d66044a6db84ffbcb77f4b9067c19e2217493aa168f50f90fbd4b7169cf0fe92

Resubmissions

05/09/2024, 12:39 UTC

240905-pvllda1hng 3

05/09/2024, 12:36 UTC

240905-ps3f4s1brr 3

05/09/2024, 12:34 UTC

240905-pr2s7a1bqj 3

Analysis

max time kernel
148s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/09/2024, 12:39 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ValorantExternalFreeV2.exe
Size

760KB
MD5

3572e8f5169c964868abf3cc454963a6
SHA1

f914847166f2186ccab7b5ecd73b6050e98a5834
SHA256

d66044a6db84ffbcb77f4b9067c19e2217493aa168f50f90fbd4b7169cf0fe92
SHA512

a8eac5afd952ac9d529b038de8f4326422962b2d417cf4e42ae3b95ad9a13c7be96e6f2ae141b5ffd5951b4827729cfb75d719abcc74544aae1f82f1b127cecc
SSDEEP

12288:P5MOHLT+F0sIE9JUzsC6mVFyCsffzMR6pncsP9Qtce0TBs/lPsoCyIWXrSX3fYhx:P5MOrT+F0sIE9JqsC6mVFyCsffzMR6pK

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 46 IoCs

pid	Process
2100	ValorantExternalFreeV2.exe
2100	ValorantExternalFreeV2.exe
2100	ValorantExternalFreeV2.exe
2100	ValorantExternalFreeV2.exe
2100	ValorantExternalFreeV2.exe
2100	ValorantExternalFreeV2.exe
2100	ValorantExternalFreeV2.exe
2100	ValorantExternalFreeV2.exe
2100	ValorantExternalFreeV2.exe
2100	ValorantExternalFreeV2.exe
2100	ValorantExternalFreeV2.exe
2100	ValorantExternalFreeV2.exe
2100	ValorantExternalFreeV2.exe
2100	ValorantExternalFreeV2.exe
2100	ValorantExternalFreeV2.exe
2100	ValorantExternalFreeV2.exe
2100	ValorantExternalFreeV2.exe
2100	ValorantExternalFreeV2.exe
2100	ValorantExternalFreeV2.exe
2100	ValorantExternalFreeV2.exe
2100	ValorantExternalFreeV2.exe
2100	ValorantExternalFreeV2.exe
2100	ValorantExternalFreeV2.exe
2100	ValorantExternalFreeV2.exe
2100	ValorantExternalFreeV2.exe
2100	ValorantExternalFreeV2.exe
2100	ValorantExternalFreeV2.exe
2100	ValorantExternalFreeV2.exe
2100	ValorantExternalFreeV2.exe
2100	ValorantExternalFreeV2.exe
2100	ValorantExternalFreeV2.exe
2100	ValorantExternalFreeV2.exe
2100	ValorantExternalFreeV2.exe
2100	ValorantExternalFreeV2.exe
2100	ValorantExternalFreeV2.exe
2100	ValorantExternalFreeV2.exe
2100	ValorantExternalFreeV2.exe
2100	ValorantExternalFreeV2.exe
2100	ValorantExternalFreeV2.exe
2100	ValorantExternalFreeV2.exe
2100	ValorantExternalFreeV2.exe
2100	ValorantExternalFreeV2.exe
2100	ValorantExternalFreeV2.exe
2100	ValorantExternalFreeV2.exe
2100	ValorantExternalFreeV2.exe
2100	ValorantExternalFreeV2.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3244	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3244	AUDIODG.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 5016	2100	ValorantExternalFreeV2.exe	84
PID 2100 wrote to memory of 5016	2100	ValorantExternalFreeV2.exe	84
PID 2100 wrote to memory of 2720	2100	ValorantExternalFreeV2.exe	92
PID 2100 wrote to memory of 2720	2100	ValorantExternalFreeV2.exe	92
PID 2100 wrote to memory of 1232	2100	ValorantExternalFreeV2.exe	93
PID 2100 wrote to memory of 1232	2100	ValorantExternalFreeV2.exe	93
PID 2100 wrote to memory of 1528	2100	ValorantExternalFreeV2.exe	95
PID 2100 wrote to memory of 1528	2100	ValorantExternalFreeV2.exe	95
PID 2100 wrote to memory of 2204	2100	ValorantExternalFreeV2.exe	96
PID 2100 wrote to memory of 2204	2100	ValorantExternalFreeV2.exe	96
PID 2100 wrote to memory of 1696	2100	ValorantExternalFreeV2.exe	100
PID 2100 wrote to memory of 1696	2100	ValorantExternalFreeV2.exe	100
PID 2100 wrote to memory of 5116	2100	ValorantExternalFreeV2.exe	104
PID 2100 wrote to memory of 5116	2100	ValorantExternalFreeV2.exe	104
