6407bd134c1b9aa297620318392f85fa671166a280a67a3c13725b6d1ce953ce

Analysis

max time kernel
15s
max time network
16s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
02/10/2024, 07:48

Target

TriggerBot Valorant cheater.fun/trigger/trigger.exe
Size

3.9MB
MD5

0d9659d907e2669a6b925fe1fdd2fe68
SHA1

ca2b9d8450c827625e4b0f8379685b3d247f2717
SHA256

025153faab21056472b13f00fb79a6bfb917e3fcd85eb4c08b7375e6e3e0cb87
SHA512

b1af46307dfc466d8743aeb19ce4cd303e1f15b5bfd13c68f479c18046a8cb48f222a4f51cef09459736dab4ec665c564c4a6e42054933145e8c2ffec3f5158f
SSDEEP

98304:Az92834b9W0v0DdmDDzh4MnBpS8vtjMkc:UdeJbgkjMkc

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2308 wrote to memory of 2800	2308	trigger.exe	30
PID 2308 wrote to memory of 2800	2308	trigger.exe	30
PID 2308 wrote to memory of 2800	2308	trigger.exe	30

C:\Users\Admin\AppData\Local\Temp\TriggerBot Valorant cheater.fun\trigger\trigger.exe
"C:\Users\Admin\AppData\Local\Temp\TriggerBot Valorant cheater.fun\trigger\trigger.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2308
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2308 -s 700
  2⤵
  PID:2800

memory/2308-0-0x000007FEF5763000-0x000007FEF5764000-memory.dmp

Filesize
4KB

Download
memory/2308-1-0x0000000000D50000-0x0000000001142000-memory.dmp

Filesize
3.9MB

Download
memory/2308-2-0x000000001CB90000-0x000000001CCDE000-memory.dmp

Filesize
1.3MB

Download
memory/2308-3-0x000007FEF5760000-0x000007FEF614C000-memory.dmp

Filesize
9.9MB

Download
memory/2308-4-0x0000000000520000-0x0000000000534000-memory.dmp

Filesize
80KB

Download
memory/2308-5-0x000007FEF5763000-0x000007FEF5764000-memory.dmp

Filesize
4KB

Download
memory/2308-6-0x000007FEF5760000-0x000007FEF614C000-memory.dmp

Filesize
9.9MB

Download