Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
28-04-2024 20:18
Static task
static1
Behavioral task
behavioral1
Sample
ExCheats Loader.exe
Resource
win7-20240221-en
windows7-x64
6 signatures
150 seconds
General
-
Target
ExCheats Loader.exe
-
Size
435KB
-
MD5
9faa97aeb1d886b560871f52c04e59e1
-
SHA1
a58886013917c1da279bad487d142a8e5b3f9090
-
SHA256
836cf0a0d86d4a83d9e019d6cbed76ba42d3c41dac9bdc10e7f983ff041343f4
-
SHA512
41317af2324638328c1fbeda8a8592e65aec52f0b474d45152ab5d8acb9ee69612c3a9cbe465bb40e0e1bc7ca2239bd92cd9ca9310ce13c6876f4973e61a8ddb
-
SSDEEP
12288:tcY4vVKJcADX6Fze2V4VoPU6Rzl7tQQLOGpP:gkqA+1ebVoll7nL3P
Score
10/10
Malware Config
Signatures
-
Detect ZGRat V1 1 IoCs
Processes:
resource yara_rule behavioral1/memory/2208-0-0x0000000000C20000-0x0000000000C8E000-memory.dmp family_zgrat_v1 -
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/2208-0-0x0000000000C20000-0x0000000000C8E000-memory.dmp family_redline -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1736 2208 WerFault.exe ExCheats Loader.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
ExCheats Loader.exedescription pid process target process PID 2208 wrote to memory of 1736 2208 ExCheats Loader.exe WerFault.exe PID 2208 wrote to memory of 1736 2208 ExCheats Loader.exe WerFault.exe PID 2208 wrote to memory of 1736 2208 ExCheats Loader.exe WerFault.exe PID 2208 wrote to memory of 1736 2208 ExCheats Loader.exe WerFault.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2208-0-0x0000000000C20000-0x0000000000C8E000-memory.dmpFilesize
440KB