1636 2320 CheatEngine75.exe 18 PID 2320 wrote to memory of 1636 2320 CheatEngine75.exe 18 PID 2320 wrote to memory of 1636 2320 CheatEngine75.exe 18 PID 2320 wrote to memory of 1636 2320 CheatEngine75.exe 18
Processes
-
C:\Users\Admin\AppData\Local\Temp\CheatEngine75.exe"C:\Users\Admin\AppData\Local\Temp\CheatEngine75.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2320 -
C:\Users\Admin\AppData\Local\Temp\is-5ADP8.tmp\CheatEngine75.tmp"C:\Users\Admin\AppData\Local\Temp\is-5ADP8.tmp\CheatEngine75.tmp" /SL5="$4011C,2335682,780800,C:\Users\Admin\AppData\Local\Temp\CheatEngine75.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:1636
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
258KB
MD56b7cb2a5a8b301c788c3792802696fe8
SHA1da93950273b0c256dab64bb3bb755ac7c14f17f3
SHA2563eed2e41bc6ca0ae9a5d5ee6d57ca727e5cba6ac8e8c5234ac661f9080cedadf
SHA5124183dbb8fd7de5fd5526a79b62e77fc30b8d1ec34ebaa3793b4f28beb36124084533e08b595f77305522bc847edfed1f9388c0d2ece66e6ac8acb7049b48ee86
-
Filesize
1.9MB
MD5e34503f6d20a184fda9192302427b259
SHA17e7203e5ba234418e29477dfd12757774ddcd334
SHA2567feceb01c10127e3b8a06475c88b0df2d5d78e9ae3ddba310cc2d15c4416d800
SHA512a2722ac8ac01aad79a60f532e7a750a020609dededea046881f2cc2d499a21d618037061843c7edc904b9bad08c4394fec61d52c996d3a31228f2eb41fefbd57
-
Filesize
37KB
MD567965a5957a61867d661f05ae1f4773e
SHA1f14c0a4f154dc685bb7c65b2d804a02a0fb2360d
SHA256450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105
SHA512c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b
-
Filesize
1.1MB
MD577e92cb89c9cacb95bb77048a904096e
SHA1791ab822a5db7ef8d7da258bc3bd0616a78e9398
SHA256c370c6ea2803ece25ed87e7bb28c6783cee8d7e8147df8db9e2d0563bf3111f4
SHA5126933ed9cbcce0ff9e67e283fce4dee86f54b38bde993ec4959935063ed3e36a03c9e3de293641d574c8793026d3159e642006f4f811455d98b66f7ea27161841
-
Filesize
2.4MB
MD5e889b5171611f88d467e6072a067e08e
SHA19d1b7a47b2f5a99a3323ef712dfdcca30bef9615
SHA256fe7f0606223c340dbbd93224663f84bdd8cef8a5c25625344083b7d1eb3541bd
SHA512cf516afa17b78c61bd75b40754d1ecbf362ca39ff763cf8b600f3e8495cfd356034eae164d37e0cfa3b131e7b58f9d2b23deb5079626242475f92ccfbbfaabda