Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
13/06/2024, 16:53
Static task
static1
Behavioral task
behavioral1
Sample
CheatEngine74.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
CheatEngine74.exe
Resource
win10v2004-20240508-en
General
-
Target
CheatEngine74.exe
-
Size
3.2MB
-
MD5
32e0a8e898a4aef3abe2c5c26d2570fb
-
SHA1
0c56076f2d4d905a08dc2e8c85a6fd4d184a0846
-
SHA256
6d0e14d66da69c163f824f8fa7d87de3eea41cdbd48c0973de296cf6d2d0fed3
-
SHA512
1cec6e1dd8eaea6bfc00c48403d3263db6a54d4012b87666da5ac2f83748ef9102ed97c026e185d3c8cc0342c8feafd0a27442dfc19d6d37b69a9d91168ab97d
-
SSDEEP
98304:kSiH4opH4opH4opuE9vBuRes1EdKKBEXJhJj:EDBDBDlaezKKB2R
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2724 CheatEngine74.tmp -
Loads dropped DLL 1 IoCs
pid Process 1736 CheatEngine74.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2724 CheatEngine74.tmp -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1736 wrote to memory of 2724 1736 CheatEngine74.exe 28 PID 1736 wrote to memory of 2724 1736 CheatEngine74.exe 28 PID 1736 wrote to memory of 2724 1736 CheatEngine74.exe 28 PID 1736 wrote to memory of 2724 1736 CheatEngine74.exe 28 PID 1736 wrote to memory of 2724 1736 CheatEngine74.exe 28 PID 1736 wrote to memory of 2724 1736 CheatEngine74.exe 28 PID 1736 wrote to memory of 2724 1736 CheatEngine74.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\CheatEngine74.exe"C:\Users\Admin\AppData\Local\Temp\CheatEngine74.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1736 -
C:\Users\Admin\AppData\Local\Temp\is-OH1EA.tmp\CheatEngine74.tmp"C:\Users\Admin\AppData\Local\Temp\is-OH1EA.tmp\CheatEngine74.tmp" /SL5="$30146,2408085,845312,C:\Users\Admin\AppData\Local\Temp\CheatEngine74.exe"2⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
PID:2724
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.9MB
MD59858749c3a44de91503ba1124f98a4f0
SHA19e871a2a692fe7fa03cbd2b958a48eee9a694758
SHA256058a000842e85dbf501d6fc76fa4a73e13b31102367d06d459c8ba8e7e91a201
SHA51285c8f861cca5adee81d8707627ca008821993c19be35ed86372bd50457ed194d11138e9e34e3e527ef4253857eac372eedd0d7a511ae11927be36eefe39c5dc4