734f289e454119f1bb31e9f4963c64e5230b51264229a1832b1707b9753f276c

Analysis

max time kernel
145s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
21-02-2025 14:59

Target

bluewing TS/valorant esp.exe
Size

7.5MB
MD5

90dc2034f9b34caa297d22ba110a648b
SHA1

4aa18722f3c715107819252b14882e25faaf89d4
SHA256

a92207cdaeabf1e5837d5c78c581c2af75052f6b6c162d666cd66931879d9f8e
SHA512

556e09218bb190ab1a2158680d44a778236768c5c5e19339f303cda2bb27acb87fa1dbc34190b5cfd4acf27fc66894c79af067e5a10ce9229933829d972ff4c0
SSDEEP

196608:GKIg67q6GENqJ9fWiTcJhtmLY0FL53d0S/lFAezL3D5te2:v1Q9GEN17tmc0p53dTjAe/33

Score

5^/10

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
3340	valorant esp.exe
3340	valorant esp.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3340	valorant esp.exe
3340	valorant esp.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 3340 wrote to memory of 1312	3340	valorant esp.exe	88
PID 3340 wrote to memory of 1312	3340	valorant esp.exe	88
PID 1312 wrote to memory of 1572	1312	cmd.exe	89
PID 1312 wrote to memory of 1572	1312	cmd.exe	89
PID 1312 wrote to memory of 2224	1312	cmd.exe	90
PID 1312 wrote to memory of 2224	1312	cmd.exe	90
PID 1312 wrote to memory of 4188	1312	cmd.exe	91
PID 1312 wrote to memory of 4188	1312	cmd.exe	91

memory/3340-0-0x00000001400F3000-0x0000000140617000-memory.dmp

Filesize
5.1MB

Download
memory/3340-4-0x00007FF800900000-0x00007FF800902000-memory.dmp

Filesize
8KB

Download
memory/3340-8-0x00007FFFFE150000-0x00007FFFFE152000-memory.dmp

Filesize
8KB

Download
memory/3340-12-0x0000000140000000-0x0000000140D9F000-memory.dmp

Filesize
13.6MB

Download
memory/3340-11-0x0000000140000000-0x0000000140D9F000-memory.dmp

Filesize
13.6MB

Download
memory/3340-7-0x00007FFFFE140000-0x00007FFFFE142000-memory.dmp

Filesize
8KB

Download
memory/3340-6-0x00007FFFFF0A0000-0x00007FFFFF0A2000-memory.dmp

Filesize
8KB

Download
memory/3340-5-0x00007FFFFF090000-0x00007FFFFF092000-memory.dmp

Filesize
8KB

Download
memory/3340-14-0x0000000140000000-0x0000000140D9F000-memory.dmp

Filesize
13.6MB

Download
memory/3340-3-0x00007FF8008F0000-0x00007FF8008F2000-memory.dmp

Filesize
8KB

Download
memory/3340-2-0x00007FF8008E0000-0x00007FF8008E2000-memory.dmp

Filesize
8KB

Download
memory/3340-1-0x00007FF8008D0000-0x00007FF8008D2000-memory.dmp

Filesize
8KB

Download
memory/3340-16-0x00000001400F3000-0x0000000140617000-memory.dmp

Filesize
5.1MB

Download
memory/3340-17-0x0000000140000000-0x0000000140D9F000-memory.dmp

Filesize
13.6MB

Download