d66044a6db84ffbcb77f4b9067c19e2217493aa168f50f90fbd4b7169cf0fe92

Resubmissions

05-09-2024 12:39

240905-pvllda1hng 3

05-09-2024 12:36

240905-ps3f4s1brr 3

05-09-2024 12:34

240905-pr2s7a1bqj 3

Analysis

max time kernel
79s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
05-09-2024 12:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ValorantExternalFreeV2.exe
Size

760KB
MD5

3572e8f5169c964868abf3cc454963a6
SHA1

f914847166f2186ccab7b5ecd73b6050e98a5834
SHA256

d66044a6db84ffbcb77f4b9067c19e2217493aa168f50f90fbd4b7169cf0fe92
SHA512

a8eac5afd952ac9d529b038de8f4326422962b2d417cf4e42ae3b95ad9a13c7be96e6f2ae141b5ffd5951b4827729cfb75d719abcc74544aae1f82f1b127cecc
SSDEEP

12288:P5MOHLT+F0sIE9JUzsC6mVFyCsffzMR6pncsP9Qtce0TBs/lPsoCyIWXrSX3fYhx:P5MOrT+F0sIE9JqsC6mVFyCsffzMR6pK

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 46 IoCs

pid	Process
1596	ValorantExternalFreeV2.exe
1596	ValorantExternalFreeV2.exe
1596	ValorantExternalFreeV2.exe
1596	ValorantExternalFreeV2.exe
1596	ValorantExternalFreeV2.exe
1596	ValorantExternalFreeV2.exe
1596	ValorantExternalFreeV2.exe
1596	ValorantExternalFreeV2.exe
1596	ValorantExternalFreeV2.exe
1596	ValorantExternalFreeV2.exe
1596	ValorantExternalFreeV2.exe
1596	ValorantExternalFreeV2.exe
1596	ValorantExternalFreeV2.exe
1596	ValorantExternalFreeV2.exe
1596	ValorantExternalFreeV2.exe
1596	ValorantExternalFreeV2.exe
1596	ValorantExternalFreeV2.exe
1596	ValorantExternalFreeV2.exe
1596	ValorantExternalFreeV2.exe
1596	ValorantExternalFreeV2.exe
1596	ValorantExternalFreeV2.exe
1596	ValorantExternalFreeV2.exe
1596	ValorantExternalFreeV2.exe
1596	ValorantExternalFreeV2.exe
1596	ValorantExternalFreeV2.exe
1596	ValorantExternalFreeV2.exe
1596	ValorantExternalFreeV2.exe
1596	ValorantExternalFreeV2.exe
1596	ValorantExternalFreeV2.exe
1596	ValorantExternalFreeV2.exe
1596	ValorantExternalFreeV2.exe
1596	ValorantExternalFreeV2.exe
1596	ValorantExternalFreeV2.exe
1596	ValorantExternalFreeV2.exe
1596	ValorantExternalFreeV2.exe
1596	ValorantExternalFreeV2.exe
1596	ValorantExternalFreeV2.exe
1596	ValorantExternalFreeV2.exe
1596	ValorantExternalFreeV2.exe
1596	ValorantExternalFreeV2.exe
1596	ValorantExternalFreeV2.exe
1596	ValorantExternalFreeV2.exe
1596	ValorantExternalFreeV2.exe
1596	ValorantExternalFreeV2.exe
1596	ValorantExternalFreeV2.exe
1596	ValorantExternalFreeV2.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	276	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	276	AUDIODG.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1596 wrote to memory of 1572	1596	ValorantExternalFreeV2.exe	81
PID 1596 wrote to memory of 1572	1596	ValorantExternalFreeV2.exe	81
PID 1596 wrote to memory of 3204	1596	ValorantExternalFreeV2.exe	83
PID 1596 wrote to memory of 3204	1596	ValorantExternalFreeV2.exe	83
PID 1596 wrote to memory of 3804	1596	ValorantExternalFreeV2.exe	84
PID 1596 wrote to memory of 3804	1596	ValorantExternalFreeV2.exe	84
PID 1596 wrote to memory of 4140	1596	ValorantExternalFreeV2.exe	85
PID 1596 wrote to memory of 4140	1596	ValorantExternalFreeV2.exe	85
PID 1596 wrote to memory of 4780	1596	ValorantExternalFreeV2.exe	86
PID 1596 wrote to memory of 4780	1596	ValorantExternalFreeV2.exe	86
PID 1596 wrote to memory of 2884	1596	ValorantExternalFreeV2.exe	87
PID 1596 wrote to memory of 2884	1596	ValorantExternalFreeV2.exe	87
PID 1596 wrote to memory of 2556	1596	ValorantExternalFreeV2.exe	88
PID 1596 wrote to memory of 2556	1596	ValorantExternalFreeV2.exe	88
PID 1596 wrote to memory of 1524	1596	ValorantExternalFreeV2.exe	89
PID 1596 wrote to memory of 1524	1596	ValorantExternalFreeV2.exe	89
PID 1596 wrote to memory of 860	1596	ValorantExternalFreeV2.exe	90
PID 1596 wrote to memory of 860	1596	ValorantExternalFreeV2.exe	90
PID 1596 wrote to memory of 2084	1596	ValorantExternalFreeV2.exe	91
PID 1596 wrote to memory of 2084	1596	ValorantExternalFreeV2.exe	91
PID 1596 wrote to memory of 2312	1596	ValorantExternalFreeV2.exe	92
PID 1596 wrote to memory of 2312	1596	ValorantExternalFreeV2.exe	92
PID 1596 wrote to memory of 3872	1596	ValorantExternalFreeV2.exe	93
PID 1596 wrote to memory of 3872	1596	ValorantExternalFreeV2.exe	93
PID 1596 wrote to memory of 3876	1596	ValorantExternalFreeV2.exe	94
PID 1596 wrote to memory of 3876	1596	ValorantExternalFreeV2.exe	94
PID 1596 wrote to memory of 3136	1596	ValorantExternalFreeV2.exe	96
PID 1596 wrote to memory of 3136	1596	ValorantExternalFreeV2.exe	96
PID 1596 wrote to memory of 1004	1596	ValorantExternalFreeV2.exe	97
PID 1596 wrote to memory of 1004	1596	ValorantExternalFreeV2.exe	97
PID 1596 wrote to memory of 896	1596	ValorantExternalFreeV2.exe	98
PID 1596 wrote to memory of 896	1596	ValorantExternalFreeV2.exe	98
PID 1596 wrote to memory of 1796	1596	ValorantExternalFreeV2.exe	99
PID 1596 wrote to memory of 1796	1596	ValorantExternalFreeV2.exe	99
PID 1596 wrote to memory of 2200	1596	ValorantExternalFreeV2.exe	100
PID 1596 wrote to memory of 2200	1596	ValorantExternalFreeV2.exe	100
