d66044a6db84ffbcb77f4b9067c19e2217493aa168f50f90fbd4b7169cf0fe92

Analysis

max time kernel
134s
max time network
135s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
05/09/2024, 12:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ValorantExternalFreeV2.exe
Size

760KB
MD5

3572e8f5169c964868abf3cc454963a6
SHA1

f914847166f2186ccab7b5ecd73b6050e98a5834
SHA256

d66044a6db84ffbcb77f4b9067c19e2217493aa168f50f90fbd4b7169cf0fe92
SHA512

a8eac5afd952ac9d529b038de8f4326422962b2d417cf4e42ae3b95ad9a13c7be96e6f2ae141b5ffd5951b4827729cfb75d719abcc74544aae1f82f1b127cecc
SSDEEP

12288:P5MOHLT+F0sIE9JUzsC6mVFyCsffzMR6pncsP9Qtce0TBs/lPsoCyIWXrSX3fYhx:P5MOrT+F0sIE9JqsC6mVFyCsffzMR6pK

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
1680	ValorantExternalFreeV2.exe
1680	ValorantExternalFreeV2.exe
1680	ValorantExternalFreeV2.exe
1680	ValorantExternalFreeV2.exe
1680	ValorantExternalFreeV2.exe
1680	ValorantExternalFreeV2.exe
1680	ValorantExternalFreeV2.exe
1680	ValorantExternalFreeV2.exe
1680	ValorantExternalFreeV2.exe
1680	ValorantExternalFreeV2.exe
1680	ValorantExternalFreeV2.exe
1680	ValorantExternalFreeV2.exe
1680	ValorantExternalFreeV2.exe
1680	ValorantExternalFreeV2.exe
1680	ValorantExternalFreeV2.exe
1680	ValorantExternalFreeV2.exe
1680	ValorantExternalFreeV2.exe
1680	ValorantExternalFreeV2.exe
1680	ValorantExternalFreeV2.exe
1680	ValorantExternalFreeV2.exe
1680	ValorantExternalFreeV2.exe
1680	ValorantExternalFreeV2.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3516	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3516	AUDIODG.EXE

Suspicious use of WriteProcessMemory 48 IoCs

description	pid	Process	procid_target
PID 1680 wrote to memory of 2808	1680	ValorantExternalFreeV2.exe	73
PID 1680 wrote to memory of 2808	1680	ValorantExternalFreeV2.exe	73
PID 1680 wrote to memory of 3500	1680	ValorantExternalFreeV2.exe	74
PID 1680 wrote to memory of 3500	1680	ValorantExternalFreeV2.exe	74
PID 1680 wrote to memory of 3048	1680	ValorantExternalFreeV2.exe	75
PID 1680 wrote to memory of 3048	1680	ValorantExternalFreeV2.exe	75
PID 1680 wrote to memory of 4572	1680	ValorantExternalFreeV2.exe	76
PID 1680 wrote to memory of 4572	1680	ValorantExternalFreeV2.exe	76
PID 1680 wrote to memory of 3408	1680	ValorantExternalFreeV2.exe	78
PID 1680 wrote to memory of 3408	1680	ValorantExternalFreeV2.exe	78
PID 1680 wrote to memory of 168	1680	ValorantExternalFreeV2.exe	79
PID 1680 wrote to memory of 168	1680	ValorantExternalFreeV2.exe	79
PID 1680 wrote to memory of 4112	1680	ValorantExternalFreeV2.exe	80
PID 1680 wrote to memory of 4112	1680	ValorantExternalFreeV2.exe	80
PID 1680 wrote to memory of 3348	1680	ValorantExternalFreeV2.exe	81
PID 1680 wrote to memory of 3348	1680	ValorantExternalFreeV2.exe	81
PID 1680 wrote to memory of 3928	1680	ValorantExternalFreeV2.exe	82
PID 1680 wrote to memory of 3928	1680	ValorantExternalFreeV2.exe	82
PID 1680 wrote to memory of 2276	1680	ValorantExternalFreeV2.exe	83
PID 1680 wrote to memory of 2276	1680	ValorantExternalFreeV2.exe	83
PID 1680 wrote to memory of 4828	1680	ValorantExternalFreeV2.exe	84
PID 1680 wrote to memory of 4828	1680	ValorantExternalFreeV2.exe	84
PID 1680 wrote to memory of 4868	1680	ValorantExternalFreeV2.exe	85
PID 1680 wrote to memory of 4868	1680	ValorantExternalFreeV2.exe	85
PID 1680 wrote to memory of 4176	1680	ValorantExternalFreeV2.exe	86
PID 1680 wrote to memory of 4176	1680	ValorantExternalFreeV2.exe	86
PID 1680 wrote to memory of 1120	1680	ValorantExternalFreeV2.exe	87
PID 1680 wrote to memory of 1120	1680	ValorantExternalFreeV2.exe	87
PID 1680 wrote to memory of 4584	1680	ValorantExternalFreeV2.exe	88
PID 1680 wrote to memory of 4584	1680	ValorantExternalFreeV2.exe	88
PID 1680 wrote to memory of 2768	1680	ValorantExternalFreeV2.exe	89
PID 1680 wrote to memory of 2768	1680	ValorantExternalFreeV2.exe	89
PID 1680 wrote to memory of 4680	1680	ValorantExternalFreeV2.exe	90
PID 1680 wrote to memory of 4680	1680	ValorantExternalFreeV2.exe	90
PID 1680 wrote to memory of 4992	1680	ValorantExternalFreeV2.exe	91
PID 1680 wrote to memory of 4992	1680	ValorantExternalFreeV2.exe	91
PID 1680 wrote to memory of 5004	1680	ValorantExternalFreeV2.exe	92
PID 1680 wrote to memory of 5004	1680	ValorantExternalFreeV2.exe	92
PID 1680 wrote to memory of 4212	1680	ValorantExternalFreeV2.exe	93
PID 1680 wrote to memory of 4212	1680	ValorantExternalFreeV2.exe	93
PID 1680 wrote to memory of 3392	1680	ValorantExternalFreeV2.exe	94
PID 1680 wrote to memory of 3392	1680	ValorantExternalFreeV2.exe	94
PID 1680 wrote to memory of 1220	1680	ValorantExternalFreeV2.exe	95
PID 1680 wrote to memory of 1220	1680	ValorantExternalFreeV2.exe	95
PID 1680 wrote to memory of 4972	1680	ValorantExternalFreeV2.exe	96
PID 1680 wrote to memory of 4972	1680	ValorantExternalFreeV2.exe	96
PID 1680 wrote to memory of 4040	1680	ValorantExternalFreeV2.exe	97
PID 1680 wrote to memory of 4040	1680	ValorantExternalFreeV2.exe	97

C:\Users\Admin\AppData\Local\Temp\ValorantExternalFreeV2.exe
"C:\Users\Admin\AppData\Local\Temp\ValorantExternalFreeV2.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1680
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3500
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3048
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4572
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3408
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:168
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4112
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3348
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3928
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2276
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4828
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4868
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4176
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1120
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4584
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2768
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4680
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4992
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5004
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4212
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3392
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1220
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4972
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4040

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3dc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3516

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads