Overview
overview
10Static
static
1Raysen che...25.exe
windows7-x64
5Raysen che...25.exe
windows10-2004-x64
10Raysen che...te.dll
windows7-x64
1Raysen che...te.dll
windows10-2004-x64
1Raysen che...ig.cfg
windows7-x64
3Raysen che...ig.cfg
windows10-2004-x64
3Raysen che...ct.dll
windows7-x64
1Raysen che...ct.dll
windows10-2004-x64
1Raysen che...me.txt
windows7-x64
1Raysen che...me.txt
windows10-2004-x64
1Raysen cheat/x32.dll
windows7-x64
1Raysen cheat/x32.dll
windows10-2004-x64
1Raysen cheat/x64.dll
windows7-x64
1Raysen cheat/x64.dll
windows10-2004-x64
1Raysen cheat/xfeo.dll
windows7-x64
1Raysen cheat/xfeo.dll
windows10-2004-x64
1Analysis
-
max time kernel
120s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
24-02-2024 19:09
Static task
static1
Behavioral task
behavioral1
Sample
Raysen cheat/Raysen hack v4.25.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Raysen cheat/Raysen hack v4.25.exe
Resource
win10v2004-20240221-en
Behavioral task
behavioral3
Sample
Raysen cheat/auto-update.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Raysen cheat/auto-update.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral5
Sample
Raysen cheat/config.cfg
Resource
win7-20240215-en
Behavioral task
behavioral6
Sample
Raysen cheat/config.cfg
Resource
win10v2004-20240221-en
Behavioral task
behavioral7
Sample
Raysen cheat/inject.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
Raysen cheat/inject.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral9
Sample
Raysen cheat/read me.txt
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
Raysen cheat/read me.txt
Resource
win10v2004-20240221-en
Behavioral task
behavioral11
Sample
Raysen cheat/x32.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
Raysen cheat/x32.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral13
Sample
Raysen cheat/x64.dll
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
Raysen cheat/x64.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral15
Sample
Raysen cheat/xfeo.dll
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
Raysen cheat/xfeo.dll
Resource
win10v2004-20240221-en
General
-
Target
Raysen cheat/config.cfg
-
Size
65KB
-
MD5
4a5d9f854a06a62220952a0a3dc2f19f
-
SHA1
5b08204c2727c2ef2fbdd924e064c3a540367797
-
SHA256
100371c7a33b14982ef80580527ea4461e58112a78b9cdc86ae3bea0a8d790b9
-
SHA512
9cfd69c5f3bf5a8695ac70d4e1628b05c978b993896ab7a5db9cfb07e1b41115c053133a45d1b9efd38694745c286578d1deea73faedb902e2dc5d805ccbb49f
-
SSDEEP
48:yVVVVVAVVVVVAVVVVVAVVVVVAVVVVVAVVVVVAVVVVVAVVVVVAVVVVVAVVVVVAVV0:H
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
Processes:
rundll32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\cfg_auto_file rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\cfg_auto_file\ rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\.cfg\ = "cfg_auto_file" rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\cfg_auto_file\shell\Read\command rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\cfg_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_Classes\Local Settings rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\cfg_auto_file\shell\Read rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\cfg_auto_file\shell rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\.cfg rundll32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
AcroRd32.exepid process 2736 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
AcroRd32.exepid process 2736 AcroRd32.exe 2736 AcroRd32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
cmd.exerundll32.exedescription pid process target process PID 2792 wrote to memory of 2616 2792 cmd.exe rundll32.exe PID 2792 wrote to memory of 2616 2792 cmd.exe rundll32.exe PID 2792 wrote to memory of 2616 2792 cmd.exe rundll32.exe PID 2616 wrote to memory of 2736 2616 rundll32.exe AcroRd32.exe PID 2616 wrote to memory of 2736 2616 rundll32.exe AcroRd32.exe PID 2616 wrote to memory of 2736 2616 rundll32.exe AcroRd32.exe PID 2616 wrote to memory of 2736 2616 rundll32.exe AcroRd32.exe
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Raysen cheat\config.cfg"1⤵
- Suspicious use of WriteProcessMemory
PID:2792 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Raysen cheat\config.cfg2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2616 -
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Raysen cheat\config.cfg"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2736
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD52191738f8809edba5d47e3a72a9377ee
SHA13119b62106510ef301fbe8bae085235cf3cb32a7
SHA256da4184353035b62f4764947bd22ea079f5bcafeadde2cbfb80a5843d2202ff23
SHA51232f1f3627571fe1284f980f3645b68cb6cd6446811f6c6a57af07eb478f8fd57b01d6d3d38cd52d776abfb3ad7f9e305e09dac03e8a778c7cf895a0bd8eeba05