163eb26b7107ce46742e1314925e1adb3d76d69073e90ce99489101d1b925b56

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13/07/2024, 07:27

Target

MultiCheat.exe
Size

23.8MB
MD5

5e9b2f4113efbe9596ec4c315a9c634e
SHA1

67213b6a2e5f321bb6ab2ca13afeadd387ac5b4b
SHA256

163eb26b7107ce46742e1314925e1adb3d76d69073e90ce99489101d1b925b56
SHA512

4802fcee0332fe8d99390086fc48dfabe7d97d70f65f2ecca2e601ed897deddb56e2d9768316ef203a5c9be4f889318c02bc7030250ba64ad6f59569ad72ebdc
SSDEEP

393216:mWvz+oRVcPketV0zL+9qz5fEnBSVkRIrY876h5oCk+7q334zz8vhkW8oW0Zo0ynU:Xz+oRGJ0P+9qdGzcY87q5S3G8veW8/qP

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2244	MultiCheat.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x000500000001a485-1000.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1892 wrote to memory of 2244	1892	MultiCheat.exe	30
PID 1892 wrote to memory of 2244	1892	MultiCheat.exe	30
PID 1892 wrote to memory of 2244	1892	MultiCheat.exe	30

C:\Users\Admin\AppData\Local\Temp\MultiCheat.exe
"C:\Users\Admin\AppData\Local\Temp\MultiCheat.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1892
- C:\Users\Admin\AppData\Local\Temp\MultiCheat.exe
  "C:\Users\Admin\AppData\Local\Temp\MultiCheat.exe"
  2⤵
  - Loads dropped DLL
  PID:2244

C:\Users\Admin\AppData\Local\Temp\_MEI18922\python312.dll

Filesize
1.8MB

MD5
a8f7da4c7ad00df518d0f3554a162bb3

SHA1
a9747e7a4610c862b721761a8b14238310caeb05

SHA256
33ef217d13b774b18679996b0bb6c627120738580f0585b9f9a92a518274250d

SHA512
123fe1f4b2170503ffeccae39bfbfe057c054001156d6837582b4d5132ac5a93c85d7fc8e7e04cb32315c3ad5b2bff8ff0823519fdb59de89571b267d9b996ee

Download Submit
memory/2244-1002-0x000007FEF5380000-0x000007FEF5A58000-memory.dmp

Filesize
6.8MB

Download