PID 2100 wrote to memory of 2548	2100	ValorantExternalFreeV2.exe	105
PID 2100 wrote to memory of 2548	2100	ValorantExternalFreeV2.exe	105
PID 2100 wrote to memory of 3780	2100	ValorantExternalFreeV2.exe	106
PID 2100 wrote to memory of 3780	2100	ValorantExternalFreeV2.exe	106
PID 2100 wrote to memory of 364	2100	ValorantExternalFreeV2.exe	107
PID 2100 wrote to memory of 364	2100	ValorantExternalFreeV2.exe	107
PID 2100 wrote to memory of 3392	2100	ValorantExternalFreeV2.exe	108
PID 2100 wrote to memory of 3392	2100	ValorantExternalFreeV2.exe	108
PID 2100 wrote to memory of 968	2100	ValorantExternalFreeV2.exe	109
PID 2100 wrote to memory of 968	2100	ValorantExternalFreeV2.exe	109
PID 2100 wrote to memory of 2080	2100	ValorantExternalFreeV2.exe	110
PID 2100 wrote to memory of 2080	2100	ValorantExternalFreeV2.exe	110
PID 2100 wrote to memory of 4516	2100	ValorantExternalFreeV2.exe	111
PID 2100 wrote to memory of 4516	2100	ValorantExternalFreeV2.exe	111
PID 2100 wrote to memory of 4576	2100	ValorantExternalFreeV2.exe	112
PID 2100 wrote to memory of 4576	2100	ValorantExternalFreeV2.exe	112
PID 2100 wrote to memory of 4344	2100	ValorantExternalFreeV2.exe	113
PID 2100 wrote to memory of 4344	2100	ValorantExternalFreeV2.exe	113
PID 2100 wrote to memory of 464	2100	ValorantExternalFreeV2.exe	114
PID 2100 wrote to memory of 464	2100	ValorantExternalFreeV2.exe	114
PID 2100 wrote to memory of 2844	2100	ValorantExternalFreeV2.exe	115
PID 2100 wrote to memory of 2844	2100	ValorantExternalFreeV2.exe	115
PID 2100 wrote to memory of 3688	2100	ValorantExternalFreeV2.exe	116
PID 2100 wrote to memory of 3688	2100	ValorantExternalFreeV2.exe	116
PID 2100 wrote to memory of 2752	2100	ValorantExternalFreeV2.exe	117
PID 2100 wrote to memory of 2752	2100	ValorantExternalFreeV2.exe	117
PID 2100 wrote to memory of 2624	2100	ValorantExternalFreeV2.exe	118
PID 2100 wrote to memory of 2624	2100	ValorantExternalFreeV2.exe	118
PID 2100 wrote to memory of 264	2100	ValorantExternalFreeV2.exe	119
PID 2100 wrote to memory of 264	2100	ValorantExternalFreeV2.exe	119
PID 2100 wrote to memory of 4448	2100	ValorantExternalFreeV2.exe	120
PID 2100 wrote to memory of 4448	2100	ValorantExternalFreeV2.exe	120
PID 2100 wrote to memory of 4444	2100	ValorantExternalFreeV2.exe	121
PID 2100 wrote to memory of 4444	2100	ValorantExternalFreeV2.exe	121
PID 2100 wrote to memory of 5016	2100	ValorantExternalFreeV2.exe	122
PID 2100 wrote to memory of 5016	2100	ValorantExternalFreeV2.exe	122
PID 2100 wrote to memory of 5056	2100	ValorantExternalFreeV2.exe	123
PID 2100 wrote to memory of 5056	2100	ValorantExternalFreeV2.exe	123
PID 2100 wrote to memory of 2452	2100	ValorantExternalFreeV2.exe	124
PID 2100 wrote to memory of 2452	2100	ValorantExternalFreeV2.exe	124
PID 2100 wrote to memory of 3716	2100	ValorantExternalFreeV2.exe	125
PID 2100 wrote to memory of 3716	2100	ValorantExternalFreeV2.exe	125
PID 2100 wrote to memory of 1088	2100	ValorantExternalFreeV2.exe	126
PID 2100 wrote to memory of 1088	2100	ValorantExternalFreeV2.exe	126
PID 2100 wrote to memory of 1508	2100	ValorantExternalFreeV2.exe	127
PID 2100 wrote to memory of 1508	2100	ValorantExternalFreeV2.exe	127
PID 2100 wrote to memory of 1180	2100	ValorantExternalFreeV2.exe	128
PID 2100 wrote to memory of 1180	2100	ValorantExternalFreeV2.exe	128
PID 2100 wrote to memory of 2720	2100	ValorantExternalFreeV2.exe	129
PID 2100 wrote to memory of 2720	2100	ValorantExternalFreeV2.exe	129

C:\Users\Admin\AppData\Local\Temp\ValorantExternalFreeV2.exe
"C:\Users\Admin\AppData\Local\Temp\ValorantExternalFreeV2.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5016
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2720
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1232
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1528
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2204
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1696
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5116
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2548
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3780
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:364
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3392
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:968
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2080
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4516
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4576
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4344
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:464
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2844
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3688
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2752
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2624
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:264
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4448
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4444
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5016
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5056
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2452
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3716
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1088
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1508
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1180
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2720
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1232
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4208
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1416
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4624
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4992
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1236
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3552
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3432
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1696
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1076
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5100
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1336
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3852
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4956
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4136

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x30c 0x2ec
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3244

Network

DNS

232.168.11.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.168.11.51.in-addr.arpa

IN PTR

Response
DNS

81.144.22.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

81.144.22.2.in-addr.arpa

IN PTR

Response

81.144.22.2.in-addr.arpa

IN PTR

a2-22-144-81deploystaticakamaitechnologiescom
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

71.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

71.159.190.20.in-addr.arpa

IN PTR

Response
DNS

50.23.12.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.23.12.20.in-addr.arpa

IN PTR

Response
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR

Response
DNS

73.144.22.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.144.22.2.in-addr.arpa

IN PTR

Response

73.144.22.2.in-addr.arpa

IN PTR

a2-22-144-73deploystaticakamaitechnologiescom
DNS

14.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.227.111.52.in-addr.arpa

IN PTR

Response

No results found

8.8.8.8:53

232.168.11.51.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

232.168.11.51.in-addr.arpa
8.8.8.8:53

81.144.22.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

81.144.22.2.in-addr.arpa
8.8.8.8:53

71.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

71.159.190.20.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

50.23.12.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

50.23.12.20.in-addr.arpa
8.8.8.8:53

206.23.85.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

206.23.85.13.in-addr.arpa
8.8.8.8:53

73.144.22.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

73.144.22.2.in-addr.arpa
8.8.8.8:53

14.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

14.227.111.52.in-addr.arpa

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.