Overview
overview
3Static
static
3Valorant R...22.dll
windows10-2004-x64
1Valorant R...II.dll
windows10-2004-x64
1Valorant R...M7.dll
windows10-2004-x64
1Valorant R...pi.dll
windows10-2004-x64
1Valorant R...rm.cmd
windows7-x64
1Valorant R...rm.cmd
windows10-2004-x64
1Valorant R...rm.cmd
windows7-x64
1Valorant R...rm.cmd
windows10-2004-x64
1Valorant R...rm.cmd
windows7-x64
1Valorant R...rm.cmd
windows10-2004-x64
1Valorant R...rm.cmd
windows7-x64
1Valorant R...rm.cmd
windows10-2004-x64
1Valorant R...rm.cmd
windows7-x64
1Valorant R...rm.cmd
windows10-2004-x64
1Valorant R...ds.dll
windows10-2004-x64
1Valorant R...eg.dll
windows10-2004-x64
1Valorant R...ui.dll
windows10-2004-x64
1Valorant R...32.dll
windows10-2004-x64
1Valorant R...er.dll
windows7-x64
1Valorant R...er.dll
windows10-2004-x64
1Valorant R...er.dll
windows7-x64
1Valorant R...er.dll
windows10-2004-x64
1Valorant R...er.dll
windows7-x64
1Valorant R...er.dll
windows10-2004-x64
1Valorant R...er.dll
windows10-2004-x64
1Valorant R...dr.dll
windows10-2004-x64
1Valorant R...ps.dll
windows10-2004-x64
1Valorant R...m.html
windows7-x64
3Valorant R...m.html
windows10-2004-x64
3Valorant R...47.dll
windows10-2004-x64
3Valorant R...eg.dll
windows7-x64
3Valorant R...eg.dll
windows10-2004-x64
3Resubmissions
08/08/2024, 03:56
240808-ehkhfashla 3Analysis
-
max time kernel
119s -
max time network
132s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
08/08/2024, 03:56
Behavioral task
behavioral1
Sample
Valorant Root TBR12.045/Boot/C_IS2022.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral2
Sample
Valorant Root TBR12.045/Boot/C_ISCII.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Valorant Root TBR12.045/Boot/c_GSM7.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral4
Sample
Valorant Root TBR12.045/Boot/cabapi.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Valorant Root TBR12.045/Config/Tools/Combat/winrm.cmd
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral6
Sample
Valorant Root TBR12.045/Config/Tools/Combat/winrm.cmd
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Valorant Root TBR12.045/Config/Tools/Fix/winrm.cmd
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral8
Sample
Valorant Root TBR12.045/Config/Tools/Fix/winrm.cmd
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Valorant Root TBR12.045/Config/Tools/Replace/winrm.cmd
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral10
Sample
Valorant Root TBR12.045/Config/Tools/Replace/winrm.cmd
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Valorant Root TBR12.045/Config/Tools/Sources/winrm.cmd
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral12
Sample
Valorant Root TBR12.045/Config/Tools/Sources/winrm.cmd
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Valorant Root TBR12.045/Config/Tools/winrm.cmd
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral14
Sample
Valorant Root TBR12.045/Config/Tools/winrm.cmd
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Valorant Root TBR12.045/Config/xwizards.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
Valorant Root TBR12.045/Config/xwreg.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Valorant Root TBR12.045/Config/xwtpdui.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral18
Sample
Valorant Root TBR12.045/Config/xwtpw32.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Valorant Root TBR12.045/Config/ze_loader.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral20
Sample
Valorant Root TBR12.045/Config/ze_loader.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Valorant Root TBR12.045/Config/ze_tracing_layer.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral22
Sample
Valorant Root TBR12.045/Config/ze_tracing_layer.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Valorant Root TBR12.045/Config/ze_validation_layer.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral24
Sample
Valorant Root TBR12.045/Config/ze_validation_layer.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Valorant Root TBR12.045/Config/zipcontainer.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral26
Sample
Valorant Root TBR12.045/Config/zipfldr.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Valorant Root TBR12.045/Config/ztrace_maps.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral28
Sample
Valorant Root TBR12.045/Resources/LICENSES.chromium.html
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral29
Sample
Valorant Root TBR12.045/Resources/LICENSES.chromium.html
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral30
Sample
Valorant Root TBR12.045/Resources/d3dcompiler_47.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
Valorant Root TBR12.045/Resources/ffmpeg.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral32
Sample
Valorant Root TBR12.045/Resources/ffmpeg.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
General
-
Target
Valorant Root TBR12.045/Config/Tools/Sources/winrm.cmd
-
Size
33B
-
MD5
f80eef72983614db418a0c1fae21ebc1
-
SHA1
1e741199065307b6fe1f820f20e68ea99877a008
-
SHA256
8323d52f2ff69fedf02ab6238e9e3319d091e47a13afd17ed0300aad0c0a881e
-
SHA512
28e7a256e36fb550f7b49d427162bd18db84ea6c8dbec637f8d50aec086a5522bbb2c5338b669fa80a5d82ba8094d3b815c97fa6fc9513774bba88c1b2aa94f2
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2688 wrote to memory of 2680 2688 cmd.exe 31 PID 2688 wrote to memory of 2680 2688 cmd.exe 31 PID 2688 wrote to memory of 2680 2688 cmd.exe 31
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Valorant Root TBR12.045\Config\Tools\Sources\winrm.cmd"1⤵
- Suspicious use of WriteProcessMemory
PID:2688 -
C:\Windows\system32\cscript.execscript //nologo "C:\Users\Admin\AppData\Local\Temp\Valorant Root TBR12.045\Config\Tools\Sources\winrm.vbs"2⤵PID:2680
-