General
-
Target
CheatEngine75.exe
-
Size
28.5MB
-
Sample
240515-w129msdg25
-
MD5
1e2b14c4f25f109717f8cab97a050bf6
-
SHA1
188cabf0640e0203fd9c2612586b78ce173f4fd7
-
SHA256
2cd9a8ef0b8cb972210c0ff94c510034435771420cf404d8db55ab2d1083299f
-
SHA512
2783e9c4254b04ba35114b673a62d48b720dab2cbd1e2419bc69581d40112a0a7c20531aa47e78d56f1886eb337f9151d1fb969ab26999b186be33254a3c717b
-
SSDEEP
786432:3TCxuEnwFho+zM77UDZiZCd08jFZJAI5E70TZFH0MU:32EXFhV0KAcNjxAItj0MU
Static task
static1
Behavioral task
behavioral1
Sample
CheatEngine75.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
CheatEngine75.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
CheatEngine75.exe
-
Size
28.5MB
-
MD5
1e2b14c4f25f109717f8cab97a050bf6
-
SHA1
188cabf0640e0203fd9c2612586b78ce173f4fd7
-
SHA256
2cd9a8ef0b8cb972210c0ff94c510034435771420cf404d8db55ab2d1083299f
-
SHA512
2783e9c4254b04ba35114b673a62d48b720dab2cbd1e2419bc69581d40112a0a7c20531aa47e78d56f1886eb337f9151d1fb969ab26999b186be33254a3c717b
-
SSDEEP
786432:3TCxuEnwFho+zM77UDZiZCd08jFZJAI5E70TZFH0MU:32EXFhV0KAcNjxAItj0MU
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Create or Modify System Process
1Windows Service
1Defense Evasion
Subvert Trust Controls
2SIP and Trust Provider Hijacking
1Install Root Certificate
1Modify Registry
4Impair Defenses
1File and Directory Permissions Modification
1Pre-OS Boot
1Bootkit
1