Overview
overview
5Static
static
3Steam chea...ok.dll
windows7-x64
1Steam chea...ok.dll
windows10-2004-x64
1Steam chea...64.dll
windows7-x64
1Steam chea...64.dll
windows10-2004-x64
1Steam chea...ok.dll
windows7-x64
1Steam chea...ok.dll
windows10-2004-x64
1Steam chea...64.dll
windows7-x64
1Steam chea...64.dll
windows10-2004-x64
1Steam chea...CE.exe
windows7-x64
5Steam chea...CE.exe
windows10-2004-x64
5Steam chea...PS.exe
windows7-x64
1Steam chea...PS.exe
windows10-2004-x64
1Steam chea...oup.js
windows7-x64
3Steam chea...oup.js
windows10-2004-x64
3Steam chea...ace.js
windows7-x64
3Steam chea...ace.js
windows10-2004-x64
3Steam chea...nfo.js
windows7-x64
3Steam chea...nfo.js
windows10-2004-x64
3Steam chea...rch.js
windows7-x64
3Steam chea...rch.js
windows10-2004-x64
3Steam chea...log.js
windows7-x64
3Steam chea...log.js
windows10-2004-x64
3Steam chea...ols.js
windows7-x64
3Steam chea...ols.js
windows10-2004-x64
3Steam chea...ave.js
windows7-x64
3Steam chea...ave.js
windows10-2004-x64
3Steam chea...yce.js
windows7-x64
3Steam chea...yce.js
windows10-2004-x64
3Steam chea...ian.js
windows7-x64
3Steam chea...ian.js
windows10-2004-x64
3Steam chea...are.js
windows7-x64
3Steam chea...are.js
windows10-2004-x64
3Analysis
-
max time kernel
144s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
29-05-2024 23:33
Static task
static1
Behavioral task
behavioral1
Sample
Steam cheat engine/Files cheat/CED3D10Hook.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral2
Sample
Steam cheat engine/Files cheat/CED3D10Hook.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Steam cheat engine/Files cheat/CED3D10Hook64.dll
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral4
Sample
Steam cheat engine/Files cheat/CED3D10Hook64.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Steam cheat engine/Files cheat/CED3D11Hook.dll
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral6
Sample
Steam cheat engine/Files cheat/CED3D11Hook.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Steam cheat engine/Files cheat/CED3D11Hook64.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral8
Sample
Steam cheat engine/Files cheat/CED3D11Hook64.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Steam cheat engine/Files cheat/Steam CE.exe
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral10
Sample
Steam cheat engine/Files cheat/Steam CE.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Steam cheat engine/Files cheat/Steam FPS.exe
Resource
win7-20240419-en
windows7-x64
Behavioral task
behavioral12
Sample
Steam cheat engine/Files cheat/Steam FPS.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Steam cheat engine/Files cheat/autorun/AddToNewGroup.js
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral14
Sample
Steam cheat engine/Files cheat/autorun/AddToNewGroup.js
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Steam cheat engine/Files cheat/autorun/DotNetInterface.js
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral16
Sample
Steam cheat engine/Files cheat/autorun/DotNetInterface.js
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Steam cheat engine/Files cheat/autorun/JavaInfo.js
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral18
Sample
Steam cheat engine/Files cheat/autorun/JavaInfo.js
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Steam cheat engine/Files cheat/autorun/JavaSearch.js
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral20
Sample
Steam cheat engine/Files cheat/autorun/JavaSearch.js
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Steam cheat engine/Files cheat/autorun/MethodInvokeDialog.js
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral22
Sample
Steam cheat engine/Files cheat/autorun/MethodInvokeDialog.js
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Steam cheat engine/Files cheat/autorun/andtools.js
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral24
Sample
Steam cheat engine/Files cheat/autorun/andtools.js
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Steam cheat engine/Files cheat/autorun/autosave.js
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral26
Sample
Steam cheat engine/Files cheat/autorun/autosave.js
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Steam cheat engine/Files cheat/autorun/babyce.js
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral28
Sample
Steam cheat engine/Files cheat/autorun/babyce.js
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
Steam cheat engine/Files cheat/autorun/bigendian.js
Resource
win7-20240419-en
windows7-x64
Behavioral task
behavioral30
Sample
Steam cheat engine/Files cheat/autorun/bigendian.js
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
Steam cheat engine/Files cheat/autorun/ceshare.js
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral32
Sample
Steam cheat engine/Files cheat/autorun/ceshare.js
Resource
win10v2004-20240426-en
windows10-2004-x64
General
-
Target
Steam cheat engine/Files cheat/Steam CE.exe
-
Size
16.1MB
-
MD5
4646ce6163658aa1c8500d517775859e
-
SHA1
2d3498cbf0a8ce5992909f87c86320f9278546f5
-
SHA256
94435a79f66c55efaf942263a0318d11fd4c689b7a4f52386712f2a328677b76
-
SHA512
740110a93e1c7e303f82a437ce44dd69ba4610facd208e8ec1387fdee88310265faf56815dcd8deabebcecaf8a8b951b9f9ef1ca02c8a6a972858c3039a9cfe1
-
SSDEEP
393216:C3Z8A06vEQ3ITvzx46SxiILGREuV3WjI8O:C3ZIzx46YNL6WEZ
