d66044a6db84ffbcb77f4b9067c19e2217493aa168f50f90fbd4b7169cf0fe92

Resubmissions

05/09/2024, 12:39

240905-pvllda1hng 3

05/09/2024, 12:36

240905-ps3f4s1brr 3

05/09/2024, 12:34

240905-pr2s7a1bqj 3

Analysis

max time kernel
84s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
05/09/2024, 12:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ValorantExternalFreeV2.exe
Size

760KB
MD5

3572e8f5169c964868abf3cc454963a6
SHA1

f914847166f2186ccab7b5ecd73b6050e98a5834
SHA256

d66044a6db84ffbcb77f4b9067c19e2217493aa168f50f90fbd4b7169cf0fe92
SHA512

a8eac5afd952ac9d529b038de8f4326422962b2d417cf4e42ae3b95ad9a13c7be96e6f2ae141b5ffd5951b4827729cfb75d719abcc74544aae1f82f1b127cecc
SSDEEP

12288:P5MOHLT+F0sIE9JUzsC6mVFyCsffzMR6pncsP9Qtce0TBs/lPsoCyIWXrSX3fYhx:P5MOrT+F0sIE9JqsC6mVFyCsffzMR6pK

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 52 IoCs

pid	Process
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1848	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1848	AUDIODG.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4860 wrote to memory of 1712	4860	ValorantExternalFreeV2.exe	81
PID 4860 wrote to memory of 1712	4860	ValorantExternalFreeV2.exe	81
PID 4860 wrote to memory of 4488	4860	ValorantExternalFreeV2.exe	84
PID 4860 wrote to memory of 4488	4860	ValorantExternalFreeV2.exe	84
PID 4860 wrote to memory of 1624	4860	ValorantExternalFreeV2.exe	85
PID 4860 wrote to memory of 1624	4860	ValorantExternalFreeV2.exe	85
PID 4860 wrote to memory of 924	4860	ValorantExternalFreeV2.exe	86
PID 4860 wrote to memory of 924	4860	ValorantExternalFreeV2.exe	86
PID 4860 wrote to memory of 3632	4860	ValorantExternalFreeV2.exe	87
PID 4860 wrote to memory of 3632	4860	ValorantExternalFreeV2.exe	87
PID 4860 wrote to memory of 2788	4860	ValorantExternalFreeV2.exe	89
PID 4860 wrote to memory of 2788	4860	ValorantExternalFreeV2.exe	89
PID 4860 wrote to memory of 5100	4860	ValorantExternalFreeV2.exe	90
PID 4860 wrote to memory of 5100	4860	ValorantExternalFreeV2.exe	90
PID 4860 wrote to memory of 1584	4860	ValorantExternalFreeV2.exe	91
PID 4860 wrote to memory of 1584	4860	ValorantExternalFreeV2.exe	91
PID 4860 wrote to memory of 240	4860	ValorantExternalFreeV2.exe	92
PID 4860 wrote to memory of 240	4860	ValorantExternalFreeV2.exe	92
PID 4860 wrote to memory of 4232	4860	ValorantExternalFreeV2.exe	93
PID 4860 wrote to memory of 4232	4860	ValorantExternalFreeV2.exe	93
PID 4860 wrote to memory of 4896	4860	ValorantExternalFreeV2.exe	94
PID 4860 wrote to memory of 4896	4860	ValorantExternalFreeV2.exe	94
PID 4860 wrote to memory of 4736	4860	ValorantExternalFreeV2.exe	95
PID 4860 wrote to memory of 4736	4860	ValorantExternalFreeV2.exe	95
PID 4860 wrote to memory of 252	4860	ValorantExternalFreeV2.exe	96
PID 4860 wrote to memory of 252	4860	ValorantExternalFreeV2.exe	96
PID 4860 wrote to memory of 128	4860	ValorantExternalFreeV2.exe	97
PID 4860 wrote to memory of 128	4860	ValorantExternalFreeV2.exe	97
PID 4860 wrote to memory of 4740	4860	ValorantExternalFreeV2.exe	98
PID 4860 wrote to memory of 4740	4860	ValorantExternalFreeV2.exe	98
PID 4860 wrote to memory of 3608	4860	ValorantExternalFreeV2.exe	99
PID 4860 wrote to memory of 3608	4860	ValorantExternalFreeV2.exe	99
PID 4860 wrote to memory of 4852	4860	ValorantExternalFreeV2.exe	100
PID 4860 wrote to memory of 4852	4860	ValorantExternalFreeV2.exe	100
PID 4860 wrote to memory of 1032	4860	ValorantExternalFreeV2.exe	101
PID 4860 wrote to memory of 1032	4860	ValorantExternalFreeV2.exe	101
PID 4860 wrote to memory of 2876	4860	ValorantExternalFreeV2.exe	102
PID 4860 wrote to memory of 2876	4860	ValorantExternalFreeV2.exe	102
PID 4860 wrote to memory of 1868	4860	ValorantExternalFreeV2.exe	103
PID 4860 wrote to memory of 1868	4860	ValorantExternalFreeV2.exe	103
PID 4860 wrote to memory of 4520	4860	ValorantExternalFreeV2.exe	104
PID 4860 wrote to memory of 4520	4860	ValorantExternalFreeV2.exe	104
PID 4860 wrote to memory of 2584	4860	ValorantExternalFreeV2.exe	105
PID 4860 wrote to memory of 2584	4860	ValorantExternalFreeV2.exe	105
PID 4860 wrote to memory of 2180	4860	ValorantExternalFreeV2.exe	106
PID 4860 wrote to memory of 2180	4860	ValorantExternalFreeV2.exe	106
PID 4860 wrote to memory of 3088	4860	ValorantExternalFreeV2.exe	107
PID 4860 wrote to memory of 3088	4860	ValorantExternalFreeV2.exe	107
PID 4860 wrote to memory of 1620	4860	ValorantExternalFreeV2.exe	108
PID 4860 wrote to memory of 1620	4860	ValorantExternalFreeV2.exe	108
PID 4860 wrote to memory of 4024	4860	ValorantExternalFreeV2.exe	109
PID 4860 wrote to memory of 4024	4860	ValorantExternalFreeV2.exe	109
PID 4860 wrote to memory of 1200	4860	ValorantExternalFreeV2.exe	110
PID 4860 wrote to memory of 1200	4860	ValorantExternalFreeV2.exe	110
PID 4860 wrote to memory of 4804	4860	ValorantExternalFreeV2.exe	111
PID 4860 wrote to memory of 4804	4860	ValorantExternalFreeV2.exe	111
PID 4860 wrote to memory of 3852	4860	ValorantExternalFreeV2.exe	112
PID 4860 wrote to memory of 3852	4860	ValorantExternalFreeV2.exe	112
PID 4860 wrote to memory of 2460	4860	ValorantExternalFreeV2.exe	113
PID 4860 wrote to memory of 2460	4860	ValorantExternalFreeV2.exe	113
PID 4860 wrote to memory of 1256	4860	ValorantExternalFreeV2.exe	114
PID 4860 wrote to memory of 1256	4860	ValorantExternalFreeV2.exe	114
PID 4860 wrote to memory of 5056	4860	ValorantExternalFreeV2.exe	115
PID 4860 wrote to memory of 5056	4860	ValorantExternalFreeV2.exe	115

C:\Users\Admin\AppData\Local\Temp\ValorantExternalFreeV2.exe
"C:\Users\Admin\AppData\Local\Temp\ValorantExternalFreeV2.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4860
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1712
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4488
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1624
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:924
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3632
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2788
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5100
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1584
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:240
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4232
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4896
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4736
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:252
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:128
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4740
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3608
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4852
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1032
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2876
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1868
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4520
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2584
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2180
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3088
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1620
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4024
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1200
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4804
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3852
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2460
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1256
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5056
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3208
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2636
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1328
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4844
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5000
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2268
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2192
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2956
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1212
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:948
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:792
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:584
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3052
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1824
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1588
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3164
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2056
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4868
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2836
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5052

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004E0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1848

Windows 7 deprecation

Loading Replay Monitor...

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads