95de6273efde66a19af7ab5c63b14b6256bb62226db4f28fb79875641dfb68b5

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09-01-2025 09:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cheat.exe
Size

10.0MB
MD5

2ffd878c5c9dca41f147e0e0fc0a6d35
SHA1

96697b119909c1f04cb5ac8f4dca34df08126c7f
SHA256

5740a9e3eaa603b2e9f86932df5ab6b59f8baab82163a163343c9f46825a6849
SHA512

0eb5487ce01d927a297d8ee6e1e0a3cb0313f3824ddef33a896bd9786921c502bd86cebcb8a810523bb971e225ef2e8ded2920bb119faa7f5f5a420a669ca8be
SSDEEP

196608:Vo0lTceNTfm/pf+xk4dGWV3RimrbW3jmyZ:FHy/pWu4EWVRimrbmyC

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2740	cheat.exe
2740	cheat.exe
2740	cheat.exe
2740	cheat.exe
2740	cheat.exe
2740	cheat.exe
2740	cheat.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000500000001962b-73.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 2740	2116	cheat.exe	30
PID 2116 wrote to memory of 2740	2116	cheat.exe	30
PID 2116 wrote to memory of 2740	2116	cheat.exe	30

C:\Users\Admin\AppData\Local\Temp\cheat.exe
"C:\Users\Admin\AppData\Local\Temp\cheat.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Users\Admin\AppData\Local\Temp\cheat.exe
  "C:\Users\Admin\AppData\Local\Temp\cheat.exe"
  2⤵
  - Loads dropped DLL
  PID:2740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI21162\api-ms-win-core-file-l1-2-0.dll

Filesize
22KB

MD5
3aa3d149ae0a66e6defc0d4687789c6d

SHA1
60b4e30bee39e84f6ab0bf0a1dcb185175a39710

SHA256
3729bc97eb77017f8c4149d475cd10ddc90a1d324771a5389de85428094edaee

SHA512
82db906c0bb59a7c70b42fbdf112e3422778f93be9f9a4034a832ab771289e01c5bc47b7722c00491e0e472f3a08c8c75ce2dfc1dcdd0f9d79a574910ba31745

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21162\api-ms-win-core-file-l2-1-0.dll

Filesize
22KB

MD5
41b39e01c24f99dce244739fb6fb4310

SHA1
f9cb5d7053f491e5f203e8873a7061b13e73af25

SHA256
b83084f37411d1cd132950a89ba75c260638e71709e82e6c335ad8ed1b75e853

SHA512
cbe99acd4d46e4323a685e3aada0f0faff16d8be3539d851bc84fcebf0cdb0adc3945e8d220a40e34f21bc4a9a5d83a150104d3c0a637c003a6f92af4dbc8bed

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21162\api-ms-win-core-localization-l1-2-0.dll

Filesize
22KB

MD5
8a2598f6505819dc20a6d63dd9533603

SHA1
57f4a2956e6d251b42a71f5bfe1a5fcfb9869762

SHA256
8c7162da1d65858e6f48eb03930a834c2ef662c43a7eb1df3abdc17ccc5947dd

SHA512
e8a98148382ce4d4d7de1db3f1df6a995db7e9474632eb3f32abdc13239bada172cfb69e912cf8d372ccd7b1ba73406d3800ed909b99911781ee9c9c790ad71d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21162\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
22KB

MD5
6a2927baec1fdd1e0526ba08d19c98fd

SHA1
b4feb452a1bc8645f03241f7c46436f3d0fa0467

SHA256
5d8820a621aa8a7d8be4515a9741977d5b9be2f475dd3398d3e19bd8ab251cd4

SHA512
443a3abe98e15b64e91f3d78d3ca76881c38afeae87addccb9c6cdb0ea9ab490439f02204a7cb880a19a86567451f98bb38388e92395809dbdc3535d04cb6e6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21162\api-ms-win-core-timezone-l1-1-0.dll

Filesize
22KB

MD5
be0f0291e4c307867797a0f4f7134c40

SHA1
b296b535451573e5d0813dd5499c8eea054b0a62

SHA256
0583819a42d57881bc57feadc7c7dcb5bff2a1493897f2a7e32e354df4067ddc

SHA512
31e325804d504fc6088de4812d8909fe9cb15360b95dfeb0a12befa278be4beea0bd0aaa491233c863681a44acf82ad66feaaefa7c761016d1df317cce85a63d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21162\python311.dll

Filesize
1.6MB

MD5
bb46b85029b543b70276ad8e4c238799

SHA1
123bdcd9eebcac1ec0fd2764a37e5e5476bb0c1c

SHA256
72c24e1db1ba4df791720a93ca9502d77c3738eebf8b9092a5d82aa8d80121d0

SHA512
5e993617509c1cf434938d6a467eb0494e04580ad242535a04937f7c174d429da70a6e71792fc3de69e103ffc5d9de51d29001a4df528cfffefdaa2cef4eaf31

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21162\ucrtbase.dll

Filesize
1.1MB

MD5
bbd6c0fc1c19f00db8b28c095d2cf1ef

SHA1
0451120a97847e1da535af46431ba984e26760ab

SHA256
cf50a77f2c83f635a011a941c8f5f5c7ce31de5a7090124c143eb845e80d1c26

SHA512
b4588aa7d6b45c164ce439e700f9f20ac8f9aa10f918cb2bff06ed1b7edd99b95dbfe1b767d9e62800e7d7cef603a23643764404238e61b46869dee2270762eb

Download Submit
memory/2740-75-0x000007FEF59B0000-0x000007FEF5F98000-memory.dmp

Filesize
5.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads