Overview
overview
10Static
static
1Raysen che...25.exe
windows7-x64
5Raysen che...25.exe
windows10-2004-x64
10Raysen che...te.dll
windows7-x64
1Raysen che...te.dll
windows10-2004-x64
1Raysen che...ig.cfg
windows7-x64
3Raysen che...ig.cfg
windows10-2004-x64
3Raysen che...ct.dll
windows7-x64
1Raysen che...ct.dll
windows10-2004-x64
1Raysen che...me.txt
windows7-x64
1Raysen che...me.txt
windows10-2004-x64
1Raysen cheat/x32.dll
windows7-x64
1Raysen cheat/x32.dll
windows10-2004-x64
1Raysen cheat/x64.dll
windows7-x64
1Raysen cheat/x64.dll
windows10-2004-x64
1Raysen cheat/xfeo.dll
windows7-x64
1Raysen cheat/xfeo.dll
windows10-2004-x64
1Analysis
-
max time kernel
2s -
max time network
3s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
24-02-2024 19:09
Static task
static1
Behavioral task
behavioral1
Sample
Raysen cheat/Raysen hack v4.25.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Raysen cheat/Raysen hack v4.25.exe
Resource
win10v2004-20240221-en
Behavioral task
behavioral3
Sample
Raysen cheat/auto-update.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Raysen cheat/auto-update.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral5
Sample
Raysen cheat/config.cfg
Resource
win7-20240215-en
Behavioral task
behavioral6
Sample
Raysen cheat/config.cfg
Resource
win10v2004-20240221-en
Behavioral task
behavioral7
Sample
Raysen cheat/inject.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
Raysen cheat/inject.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral9
Sample
Raysen cheat/read me.txt
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
Raysen cheat/read me.txt
Resource
win10v2004-20240221-en
Behavioral task
behavioral11
Sample
Raysen cheat/x32.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
Raysen cheat/x32.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral13
Sample
Raysen cheat/x64.dll
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
Raysen cheat/x64.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral15
Sample
Raysen cheat/xfeo.dll
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
Raysen cheat/xfeo.dll
Resource
win10v2004-20240221-en
General
-
Target
Raysen cheat/Raysen hack v4.25.exe
-
Size
305KB
-
MD5
f7fc7e0be60f31859d2bfe1472c3cb26
-
SHA1
cdf4aa531e78a37894437c7b2ea806946af4c696
-
SHA256
0d21e66230b0def998f6f6f648334444c8f9a2228833c800ef4477245b875fbf
-
SHA512
b2e81c4c6142d24ca8912b5f5b60a9ef8e1f73b5c016ee4e66cc938a67439d12ff6096e01cd9d1f605436b9ebaff11aef882f9e9a353eb599fb1fd67348eac5a
-
SSDEEP
6144:fLCBiGoKlMjSD1IohO98TrEjJWsOaJzEY1m3sK654i:jbDKmjSDagOCXEjwsHaY1+/c
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
Raysen hack v4.25.exedescription pid process target process PID 2180 set thread context of 2544 2180 Raysen hack v4.25.exe RegAsm.exe -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3020 2544 WerFault.exe RegAsm.exe -
Suspicious use of WriteProcessMemory 17 IoCs
Processes:
Raysen hack v4.25.exeRegAsm.exedescription pid process target process PID 2180 wrote to memory of 2544 2180 Raysen hack v4.25.exe RegAsm.exe PID 2180 wrote to memory of 2544 2180 Raysen hack v4.25.exe RegAsm.exe PID 2180 wrote to memory of 2544 2180 Raysen hack v4.25.exe RegAsm.exe PID 2180 wrote to memory of 2544 2180 Raysen hack v4.25.exe RegAsm.exe PID 2180 wrote to memory of 2544 2180 Raysen hack v4.25.exe RegAsm.exe PID 2180 wrote to memory of 2544 2180 Raysen hack v4.25.exe RegAsm.exe PID 2180 wrote to memory of 2544 2180 Raysen hack v4.25.exe RegAsm.exe PID 2180 wrote to memory of 2544 2180 Raysen hack v4.25.exe RegAsm.exe PID 2180 wrote to memory of 2544 2180 Raysen hack v4.25.exe RegAsm.exe PID 2180 wrote to memory of 2544 2180 Raysen hack v4.25.exe RegAsm.exe PID 2180 wrote to memory of 2544 2180 Raysen hack v4.25.exe RegAsm.exe PID 2180 wrote to memory of 2544 2180 Raysen hack v4.25.exe RegAsm.exe PID 2180 wrote to memory of 2544 2180 Raysen hack v4.25.exe RegAsm.exe PID 2544 wrote to memory of 3020 2544 RegAsm.exe WerFault.exe PID 2544 wrote to memory of 3020 2544 RegAsm.exe WerFault.exe PID 2544 wrote to memory of 3020 2544 RegAsm.exe WerFault.exe PID 2544 wrote to memory of 3020 2544 RegAsm.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Raysen cheat\Raysen hack v4.25.exe"C:\Users\Admin\AppData\Local\Temp\Raysen cheat\Raysen hack v4.25.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2180 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- Suspicious use of WriteProcessMemory
PID:2544 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 2563⤵
- Program crash
PID:3020
-
-