Overview
overview
10Static
static
1Raysen che...25.exe
windows7-x64
5Raysen che...25.exe
windows10-2004-x64
10Raysen che...te.dll
windows7-x64
1Raysen che...te.dll
windows10-2004-x64
1Raysen che...ig.cfg
windows7-x64
3Raysen che...ig.cfg
windows10-2004-x64
3Raysen che...ct.dll
windows7-x64
1Raysen che...ct.dll
windows10-2004-x64
1Raysen che...me.txt
windows7-x64
1Raysen che...me.txt
windows10-2004-x64
1Raysen cheat/x32.dll
windows7-x64
1Raysen cheat/x32.dll
windows10-2004-x64
1Raysen cheat/x64.dll
windows7-x64
1Raysen cheat/x64.dll
windows10-2004-x64
1Raysen cheat/xfeo.dll
windows7-x64
1Raysen cheat/xfeo.dll
windows10-2004-x64
1Analysis
-
max time kernel
97s -
max time network
117s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
24-02-2024 19:09
Static task
static1
Behavioral task
behavioral1
Sample
Raysen cheat/Raysen hack v4.25.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Raysen cheat/Raysen hack v4.25.exe
Resource
win10v2004-20240221-en
Behavioral task
behavioral3
Sample
Raysen cheat/auto-update.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Raysen cheat/auto-update.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral5
Sample
Raysen cheat/config.cfg
Resource
win7-20240215-en
Behavioral task
behavioral6
Sample
Raysen cheat/config.cfg
Resource
win10v2004-20240221-en
Behavioral task
behavioral7
Sample
Raysen cheat/inject.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
Raysen cheat/inject.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral9
Sample
Raysen cheat/read me.txt
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
Raysen cheat/read me.txt
Resource
win10v2004-20240221-en
Behavioral task
behavioral11
Sample
Raysen cheat/x32.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
Raysen cheat/x32.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral13
Sample
Raysen cheat/x64.dll
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
Raysen cheat/x64.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral15
Sample
Raysen cheat/xfeo.dll
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
Raysen cheat/xfeo.dll
Resource
win10v2004-20240221-en
General
-
Target
Raysen cheat/Raysen hack v4.25.exe
-
Size
305KB
-
MD5
f7fc7e0be60f31859d2bfe1472c3cb26
-
SHA1
cdf4aa531e78a37894437c7b2ea806946af4c696
-
SHA256
0d21e66230b0def998f6f6f648334444c8f9a2228833c800ef4477245b875fbf
-
SHA512
b2e81c4c6142d24ca8912b5f5b60a9ef8e1f73b5c016ee4e66cc938a67439d12ff6096e01cd9d1f605436b9ebaff11aef882f9e9a353eb599fb1fd67348eac5a
-
SSDEEP
6144:fLCBiGoKlMjSD1IohO98TrEjJWsOaJzEY1m3sK654i:jbDKmjSDagOCXEjwsHaY1+/c
Malware Config
Extracted
lumma
https://technologyenterdo.shop/api
https://detectordiscusser.shop/api
https://turkeyunlikelyofw.shop/api
https://associationokeo.shop/api
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
Raysen hack v4.25.exedescription pid process target process PID 1144 set thread context of 1252 1144 Raysen hack v4.25.exe RegAsm.exe -
Suspicious use of WriteProcessMemory 9 IoCs
Processes:
Raysen hack v4.25.exedescription pid process target process PID 1144 wrote to memory of 1252 1144 Raysen hack v4.25.exe RegAsm.exe PID 1144 wrote to memory of 1252 1144 Raysen hack v4.25.exe RegAsm.exe PID 1144 wrote to memory of 1252 1144 Raysen hack v4.25.exe RegAsm.exe PID 1144 wrote to memory of 1252 1144 Raysen hack v4.25.exe RegAsm.exe PID 1144 wrote to memory of 1252 1144 Raysen hack v4.25.exe RegAsm.exe PID 1144 wrote to memory of 1252 1144 Raysen hack v4.25.exe RegAsm.exe PID 1144 wrote to memory of 1252 1144 Raysen hack v4.25.exe RegAsm.exe PID 1144 wrote to memory of 1252 1144 Raysen hack v4.25.exe RegAsm.exe PID 1144 wrote to memory of 1252 1144 Raysen hack v4.25.exe RegAsm.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Raysen cheat\Raysen hack v4.25.exe"C:\Users\Admin\AppData\Local\Temp\Raysen cheat\Raysen hack v4.25.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1144 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵PID:1252
-