Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
20-04-2024 12:04
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
ExCheats Loader.exe
Resource
win7-20240221-en
6 signatures
150 seconds
General
-
Target
ExCheats Loader.exe
-
Size
454KB
-
MD5
b7f76ced093ca9f03e791a1aeb35ed16
-
SHA1
ad59e7878fe7c94341ee5dad7b3950d168d5a97b
-
SHA256
d49a64853d7fdb5d663df0941d5488cd6e080c07ea46f31a0326e2e0ab34f765
-
SHA512
23fd42c33e514c2f21d4ea7fa40c7d3bd94da1fb7bad693e9e3d080310e793b82f35eea8912f7c1619e4705cf4976f892d87955e5e9c7a95d80bf6e8f888a1a2
-
SSDEEP
6144:ejo7W76rH+prJpH0AY3DYu+e3i27figCzqIU6vdpgRNmeBKZ4cyox1ZS/n4FPCKv:ez76rH+prJpUpYRlq2ejIZNDE/8PfeE
Score
10/10
Malware Config
Signatures
-
Detect ZGRat V1 1 IoCs
Processes:
resource yara_rule behavioral1/memory/2952-0-0x0000000000ED0000-0x0000000000F44000-memory.dmp family_zgrat_v1 -
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/2952-0-0x0000000000ED0000-0x0000000000F44000-memory.dmp family_redline -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2928 2952 WerFault.exe ExCheats Loader.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
ExCheats Loader.exedescription pid process target process PID 2952 wrote to memory of 2928 2952 ExCheats Loader.exe WerFault.exe PID 2952 wrote to memory of 2928 2952 ExCheats Loader.exe WerFault.exe PID 2952 wrote to memory of 2928 2952 ExCheats Loader.exe WerFault.exe PID 2952 wrote to memory of 2928 2952 ExCheats Loader.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\ExCheats Loader.exe"C:\Users\Admin\AppData\Local\Temp\ExCheats Loader.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 922⤵
- Program crash
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2952-0-0x0000000000ED0000-0x0000000000F44000-memory.dmpFilesize
464KB