PID 1596 wrote to memory of 4672	1596	ValorantExternalFreeV2.exe	101
PID 1596 wrote to memory of 4672	1596	ValorantExternalFreeV2.exe	101
PID 1596 wrote to memory of 2800	1596	ValorantExternalFreeV2.exe	102
PID 1596 wrote to memory of 2800	1596	ValorantExternalFreeV2.exe	102
PID 1596 wrote to memory of 236	1596	ValorantExternalFreeV2.exe	103
PID 1596 wrote to memory of 236	1596	ValorantExternalFreeV2.exe	103
PID 1596 wrote to memory of 2356	1596	ValorantExternalFreeV2.exe	104
PID 1596 wrote to memory of 2356	1596	ValorantExternalFreeV2.exe	104
PID 1596 wrote to memory of 3516	1596	ValorantExternalFreeV2.exe	105
PID 1596 wrote to memory of 3516	1596	ValorantExternalFreeV2.exe	105
PID 1596 wrote to memory of 464	1596	ValorantExternalFreeV2.exe	106
PID 1596 wrote to memory of 464	1596	ValorantExternalFreeV2.exe	106
PID 1596 wrote to memory of 3168	1596	ValorantExternalFreeV2.exe	107
PID 1596 wrote to memory of 3168	1596	ValorantExternalFreeV2.exe	107
PID 1596 wrote to memory of 3468	1596	ValorantExternalFreeV2.exe	108
PID 1596 wrote to memory of 3468	1596	ValorantExternalFreeV2.exe	108
PID 1596 wrote to memory of 3232	1596	ValorantExternalFreeV2.exe	109
PID 1596 wrote to memory of 3232	1596	ValorantExternalFreeV2.exe	109
PID 1596 wrote to memory of 4372	1596	ValorantExternalFreeV2.exe	110
PID 1596 wrote to memory of 4372	1596	ValorantExternalFreeV2.exe	110
PID 1596 wrote to memory of 4188	1596	ValorantExternalFreeV2.exe	111
PID 1596 wrote to memory of 4188	1596	ValorantExternalFreeV2.exe	111
PID 1596 wrote to memory of 3216	1596	ValorantExternalFreeV2.exe	112
PID 1596 wrote to memory of 3216	1596	ValorantExternalFreeV2.exe	112
PID 1596 wrote to memory of 4024	1596	ValorantExternalFreeV2.exe	113
PID 1596 wrote to memory of 4024	1596	ValorantExternalFreeV2.exe	113
PID 1596 wrote to memory of 2336	1596	ValorantExternalFreeV2.exe	114
PID 1596 wrote to memory of 2336	1596	ValorantExternalFreeV2.exe	114

C:\Users\Admin\AppData\Local\Temp\ValorantExternalFreeV2.exe
"C:\Users\Admin\AppData\Local\Temp\ValorantExternalFreeV2.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1596
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1572
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3204
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3804
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4140
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4780
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2884
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2556
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1524
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:860
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2084
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2312
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3872
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3876
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3136
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1004
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:896
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1796
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2200
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4672
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2800
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:236
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2356
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3516
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:464
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3168
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3468
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3232
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4372
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4188
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3216
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4024
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2336
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:248
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1832
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2756
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2504
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1068
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1032
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:576
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4232
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:492
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3372
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3556
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4468
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3540
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2452

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004E4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:276

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads