b63155f617da18b3d56a178921a60cffb4cfb227142ed2f9989ce52655969d72

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-11-2024 22:34

Target

toniecheat.exe
Size

24.4MB
MD5

d107cbeaef45f5cd7ddbb0d88e683aef
SHA1

db2a52cefd9414a14ef3b31b9bddb4b290de71f0
SHA256

b63155f617da18b3d56a178921a60cffb4cfb227142ed2f9989ce52655969d72
SHA512

cce1a2066ccb44ead1990506115760a501b516e4df6facd33eaf4fd9728fef9e8705f59da607fb0ffe10e987fda06c73d053649bb54a619c6fc7d1833938da8d
SSDEEP

786432:/TEGs1OEi/UMnspKXk8BEWL11JDjszSljW21:m1Ob8YXvJv1Yza

Score

7^/10

upx

Loads dropped DLL 1 IoCs

Processes:

toniecheat.exe

pid	Process
2996	toniecheat.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral1/files/0x00050000000194df-22.dat	upx
behavioral1/memory/2996-24-0x000007FEF56D0000-0x000007FEF5CB9000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

toniecheat.exe

description	pid	Process	procid_target
PID 2556 wrote to memory of 2996	2556	toniecheat.exe	31
PID 2556 wrote to memory of 2996	2556	toniecheat.exe	31
PID 2556 wrote to memory of 2996	2556	toniecheat.exe	31

C:\Users\Admin\AppData\Local\Temp\toniecheat.exe
"C:\Users\Admin\AppData\Local\Temp\toniecheat.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2556
- C:\Users\Admin\AppData\Local\Temp\toniecheat.exe
  "C:\Users\Admin\AppData\Local\Temp\toniecheat.exe"
  2⤵
  - Loads dropped DLL
  PID:2996

C:\Users\Admin\AppData\Local\Temp\_MEI25562\python311.dll

Filesize
1.6MB

MD5
5792adeab1e4414e0129ce7a228eb8b8

SHA1
e9f022e687b6d88d20ee96d9509f82e916b9ee8c

SHA256
7e1370058177d78a415b7ed113cc15472974440d84267fc44cdc5729535e3967

SHA512
c8298b5780a2a5eebed070ac296eda6902b0cac9fda7bb70e21f482d6693d6d2631ca1ac4be96b75ac0dd50c9ca35be5d0aca9c4586ba7e58021edccd482958b

Download Submit
memory/2996-24-0x000007FEF56D0000-0x000007FEF5CB9000-memory.dmp

Filesize
5.9MB

Download