Resubmissions
26/03/2025, 17:15
250326-vsy2ksy1cy 1026/03/2025, 13:00
250326-p8xwkavzc1 1026/03/2025, 12:53
250326-p4qlpaxkz6 1026/03/2025, 12:50
250326-p3esssxkx7 10Analysis
-
max time kernel
19s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
26/03/2025, 17:15
Static task
static1
Behavioral task
behavioral1
Sample
AxoCheat.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
AxoCheat.exe
Resource
win10v2004-20250314-en
General
-
Target
AxoCheat.exe
-
Size
10KB
-
MD5
0d84b857213666d2946cd162f32d28d0
-
SHA1
856e6f634ae15e27550cbfb1210a313174a2deff
-
SHA256
297304093913381095220c0fc22bc6a4c64f4ed2f05a8bc0d71453fa6b7860e5
-
SHA512
7e42b0f5d9089417ce51384642dad234885465d490ee36e05ac43d9e8ab7b4bdc701cc7e57c03da37edf9683590e992a51b0baba61e91f325012e53a77b4df8f
-
SSDEEP
192:d950dmo9JSL75DuLzozbBLVbL/LaTSK0euttj+exz:d950dmo9JSL4LEzbvbL/LiSjeu7j+ex
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AxoCheat.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2168 AxoCheat.exe