Overview
overview
10Static
static
10SS Tool [E....3.exe
windows7-x64
5SS Tool [E....3.exe
windows10-2004-x64
5SS Tool [E...or.exe
windows7-x64
5SS Tool [E...or.exe
windows10-2004-x64
5SS Tool [E...ng.exe
windows7-x64
7SS Tool [E...ng.exe
windows10-2004-x64
7$PLUGINSDI...ng.exe
windows7-x64
3$PLUGINSDI...ng.exe
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3SS Tool [E...ui.jar
windows7-x64
1SS Tool [E...ui.jar
windows10-2004-x64
7SS Tool [E...er.exe
windows7-x64
7SS Tool [E...er.exe
windows10-2004-x64
7SS Tool [E...or.exe
windows7-x64
3SS Tool [E...or.exe
windows10-2004-x64
3SS Tool [E...ew.exe
windows7-x64
9SS Tool [E...ew.exe
windows10-2004-x64
9SS Tool [E...st.jar
windows7-x64
1SS Tool [E...st.jar
windows10-2004-x64
7SS Tool [E...ew.chm
windows7-x64
1SS Tool [E...ew.chm
windows10-2004-x64
1SS Tool [E...ew.exe
windows7-x64
4SS Tool [E...ew.exe
windows10-2004-x64
4SS Tool [E...ch.lnk
windows7-x64
3SS Tool [E...ch.lnk
windows10-2004-x64
3SS Tool [E...IN.lnk
windows7-x64
3SS Tool [E...IN.lnk
windows10-2004-x64
3Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
23-05-2024 05:07
Behavioral task
behavioral1
Sample
SS Tool [Extract]/Applications/Bucky Roberts 3.3.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
SS Tool [Extract]/Applications/Bucky Roberts 3.3.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
SS Tool [Extract]/Applications/CheatDetector.exe
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
SS Tool [Extract]/Applications/CheatDetector.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
SS Tool [Extract]/Applications/Everything.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
SS Tool [Extract]/Applications/Everything.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/Everything/Everything.exe
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/Everything/Everything.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240220-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240215-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral15
Sample
SS Tool [Extract]/Applications/JDGui.jar
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
SS Tool [Extract]/Applications/JDGui.jar
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
SS Tool [Extract]/Applications/ProcessHacker.exe
Resource
win7-20231129-en
Behavioral task
behavioral18
Sample
SS Tool [Extract]/Applications/ProcessHacker.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral19
Sample
SS Tool [Extract]/Applications/Schematica Reach Detector.exe
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
SS Tool [Extract]/Applications/Schematica Reach Detector.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
SS Tool [Extract]/Applications/USBDeview.exe
Resource
win7-20240220-en
Behavioral task
behavioral22
Sample
SS Tool [Extract]/Applications/USBDeview.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral23
Sample
SS Tool [Extract]/Applications/Xray Pack Test.jar
Resource
win7-20240215-en
Behavioral task
behavioral24
Sample
SS Tool [Extract]/Applications/Xray Pack Test.jar
Resource
win10v2004-20240426-en
Behavioral task
behavioral25
Sample
SS Tool [Extract]/LastActivityViewer/LastActivityView.chm
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
SS Tool [Extract]/LastActivityViewer/LastActivityView.chm
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
SS Tool [Extract]/LastActivityViewer/LastActivityView.exe
Resource
win7-20240508-en
Behavioral task
behavioral28
Sample
SS Tool [Extract]/LastActivityViewer/LastActivityView.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
SS Tool [Extract]/Shortcuts/Prefetch.lnk
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
SS Tool [Extract]/Shortcuts/Prefetch.lnk
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
SS Tool [Extract]/Shortcuts/RECYCLE BIN.lnk
Resource
win7-20240508-en
Behavioral task
behavioral32
Sample
SS Tool [Extract]/Shortcuts/RECYCLE BIN.lnk
Resource
win10v2004-20240508-en
General
-
Target
SS Tool [Extract]/Applications/CheatDetector.exe
-
Size
183KB
-
MD5
ee9c8749cc266c1dd6a9e4cd6c383043
-
SHA1
98a9f8f9bd5c325c813e63f5596b6b84f9e32b72
-
SHA256
7cd1d198a0f047e3bebec1c1fbff331218f7c132f20a49413ee2048446808e2e
-
SHA512
28e5c1cc7f722b37f448fc1610fcab241a683bba147a27e5e3911d7b4a24fd710d41366469ffe2c824b7c5d9db9a545176f782328faee41e0336f205b941fd47
-
SSDEEP
3072:ui08qSCLfDE6VODGTk2Uu5Slpe2xrB7nn2igJfIV5yHQMHt:WvSCLfDfIGFUiUpeM4J0ywMHt
Malware Config
Signatures
-
Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs
Processes:
CheatDetector.exepid process 2116 CheatDetector.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
Processes:
CheatDetector.exepid process 2116 CheatDetector.exe 2116 CheatDetector.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
CheatDetector.exepid process 2116 CheatDetector.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
CheatDetector.exedescription pid process Token: SeDebugPrivilege 2116 CheatDetector.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
CheatDetector.exedescription pid process target process PID 2116 wrote to memory of 2188 2116 CheatDetector.exe CheatDetector.exe PID 2116 wrote to memory of 2188 2116 CheatDetector.exe CheatDetector.exe PID 2116 wrote to memory of 2188 2116 CheatDetector.exe CheatDetector.exe PID 2116 wrote to memory of 2188 2116 CheatDetector.exe CheatDetector.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\SS Tool [Extract]\Applications\CheatDetector.exe"C:\Users\Admin\AppData\Local\Temp\SS Tool [Extract]\Applications\CheatDetector.exe"1⤵
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2116 -
C:\Users\Admin\AppData\Local\Temp\SS Tool [Extract]\Applications\CheatDetector.exe"C:\Users\Admin\AppData\Local\Temp\SS Tool [Extract]\Applications\CheatDetector.exe"2⤵PID:2188