Malware Config
Signatures
-
Drops file in System32 directory 52 IoCs
description ioc Process File opened for modification C:\Windows\system32\comdlg32.dll Steam CE.exe File opened for modification C:\Windows\system32\hhctrl.ocx Steam CE.exe File opened for modification C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll Steam CE.exe File opened for modification C:\Windows\system32\api-ms-win-core-synch-l1-2-0.DLL Steam CE.exe File opened for modification C:\Windows\system32\CRYPTBASE.dll Steam CE.exe File opened for modification C:\Windows\system32\shell32.dll Steam CE.exe File opened for modification C:\Windows\system32\SHLWAPI.dll Steam CE.exe File opened for modification C:\Windows\system32\DDRAW.dll Steam CE.exe File opened for modification C:\Windows\system32\imm32.dll Steam CE.exe File opened for modification C:\Windows\system32\MSCTF.dll Steam CE.exe File opened for modification C:\Windows\system32\RPCRT4.dll Steam CE.exe File opened for modification C:\Windows\system32\dwmapi.dll Steam CE.exe File opened for modification C:\Windows\system32\opengl32.dll Steam CE.exe File opened for modification C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll Steam CE.exe File opened for modification C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll Steam CE.exe File opened for modification C:\Windows\system32\DUI70.dll Steam CE.exe File opened for modification C:\Windows\system32\DCIMAN32.dll Steam CE.exe File opened for modification C:\Windows\system32\uxtheme.dll Steam CE.exe File opened for modification C:\Windows\SYSTEM32\ntdll.dll Steam CE.exe File opened for modification C:\Windows\system32\IconCodecService.dll Steam CE.exe File opened for modification C:\Windows\system32\GDI32.dll Steam CE.exe File opened for modification C:\Windows\system32\winmm.dll Steam CE.exe File opened for modification C:\Windows\system32\CLBCatQ.DLL Steam CE.exe File opened for modification C:\Windows\system32\psapi.dll Steam CE.exe File opened for modification C:\Windows\system32\USP10.dll Steam CE.exe File opened for modification C:\Windows\system32\CFGMGR32.dll Steam CE.exe File opened for modification C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll Steam CE.exe File opened for modification C:\Windows\system32\advapi32.dll Steam CE.exe File opened for modification C:\Windows\system32\oleaut32.dll Steam CE.exe File opened for modification C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll Steam CE.exe File opened for modification C:\Windows\system32\iertutil.dll Steam CE.exe File opened for modification C:\Windows\system32\LPK.dll Steam CE.exe File opened for modification C:\Windows\system32\SETUPAPI.dll Steam CE.exe File opened for modification C:\Windows\system32\wsock32.dll Steam CE.exe File opened for modification C:\Windows\system32\wininet.dll Steam CE.exe File opened for modification C:\Windows\system32\normaliz.DLL Steam CE.exe File opened for modification C:\Windows\system32\WindowsCodecs.dll Steam CE.exe File opened for modification C:\Windows\SYSTEM32\sechost.dll Steam CE.exe File opened for modification C:\Windows\system32\version.dll Steam CE.exe File opened for modification C:\Windows\system32\NSI.dll Steam CE.exe File opened for modification C:\Windows\system32\DUser.dll Steam CE.exe File opened for modification C:\Windows\system32\propsys.dll Steam CE.exe File opened for modification C:\Windows\system32\msvcrt.dll Steam CE.exe File opened for modification C:\Windows\system32\USER32.dll Steam CE.exe File opened for modification C:\Windows\system32\GLU32.dll Steam CE.exe File opened for modification C:\Windows\system32\DEVOBJ.dll Steam CE.exe File opened for modification C:\Windows\system32\ws2_32.dll Steam CE.exe File opened for modification C:\Windows\system32\kernel32.dll Steam CE.exe File opened for modification C:\Windows\system32\KERNELBASE.dll Steam CE.exe File opened for modification C:\Windows\system32\ole32.dll Steam CE.exe File opened for modification C:\Windows\system32\msimg32.dll Steam CE.exe File opened for modification C:\Windows\system32\explorerframe.dll Steam CE.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll Steam CE.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2176 Steam CE.exe 2176 Steam CE.exe -
Suspicious use of AdjustPrivilegeToken 16 IoCs
description pid Process Token: SeDebugPrivilege 2176 Steam CE.exe Token: SeTcbPrivilege 2176 Steam CE.exe Token: SeTcbPrivilege 2176 Steam CE.exe Token: SeLoadDriverPrivilege 2176 Steam CE.exe Token: SeCreateGlobalPrivilege 2176 Steam CE.exe Token: SeLockMemoryPrivilege 2176 Steam CE.exe Token: 33 2176 Steam CE.exe Token: SeSecurityPrivilege 2176 Steam CE.exe Token: SeTakeOwnershipPrivilege 2176 Steam CE.exe Token: SeManageVolumePrivilege 2176 Steam CE.exe Token: SeBackupPrivilege 2176 Steam CE.exe Token: SeCreatePagefilePrivilege 2176 Steam CE.exe Token: SeShutdownPrivilege 2176 Steam CE.exe Token: SeRestorePrivilege 2176 Steam CE.exe Token: 33 2176 Steam CE.exe Token: SeIncBasePriorityPrivilege 2176 Steam CE.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2176 Steam CE.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Steam cheat engine\Files cheat\Steam CE.exe"C:\Users\Admin\AppData\Local\Temp\Steam cheat engine\Files cheat\Steam CE.exe"1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2176