b13f23643fddce3f41b6908a00051b6688788668c81d698994c140bf6290c2d6

Analysis

max time kernel
69s
max time network
69s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
25-07-2024 17:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ValorantExternalFree_[unknowncheats.me]_ (2).exe
Size

808KB
MD5

4ac882ebdbc1431cdd3ab45e1712ada1
SHA1

b871304fd060b700fd66ce0c87014ec955d12979
SHA256

b13f23643fddce3f41b6908a00051b6688788668c81d698994c140bf6290c2d6
SHA512

f3ff8d00849289436b723bc48c14113e51b583955d7f69870458d7b7d72ba214ad531d601a950b247f43325a610fd15cd6584008fd842a29c1dd0804ee2e6f98
SSDEEP

24576:65MOrT+F0sIE9JqsC6mVFyCsffzMS6pcsP9Qtce0TBs/lPsoCyEbDb7Br5oANn90:+bjnS

Score

8^/10

persistence

Malware Config

Signatures

Sets service image path in registry 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\PVqSUwfnXqnCXDvrULRN\ImagePath = "\\??\\C:\\Users\\Admin\\AppData\\Local\\Temp\\PVqSUwfnXqnCXDvrULRN"	ValorantExternalFree_[unknowncheats.me]_ (2).exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe
2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe
2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe
2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe
2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe
2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe
2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe
2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe
2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe
2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe
2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe
2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe
2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe
2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe
2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe
2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe
2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe
2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe
2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe
2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe
2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe
2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe
2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe
2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe
2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe
2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeLoadDriverPrivilege	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe

Suspicious use of WriteProcessMemory 58 IoCs

description	pid	Process	procid_target
PID 2244 wrote to memory of 4036	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	86
PID 2244 wrote to memory of 4036	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	86
PID 2244 wrote to memory of 1580	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	95
PID 2244 wrote to memory of 1580	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	95
PID 2244 wrote to memory of 1044	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	97
PID 2244 wrote to memory of 1044	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	97
PID 2244 wrote to memory of 5080	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	98
PID 2244 wrote to memory of 5080	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	98
PID 2244 wrote to memory of 3048	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	99
PID 2244 wrote to memory of 3048	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	99
PID 2244 wrote to memory of 2992	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	102
PID 2244 wrote to memory of 2992	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	102
PID 2244 wrote to memory of 1260	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	103
PID 2244 wrote to memory of 1260	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	103
PID 2244 wrote to memory of 4624	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	104
PID 2244 wrote to memory of 4624	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	104
PID 2244 wrote to memory of 652	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	105
PID 2244 wrote to memory of 652	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	105
PID 2244 wrote to memory of 704	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	106
PID 2244 wrote to memory of 704	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	106
PID 2244 wrote to memory of 2288	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	107
PID 2244 wrote to memory of 2288	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	107
PID 2244 wrote to memory of 1432	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	108
PID 2244 wrote to memory of 1432	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	108
PID 2244 wrote to memory of 4248	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	109
PID 2244 wrote to memory of 4248	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	109
PID 2244 wrote to memory of 3652	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	110
PID 2244 wrote to memory of 3652	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	110
PID 2244 wrote to memory of 1780	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	111
PID 2244 wrote to memory of 1780	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	111
PID 2244 wrote to memory of 3412	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	112
PID 2244 wrote to memory of 3412	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	112
PID 2244 wrote to memory of 3932	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	113
PID 2244 wrote to memory of 3932	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	113
PID 2244 wrote to memory of 4704	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	115
PID 2244 wrote to memory of 4704	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	115
PID 2244 wrote to memory of 2636	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	116
PID 2244 wrote to memory of 2636	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	116
PID 2244 wrote to memory of 3492	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	118
PID 2244 wrote to memory of 3492	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	118
PID 2244 wrote to memory of 5100	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	119
PID 2244 wrote to memory of 5100	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	119
PID 2244 wrote to memory of 2256	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	121
PID 2244 wrote to memory of 2256	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	121
PID 2244 wrote to memory of 4540	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	122
PID 2244 wrote to memory of 4540	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	122
PID 2244 wrote to memory of 2768	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	123
PID 2244 wrote to memory of 2768	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	123
PID 2244 wrote to memory of 4208	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	124
PID 2244 wrote to memory of 4208	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	124
PID 2244 wrote to memory of 536	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	125
PID 2244 wrote to memory of 536	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	125
PID 2244 wrote to memory of 3848	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	126
PID 2244 wrote to memory of 3848	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	126
PID 2244 wrote to memory of 2784	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	127
PID 2244 wrote to memory of 2784	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	127
PID 2244 wrote to memory of 3656	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	128
PID 2244 wrote to memory of 3656	2244	ValorantExternalFree_[unknowncheats.me]_ (2).exe	128

C:\Users\Admin\AppData\Local\Temp\ValorantExternalFree_[unknowncheats.me]_ (2).exe
"C:\Users\Admin\AppData\Local\Temp\ValorantExternalFree_[unknowncheats.me]_ (2).exe"
1⤵
- Sets service image path in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2244
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4036
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1580
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1044
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5080
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3048
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2992
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1260
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4624
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:652
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:704
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2288
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1432
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4248
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3652
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1780
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3412
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3932
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4704
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2636
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3492
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5100
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2256
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4540
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2768
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4208
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:536
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3848
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2784
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3656

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads