Overview
overview
5Static
static
3Steam chea...ok.dll
windows7-x64
1Steam chea...ok.dll
windows10-2004-x64
1Steam chea...64.dll
windows7-x64
1Steam chea...64.dll
windows10-2004-x64
1Steam chea...ok.dll
windows7-x64
1Steam chea...ok.dll
windows10-2004-x64
1Steam chea...64.dll
windows7-x64
1Steam chea...64.dll
windows10-2004-x64
1Steam chea...CE.exe
windows7-x64
5Steam chea...CE.exe
windows10-2004-x64
5Steam chea...PS.exe
windows7-x64
1Steam chea...PS.exe
windows10-2004-x64
1Steam chea...oup.js
windows7-x64
3Steam chea...oup.js
windows10-2004-x64
3Steam chea...ace.js
windows7-x64
3Steam chea...ace.js
windows10-2004-x64
3Steam chea...nfo.js
windows7-x64
3Steam chea...nfo.js
windows10-2004-x64
3Steam chea...rch.js
windows7-x64
3Steam chea...rch.js
windows10-2004-x64
3Steam chea...log.js
windows7-x64
3Steam chea...log.js
windows10-2004-x64
3Steam chea...ols.js
windows7-x64
3Steam chea...ols.js
windows10-2004-x64
3Steam chea...ave.js
windows7-x64
3Steam chea...ave.js
windows10-2004-x64
3Steam chea...yce.js
windows7-x64
3Steam chea...yce.js
windows10-2004-x64
3Steam chea...ian.js
windows7-x64
3Steam chea...ian.js
windows10-2004-x64
3Steam chea...are.js
windows7-x64
3Steam chea...are.js
windows10-2004-x64
3Analysis
-
max time kernel
149s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
29-05-2024 23:33
Static task
static1
Behavioral task
behavioral1
Sample
Steam cheat engine/Files cheat/CED3D10Hook.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral2
Sample
Steam cheat engine/Files cheat/CED3D10Hook.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Steam cheat engine/Files cheat/CED3D10Hook64.dll
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral4
Sample
Steam cheat engine/Files cheat/CED3D10Hook64.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Steam cheat engine/Files cheat/CED3D11Hook.dll
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral6
Sample
Steam cheat engine/Files cheat/CED3D11Hook.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Steam cheat engine/Files cheat/CED3D11Hook64.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral8
Sample
Steam cheat engine/Files cheat/CED3D11Hook64.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Steam cheat engine/Files cheat/Steam CE.exe
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral10
Sample
Steam cheat engine/Files cheat/Steam CE.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Steam cheat engine/Files cheat/Steam FPS.exe
Resource
win7-20240419-en
windows7-x64
Behavioral task
behavioral12
Sample
Steam cheat engine/Files cheat/Steam FPS.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Steam cheat engine/Files cheat/autorun/AddToNewGroup.js
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral14
Sample
Steam cheat engine/Files cheat/autorun/AddToNewGroup.js
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Steam cheat engine/Files cheat/autorun/DotNetInterface.js
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral16
Sample
Steam cheat engine/Files cheat/autorun/DotNetInterface.js
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Steam cheat engine/Files cheat/autorun/JavaInfo.js
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral18
Sample
Steam cheat engine/Files cheat/autorun/JavaInfo.js
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Steam cheat engine/Files cheat/autorun/JavaSearch.js
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral20
Sample
Steam cheat engine/Files cheat/autorun/JavaSearch.js
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Steam cheat engine/Files cheat/autorun/MethodInvokeDialog.js
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral22
Sample
Steam cheat engine/Files cheat/autorun/MethodInvokeDialog.js
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Steam cheat engine/Files cheat/autorun/andtools.js
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral24
Sample
Steam cheat engine/Files cheat/autorun/andtools.js
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Steam cheat engine/Files cheat/autorun/autosave.js
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral26
Sample
Steam cheat engine/Files cheat/autorun/autosave.js
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Steam cheat engine/Files cheat/autorun/babyce.js
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral28
Sample
Steam cheat engine/Files cheat/autorun/babyce.js
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
Steam cheat engine/Files cheat/autorun/bigendian.js
Resource
win7-20240419-en
windows7-x64
Behavioral task
behavioral30
Sample
Steam cheat engine/Files cheat/autorun/bigendian.js
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
Steam cheat engine/Files cheat/autorun/ceshare.js
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral32
Sample
Steam cheat engine/Files cheat/autorun/ceshare.js
Resource
win10v2004-20240426-en
windows10-2004-x64
General
-
Target
Steam cheat engine/Files cheat/Steam CE.exe
