797b58eb15a41e4afea788e4bff6d0ebe57af68a9db7c06fff0420e8adb0da96 | Triage

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03-10-2024 14:25

Sharing

Report Analysis Logs

General

Target

WarzoneCheat.exe
Size

2.5MB
MD5

4f03dcb1e44a6b89d910cb4f41198172
SHA1

4b14b8244f5cd389c20fba033823be6b489c854e
SHA256

797b58eb15a41e4afea788e4bff6d0ebe57af68a9db7c06fff0420e8adb0da96
SHA512

27a7a4acadaee21da7d80e08d62b898a8f9d9f3375f85ce6c72e4244b20b63f437c932cb6722a236effb128e6eae34e6f49851f4d6d033076d4c6aeb27147fe7
SSDEEP

49152:pLIbv9GOcDhnSV/vwyTgoypdxxR6ch2CL04r+y/PioT8uNPqmQ0rFPYrxV:0LwyTgoIdL8YeuNSFl

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 340 wrote to memory of 1148	340	WarzoneCheat.exe	30
PID 340 wrote to memory of 1148	340	WarzoneCheat.exe	30
PID 340 wrote to memory of 1148	340	WarzoneCheat.exe	30

C:\Users\Admin\AppData\Local\Temp\WarzoneCheat.exe
"C:\Users\Admin\AppData\Local\Temp\WarzoneCheat.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:340
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 340 -s 28
  2⤵
  PID:1148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/340-0-0x000000013F4B0000-0x000000013F72D000-memory.dmp

Filesize
2.5MB

Download