6d0e14d66da69c163f824f8fa7d87de3eea41cdbd48c0973de296cf6d2d0fed3

Analysis

max time kernel
141s
max time network
49s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13/06/2024, 16:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CheatEngine74.exe
Size

3.2MB
MD5

32e0a8e898a4aef3abe2c5c26d2570fb
SHA1

0c56076f2d4d905a08dc2e8c85a6fd4d184a0846
SHA256

6d0e14d66da69c163f824f8fa7d87de3eea41cdbd48c0973de296cf6d2d0fed3
SHA512

1cec6e1dd8eaea6bfc00c48403d3263db6a54d4012b87666da5ac2f83748ef9102ed97c026e185d3c8cc0342c8feafd0a27442dfc19d6d37b69a9d91168ab97d
SSDEEP

98304:kSiH4opH4opH4opuE9vBuRes1EdKKBEXJhJj:EDBDBDlaezKKB2R

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4028	CheatEngine74.tmp

Loads dropped DLL 3 IoCs

pid	Process
4028	CheatEngine74.tmp
4028	CheatEngine74.tmp
4028	CheatEngine74.tmp

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4028	CheatEngine74.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 372 wrote to memory of 4028	372	CheatEngine74.exe	82
PID 372 wrote to memory of 4028	372	CheatEngine74.exe	82
PID 372 wrote to memory of 4028	372	CheatEngine74.exe	82

C:\Users\Admin\AppData\Local\Temp\CheatEngine74.exe
"C:\Users\Admin\AppData\Local\Temp\CheatEngine74.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:372
- C:\Users\Admin\AppData\Local\Temp\is-FCOHU.tmp\CheatEngine74.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-FCOHU.tmp\CheatEngine74.tmp" /SL5="$701E4,2408085,845312,C:\Users\Admin\AppData\Local\Temp\CheatEngine74.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:4028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-BKHP9.tmp\botva2.dll

Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-BKHP9.tmp\loader.gif

Filesize
10KB

MD5
12d7fd91a06cee2d0e76abe0485036ee

SHA1
2bf1f86cc5f66401876d4e0e68af8181da9366ac

SHA256
a6192b9a3fa5db9917aef72d651b7ad8fd8ccb9b53f3ad99d7c46701d00c78cb

SHA512
17ab033d3518bd6d567f7185a3f1185410669062d5ec0a0b046a3a9e8a82ee8f8adb90b806542c5892fc1c01dd3397ea485ebc86e4d398f754c40daf3c333edb

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-BKHP9.tmp\logo.png

Filesize
258KB

MD5
6b7cb2a5a8b301c788c3792802696fe8

SHA1
da93950273b0c256dab64bb3bb755ac7c14f17f3

SHA256
3eed2e41bc6ca0ae9a5d5ee6d57ca727e5cba6ac8e8c5234ac661f9080cedadf

SHA512
4183dbb8fd7de5fd5526a79b62e77fc30b8d1ec34ebaa3793b4f28beb36124084533e08b595f77305522bc847edfed1f9388c0d2ece66e6ac8acb7049b48ee86

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-BKHP9.tmp\zbShieldUtils.dll

Filesize
2.0MB

MD5
e1f18a22199c6f6aa5d87b24e5b39ef1

SHA1
0dcd8f90b575f6f1d10d6789fe769fa26daafd0e

SHA256
62c56c8cf2ac6521ce047b73aa99b6d3952ca53f11d34b00e98d17674a2fc10d

SHA512
5a10a2f096adce6e7db3a40bc3ea3fd44d602966e606706ee5a780703f211de7f77656c79c296390baee1e008dc3ce327eaaf5d78bbae20108670c5bc809a190

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FCOHU.tmp\CheatEngine74.tmp

Filesize
2.9MB

MD5
9858749c3a44de91503ba1124f98a4f0

SHA1
9e871a2a692fe7fa03cbd2b958a48eee9a694758

SHA256
058a000842e85dbf501d6fc76fa4a73e13b31102367d06d459c8ba8e7e91a201

SHA512
85c8f861cca5adee81d8707627ca008821993c19be35ed86372bd50457ed194d11138e9e34e3e527ef4253857eac372eedd0d7a511ae11927be36eefe39c5dc4

Download Submit
memory/372-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/372-19-0x0000000000400000-0x00000000004DC000-memory.dmp

Filesize
880KB

Download
memory/372-0-0x0000000000400000-0x00000000004DC000-memory.dmp

Filesize
880KB

Download
memory/4028-20-0x0000000000400000-0x00000000006FE000-memory.dmp

Filesize
3.0MB

Download
memory/4028-31-0x0000000006090000-0x000000000609F000-memory.dmp

Filesize
60KB

Download
memory/4028-22-0x0000000000400000-0x00000000006FE000-memory.dmp

Filesize
3.0MB

Download
memory/4028-6-0x0000000000400000-0x00000000006FE000-memory.dmp

Filesize
3.0MB

Download
memory/4028-39-0x0000000000400000-0x00000000006FE000-memory.dmp

Filesize
3.0MB

Download
memory/4028-40-0x0000000006090000-0x000000000609F000-memory.dmp

Filesize
60KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads