d66044a6db84ffbcb77f4b9067c19e2217493aa168f50f90fbd4b7169cf0fe92

Analysis

max time kernel
148s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-09-2024 12:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ValorantExternalFreeV2.exe
Size

760KB
MD5

3572e8f5169c964868abf3cc454963a6
SHA1

f914847166f2186ccab7b5ecd73b6050e98a5834
SHA256

d66044a6db84ffbcb77f4b9067c19e2217493aa168f50f90fbd4b7169cf0fe92
SHA512

a8eac5afd952ac9d529b038de8f4326422962b2d417cf4e42ae3b95ad9a13c7be96e6f2ae141b5ffd5951b4827729cfb75d719abcc74544aae1f82f1b127cecc
SSDEEP

12288:P5MOHLT+F0sIE9JUzsC6mVFyCsffzMR6pncsP9Qtce0TBs/lPsoCyIWXrSX3fYhx:P5MOrT+F0sIE9JqsC6mVFyCsffzMR6pK

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe
4860	ValorantExternalFreeV2.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4860 wrote to memory of 1760	4860	ValorantExternalFreeV2.exe	84
PID 4860 wrote to memory of 1760	4860	ValorantExternalFreeV2.exe	84
PID 4860 wrote to memory of 4940	4860	ValorantExternalFreeV2.exe	91
PID 4860 wrote to memory of 4940	4860	ValorantExternalFreeV2.exe	91
PID 4860 wrote to memory of 692	4860	ValorantExternalFreeV2.exe	92
PID 4860 wrote to memory of 692	4860	ValorantExternalFreeV2.exe	92
PID 4860 wrote to memory of 1324	4860	ValorantExternalFreeV2.exe	95
PID 4860 wrote to memory of 1324	4860	ValorantExternalFreeV2.exe	95
PID 4860 wrote to memory of 324	4860	ValorantExternalFreeV2.exe	97
PID 4860 wrote to memory of 324	4860	ValorantExternalFreeV2.exe	97
PID 4860 wrote to memory of 1440	4860	ValorantExternalFreeV2.exe	98
PID 4860 wrote to memory of 1440	4860	ValorantExternalFreeV2.exe	98
PID 4860 wrote to memory of 4808	4860	ValorantExternalFreeV2.exe	101
PID 4860 wrote to memory of 4808	4860	ValorantExternalFreeV2.exe	101
PID 4860 wrote to memory of 2220	4860	ValorantExternalFreeV2.exe	102
PID 4860 wrote to memory of 2220	4860	ValorantExternalFreeV2.exe	102
PID 4860 wrote to memory of 1384	4860	ValorantExternalFreeV2.exe	103
PID 4860 wrote to memory of 1384	4860	ValorantExternalFreeV2.exe	103
PID 4860 wrote to memory of 540	4860	ValorantExternalFreeV2.exe	104
PID 4860 wrote to memory of 540	4860	ValorantExternalFreeV2.exe	104
PID 4860 wrote to memory of 1568	4860	ValorantExternalFreeV2.exe	105
PID 4860 wrote to memory of 1568	4860	ValorantExternalFreeV2.exe	105
PID 4860 wrote to memory of 4500	4860	ValorantExternalFreeV2.exe	106
PID 4860 wrote to memory of 4500	4860	ValorantExternalFreeV2.exe	106
PID 4860 wrote to memory of 620	4860	ValorantExternalFreeV2.exe	107
PID 4860 wrote to memory of 620	4860	ValorantExternalFreeV2.exe	107
PID 4860 wrote to memory of 424	4860	ValorantExternalFreeV2.exe	108
PID 4860 wrote to memory of 424	4860	ValorantExternalFreeV2.exe	108
PID 4860 wrote to memory of 1756	4860	ValorantExternalFreeV2.exe	109
PID 4860 wrote to memory of 1756	4860	ValorantExternalFreeV2.exe	109
PID 4860 wrote to memory of 884	4860	ValorantExternalFreeV2.exe	110
PID 4860 wrote to memory of 884	4860	ValorantExternalFreeV2.exe	110
PID 4860 wrote to memory of 3540	4860	ValorantExternalFreeV2.exe	111
PID 4860 wrote to memory of 3540	4860	ValorantExternalFreeV2.exe	111
PID 4860 wrote to memory of 5016	4860	ValorantExternalFreeV2.exe	112
PID 4860 wrote to memory of 5016	4860	ValorantExternalFreeV2.exe	112
PID 4860 wrote to memory of 1156	4860	ValorantExternalFreeV2.exe	113
PID 4860 wrote to memory of 1156	4860	ValorantExternalFreeV2.exe	113
PID 4860 wrote to memory of 2016	4860	ValorantExternalFreeV2.exe	115
PID 4860 wrote to memory of 2016	4860	ValorantExternalFreeV2.exe	115
PID 4860 wrote to memory of 3244	4860	ValorantExternalFreeV2.exe	116
PID 4860 wrote to memory of 3244	4860	ValorantExternalFreeV2.exe	116
PID 4860 wrote to memory of 2888	4860	ValorantExternalFreeV2.exe	118
PID 4860 wrote to memory of 2888	4860	ValorantExternalFreeV2.exe	118
PID 4860 wrote to memory of 3456	4860	ValorantExternalFreeV2.exe	119
PID 4860 wrote to memory of 3456	4860	ValorantExternalFreeV2.exe	119
PID 4860 wrote to memory of 2200	4860	ValorantExternalFreeV2.exe	120
PID 4860 wrote to memory of 2200	4860	ValorantExternalFreeV2.exe	120
PID 4860 wrote to memory of 2836	4860	ValorantExternalFreeV2.exe	121
PID 4860 wrote to memory of 2836	4860	ValorantExternalFreeV2.exe	121
PID 4860 wrote to memory of 4196	4860	ValorantExternalFreeV2.exe	122
PID 4860 wrote to memory of 4196	4860	ValorantExternalFreeV2.exe	122
PID 4860 wrote to memory of 4296	4860	ValorantExternalFreeV2.exe	123
PID 4860 wrote to memory of 4296	4860	ValorantExternalFreeV2.exe	123
PID 4860 wrote to memory of 5096	4860	ValorantExternalFreeV2.exe	124
PID 4860 wrote to memory of 5096	4860	ValorantExternalFreeV2.exe	124
PID 4860 wrote to memory of 1356	4860	ValorantExternalFreeV2.exe	125
PID 4860 wrote to memory of 1356	4860	ValorantExternalFreeV2.exe	125
PID 4860 wrote to memory of 764	4860	ValorantExternalFreeV2.exe	126
PID 4860 wrote to memory of 764	4860	ValorantExternalFreeV2.exe	126
PID 4860 wrote to memory of 3300	4860	ValorantExternalFreeV2.exe	127
PID 4860 wrote to memory of 3300	4860	ValorantExternalFreeV2.exe	127
PID 4860 wrote to memory of 3636	4860	ValorantExternalFreeV2.exe	128
PID 4860 wrote to memory of 3636	4860	ValorantExternalFreeV2.exe	128

C:\Users\Admin\AppData\Local\Temp\ValorantExternalFreeV2.exe
"C:\Users\Admin\AppData\Local\Temp\ValorantExternalFreeV2.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4860
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1760
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4940
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:692
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1324
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:324
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1440
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2220
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1384
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:540
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1568
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4500
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:620
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:424
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1756
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:884
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3540
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5016
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1156
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2016
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3244
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2888
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3456
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2200
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2836
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4196
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4296
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5096
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1356
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:764
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3300
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3636
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4988
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1724
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3920
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1496
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3424
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4300
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1760
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4804
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4436
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4944
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1352
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2152
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1560
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1800
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4980
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1500
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2500
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4092
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2688
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4056
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2684
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:364
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3960
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5104
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3640
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4212
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1716
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4024
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3432
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4628
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:8
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1112
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3200
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1972
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3784
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:384
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4960
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4784
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3788
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4228
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1576
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2340
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4496
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4656
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2168
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4400
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4920
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3572
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1904
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2544
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:220
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3324
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2096
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3648
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4336
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1296
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1316
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:880
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1132
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4384
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4088
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1980
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:212
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4740

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads