44eaf962f6e753754cfd154638ffefebf1b5d8b6c78f55a8dbe580b56336d01e

Resubmissions

27-12-2024 18:30

27-12-2024 17:44

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27-12-2024 17:44

Target

Null_CheatsV2.exe
Size

6.9MB
MD5

3cc77edfbffc973a392bc6f3548f89dd
SHA1

26977a68408dc4fc3da11eda6b0295685b4eda67
SHA256

44eaf962f6e753754cfd154638ffefebf1b5d8b6c78f55a8dbe580b56336d01e
SHA512

9e22c7043420e34e5e949fdd1a0e6fa67a9b7e38ca6da77c9277235cfefbf07f34d514d28d9a8c13595af0c760cb8f5558945814b1e810e6d96feb2064785b10
SSDEEP

98304:5OdzdbM+Q2y+aoWwQtjOjFgFQlwq4Mjk+dBZtu9xTtwz/aer6/Bb2EJ1nL2hB0Lq:5AfmOjmFQR4MVGFtwLPmnL2hq+

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2636	Null_CheatsV2.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0006000000016d47-21.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1608 wrote to memory of 2636	1608	Null_CheatsV2.exe	28
PID 1608 wrote to memory of 2636	1608	Null_CheatsV2.exe	28
PID 1608 wrote to memory of 2636	1608	Null_CheatsV2.exe	28

C:\Users\Admin\AppData\Local\Temp\Null_CheatsV2.exe
"C:\Users\Admin\AppData\Local\Temp\Null_CheatsV2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1608
- C:\Users\Admin\AppData\Local\Temp\Null_CheatsV2.exe
  "C:\Users\Admin\AppData\Local\Temp\Null_CheatsV2.exe"
  2⤵
  - Loads dropped DLL
  PID:2636

C:\Users\Admin\AppData\Local\Temp\_MEI16082\python311.dll

Filesize
1.6MB

MD5
9e985651962ccbccdf5220f6617b444f

SHA1
9238853fe1cff8a49c2c801644d6aa57ed1fe4d2

SHA256
3373ee171db8898c83711ec5067895426421c44f1be29af96efe00c48555472e

SHA512
8b8e68bbe71dcd928dbe380fe1a839538e7b8747733ba2fd3d421ba8d280a11ba111b7e8322c14214d5986af9c52ab0c75288bbb2a8b55612fb45836c56ddc36

Download Submit
memory/2636-23-0x000007FEF6560000-0x000007FEF6B49000-memory.dmp

Filesize
5.9MB

Download