cf9e1d3123926425ca2d05227cbfe854cb5fa2d9aa3cf9ee4eda5fde10ac5a93

Resubmissions

16-01-2025 13:24

250116-qnf8ratjbj 10

16-01-2025 13:23

250116-qmsv6asrgm 10

Analysis

max time kernel
10s
max time network
4s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
16-01-2025 13:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bliss-anticheat.exe
Size

6.7MB
MD5

cf229d85dfbcd3f6cdbdc284f11e8ce8
SHA1

d70c63884576a18c4a47d1abef81c0248c905a3b
SHA256

cf9e1d3123926425ca2d05227cbfe854cb5fa2d9aa3cf9ee4eda5fde10ac5a93
SHA512

9224bf4ae4fcd4971733f1bfd428b66583e8484db5011546008c661039d0e4181eb33293e9ba74adbefc572ad0d39b7ad2ddb34a689bc85c661cded1219bbb85
SSDEEP

196608:UTFbeN/FJMIDJf0gsAGKhiC0BRkqRjFDbv9Tr:v/Fqyf0gsEiC03kqRjtL9f

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2584	bliss-anticheat.exe
2584	bliss-anticheat.exe
2584	bliss-anticheat.exe
2584	bliss-anticheat.exe
2584	bliss-anticheat.exe
2584	bliss-anticheat.exe
2584	bliss-anticheat.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0005000000019cca-73.dat	upx
behavioral1/memory/2584-75-0x000007FEF5DE0000-0x000007FEF624E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3052 wrote to memory of 2584	3052	bliss-anticheat.exe	30
PID 3052 wrote to memory of 2584	3052	bliss-anticheat.exe	30
PID 3052 wrote to memory of 2584	3052	bliss-anticheat.exe	30

C:\Users\Admin\AppData\Local\Temp\bliss-anticheat.exe
"C:\Users\Admin\AppData\Local\Temp\bliss-anticheat.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3052
- C:\Users\Admin\AppData\Local\Temp\bliss-anticheat.exe
  "C:\Users\Admin\AppData\Local\Temp\bliss-anticheat.exe"
  2⤵
  - Loads dropped DLL
  PID:2584

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI30522\api-ms-win-core-file-l1-2-0.dll

Filesize
19KB

MD5
6db0f54fcd05a16297d8c0e9dc41e857

SHA1
eeff0f5aec46fa161a5303840886e53a04cd9f50

SHA256
08c4431d2e029d91db307a53943d381e4823bb53e4014c388c3d88ded9d2e233

SHA512
ff5ce9aea8da0ae286ae1a93f5023cedacd90f7a66d1d8ed89adc8dd4ca376b67eb3498f9a5608e048a76be01aedc1b77f3206f200665db6728e1bb61f9672f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30522\api-ms-win-core-localization-l1-2-0.dll

Filesize
19KB

MD5
b4db20a9c352fd3d926717ed6c63ba88

SHA1
d470d0c8cc3b270fd99068e27aa892e42137f91b

SHA256
761d51cf2f2aac43421eecc637dc43ba092516f2b342f6d017007dc607576365

SHA512
2df3099d1f4fce06b096c70aa4c8c115f0a12a8d624b9575f292fc3597b30fd635fd8c0a44c21c3c4556bf6cc78e7b904edd42ec7bc5863ea62fa2f2cf75bd4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30522\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
19KB

MD5
a2603e5dadb91017b83954470bc64694

SHA1
a91ea3aec86f79ebbc465dffb2115d360103e174

SHA256
b1195855a4b9125ed3482ebd45316d6105325d1ec9e3b1ce9fa084b52a00bdd4

SHA512
f7fc366e03f7208c3b0af7f19d824c8b945bf8d451389ef349ef5bcc5e0d735ecf96fd76cc23a329d7ba6d0eca7d84b909999e8774f8ea0f96a0dbd1deac3e68

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30522\api-ms-win-core-timezone-l1-1-0.dll

Filesize
19KB

MD5
c26c5bdc48584116f822d9be4cfd4fc7

SHA1
e64d49d0d77167b4c42e16c8eba59b96b7ea1236

SHA256
a9e03df5efce9b78f958f89613b8f55e59597f6430e1f40ceb9c4130d68d183c

SHA512
7b66ad09370144fe2be39920bf7f4b3ab57be28ab50ef0bc8020ac58616b98a0a9cfb0f70e2b5b79c5d7cf4a04c0b758f9026fdf6752d0ac64b54fb5cff73d9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30522\python310.dll

Filesize
1.4MB

MD5
178a0f45fde7db40c238f1340a0c0ec0

SHA1
dcd2d3d14e06da3e8d7dc91a69b5fd785768b5fe

SHA256
9fcb5ad15bd33dd72122a171a5d950e8e47ceda09372f25df828010cde24b8ed

SHA512
4b790046787e57b9414a796838a026b1530f497a75c8e62d62b56f8c16a0cbedbefad3d4be957bc18379f64374d8d3bf62d3c64b53476c7c5005a7355acd2cee

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30522\ucrtbase.dll

Filesize
1.1MB

MD5
79fe69af4009290dcd5298612e5551f7

SHA1
c7d770a434381ed593b32be5705202271590bc39

SHA256
dff01a7bfad83d7f8456fef597e845b2d099291c8bf22b27584486d948d971f5

SHA512
6a9a582b32076c7e7fdef3ea78775067133ff1f68a1eed5ec89fb66582c1fb51f077124bab915bde6f2afe245ab2fb127fd0ea231bd020ca8ca2d614f525cf8f

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI30522\api-ms-win-core-file-l2-1-0.dll

Filesize
19KB

MD5
1399d7007bdb835f28cf2c155145a227

SHA1
847c72cb49da382fe0061c623ce64a333a38b88f

SHA256
f889a4e805b2b052755f188d8942a79f3eb1867ebe077064ff8707d873c33347

SHA512
25b17a4239267321865e79003f4e5ad5003f13384cdd0fabe2b70dc8b270d46e8162d0d727d27a213346026aa9442f07fbe05c414c137385c6b843792198e63f

Download Submit
memory/2584-75-0x000007FEF5DE0000-0x000007FEF624E000-memory.dmp

Filesize
4.4MB

Download
memory/2584-76-0x000007FEF5DE0000-0x000007FEF624E000-memory.dmp

Filesize
4.4MB

Download