42b22cbbc8261f8366cfd4319432233c57778429bed67a30f18caf200a23ac27

Analysis

max time kernel
117s
max time network
126s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
28/08/2024, 18:36

Target

Vanity Cheats.exe
Size

76.7MB
MD5

75e8cafe9f0540b845191eae069b5612
SHA1

10e94c9a5d0280739d46df2a89955ae846fbc645
SHA256

410722f71307bdd6801c270eaa664b67c54c5c05e0c340ba3cd4c35d46b22416
SHA512

6d3ecf80278d97cca1ef06c20f5e3b7463cc5cc46f85f7710970a8bad880cec507f42633225478df72a1c02c203980c78e700f914e9941d3edfa2d96f7379091
SSDEEP

1572864:iHcRlPKh7vXSk8IpG7V+VPhqb+TTE7LlHTdiYweyJuCZUdgcMWhO2xL0skSr:iHcRghTSkB05awb+TYdmpudMgOLskSr

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
1416	Vanity Cheats.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x000400000001d39f-1247.dat	upx
behavioral1/memory/1416-1249-0x000007FEF5EF0000-0x000007FEF65C8000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 1416	2292	Vanity Cheats.exe	31
PID 2292 wrote to memory of 1416	2292	Vanity Cheats.exe	31
PID 2292 wrote to memory of 1416	2292	Vanity Cheats.exe	31

C:\Users\Admin\AppData\Local\Temp\Vanity Cheats.exe
"C:\Users\Admin\AppData\Local\Temp\Vanity Cheats.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Users\Admin\AppData\Local\Temp\Vanity Cheats.exe
  "C:\Users\Admin\AppData\Local\Temp\Vanity Cheats.exe"
  2⤵
  - Loads dropped DLL
  PID:1416

C:\Users\Admin\AppData\Local\Temp\_MEI22922\python312.dll

Filesize
1.8MB

MD5
cfa2e5cdda9039831f12174573b20c7b

SHA1
c63a1ffd741a85e483fc01d6a2d0f7616b223291

SHA256
b93e682bddb5c3e2af1f0264e83fbc40481fe6abd90c3ab26e94f246c8ce8d7d

SHA512
f1ac568bd1a16d5ab2623ac42a83aed32d9867a0e016e0ac3c922f28ceb1bb7e114dab44553949008a6e2fd3bb67fc2be8fc283560d9f4b1f1552137a0c104aa

Download Submit
memory/1416-1249-0x000007FEF5EF0000-0x000007FEF65C8000-memory.dmp

Filesize
6.8MB

Download