-
Size
16.1MB
-
MD5
4646ce6163658aa1c8500d517775859e
-
SHA1
2d3498cbf0a8ce5992909f87c86320f9278546f5
-
SHA256
94435a79f66c55efaf942263a0318d11fd4c689b7a4f52386712f2a328677b76
-
SHA512
740110a93e1c7e303f82a437ce44dd69ba4610facd208e8ec1387fdee88310265faf56815dcd8deabebcecaf8a8b951b9f9ef1ca02c8a6a972858c3039a9cfe1
-
SSDEEP
393216:C3Z8A06vEQ3ITvzx46SxiILGREuV3WjI8O:C3ZIzx46YNL6WEZ
Malware Config
Signatures
-
Drops file in System32 directory 43 IoCs
description ioc Process File opened for modification C:\Windows\System32\combase.dll Steam CE.exe File opened for modification C:\Windows\SYSTEM32\msimg32.dll Steam CE.exe File opened for modification C:\Windows\SYSTEM32\windows.storage.dll Steam CE.exe File opened for modification C:\Windows\SYSTEM32\Wldp.dll Steam CE.exe File opened for modification C:\Windows\SYSTEM32\PROPSYS.dll Steam CE.exe File opened for modification C:\Windows\System32\KERNEL32.DLL Steam CE.exe File opened for modification C:\Windows\System32\KERNELBASE.dll Steam CE.exe File opened for modification C:\Windows\System32\win32u.dll Steam CE.exe File opened for modification C:\Windows\SYSTEM32\kernel.appcore.dll Steam CE.exe File opened for modification C:\Windows\system32\IconCodecService.dll Steam CE.exe File opened for modification C:\Windows\System32\msvcp_win.dll Steam CE.exe File opened for modification C:\Windows\System32\RPCRT4.dll Steam CE.exe File opened for modification C:\Windows\SYSTEM32\wsock32.dll Steam CE.exe File opened for modification C:\Windows\system32\explorerframe.dll Steam CE.exe File opened for modification C:\Windows\System32\ucrtbase.dll Steam CE.exe File opened for modification C:\Windows\System32\user32.dll Steam CE.exe File opened for modification C:\Windows\System32\imm32.dll Steam CE.exe File opened for modification C:\Windows\System32\ws2_32.dll Steam CE.exe File opened for modification C:\Windows\System32\psapi.dll Steam CE.exe File opened for modification C:\Windows\SYSTEM32\version.dll Steam CE.exe File opened for modification C:\Windows\SYSTEM32\wininet.dll Steam CE.exe File opened for modification C:\Windows\SYSTEM32\GLU32.dll Steam CE.exe File opened for modification C:\Windows\SYSTEM32\WindowsCodecs.dll Steam CE.exe File opened for modification C:\Windows\SYSTEM32\ntdll.dll Steam CE.exe File opened for modification C:\Windows\System32\GDI32.dll Steam CE.exe File opened for modification C:\Windows\System32\shcore.dll Steam CE.exe File opened for modification C:\Windows\System32\SHLWAPI.dll Steam CE.exe File opened for modification C:\Windows\SYSTEM32\opengl32.dll Steam CE.exe File opened for modification C:\Windows\System32\clbcatq.dll Steam CE.exe File opened for modification C:\Windows\System32\bcrypt.dll Steam CE.exe File opened for modification C:\Windows\System32\gdi32full.dll Steam CE.exe File opened for modification C:\Windows\System32\comdlg32.dll Steam CE.exe File opened for modification C:\Windows\System32\sechost.dll Steam CE.exe File opened for modification C:\Windows\System32\shell32.dll Steam CE.exe File opened for modification C:\Windows\SYSTEM32\hhctrl.ocx Steam CE.exe File opened for modification C:\Windows\System32\bcryptPrimitives.dll Steam CE.exe File opened for modification C:\Windows\System32\MSCTF.dll Steam CE.exe File opened for modification C:\Windows\System32\oleaut32.dll Steam CE.exe File opened for modification C:\Windows\System32\msvcrt.dll Steam CE.exe File opened for modification C:\Windows\SYSTEM32\uxtheme.dll Steam CE.exe File opened for modification C:\Windows\SYSTEM32\winmm.dll Steam CE.exe File opened for modification C:\Windows\System32\advapi32.dll Steam CE.exe File opened for modification C:\Windows\System32\ole32.dll Steam CE.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\comctl32.dll Steam CE.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 544 Steam CE.exe 544 Steam CE.exe 544 Steam CE.exe 544 Steam CE.exe -
Suspicious use of AdjustPrivilegeToken 16 IoCs
description pid Process Token: SeDebugPrivilege 544 Steam CE.exe Token: SeTcbPrivilege 544 Steam CE.exe Token: SeTcbPrivilege 544 Steam CE.exe Token: SeLoadDriverPrivilege 544 Steam CE.exe Token: SeCreateGlobalPrivilege 544 Steam CE.exe Token: SeLockMemoryPrivilege 544 Steam CE.exe Token: 33 544 Steam CE.exe Token: SeSecurityPrivilege 544 Steam CE.exe Token: SeTakeOwnershipPrivilege 544 Steam CE.exe Token: SeManageVolumePrivilege 544 Steam CE.exe Token: SeBackupPrivilege 544 Steam CE.exe Token: SeCreatePagefilePrivilege 544 Steam CE.exe Token: SeShutdownPrivilege 544 Steam CE.exe Token: SeRestorePrivilege 544 Steam CE.exe Token: 33 544 Steam CE.exe Token: SeIncBasePriorityPrivilege 544 Steam CE.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 544 Steam CE.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Steam cheat engine\Files cheat\Steam CE.exe"C:\Users\Admin\AppData\Local\Temp\Steam cheat engine\Files cheat\Steam CE.exe"1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:544