Windows Analysis Report
ValorantHack.exe

ID:	1561388
Product:	CloudBasic
Start time:	09:57:16
Start date:	23.11.2024
Sample:	ValorantHack.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	a79b1017bbfe997cd39c782370117a0c
SHA1:	7aa5fc13cf2f811e645912646ace587059d6b024
SHA256:	22de86536c93e4742e4a3bcaaa80c6ec1e3b139c3cab85c35949b3c53d085392
Filetype:	Win32 Executable (generic) Net Framework (10011505/4) 50.01%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ValorantHack.exe.log	CSV text	3A8957C6382192B71471BD14359D0B12	71B96C965B65A051E7E7D10F61BEBD8CCBB88587	282FBEFDDCFAA0A9DBDEE6E123791FC4B8CB870AE9D450E6394D2ACDA3D8F56D

AV Detection

Source: ValorantHack.exe

Virustotal: Detection: 25%

Perma Link

Source: ValorantHack.exe

Joe Sandbox ML: detected

Compliance

Source: ValorantHack.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

System Summary

Source: ValorantHack.exe, 00000000.00000002.1732725976.0000000002B2E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs ValorantHack.exe
Source: ValorantHack.exe, 00000000.00000000.1686459366.0000000002463000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameDataSync.exe2 vs ValorantHack.exe
Source: ValorantHack.exe	Binary or memory string: OriginalFilenameDataSync.exe2 vs ValorantHack.exe

Source: classification engine

Classification label: mal52.winEXE@3/1@0/0

Source: C:\Users\user\Desktop\ValorantHack.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ValorantHack.exe.log

Jump to behavior

Source: C:\Users\user\Desktop\ValorantHack.exe

Mutant created: NULL

Source: ValorantHack.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: ValorantHack.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%

Source: C:\Users\user\Desktop\ValorantHack.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\ValorantHack.exe

Process created: C:\Windows\SysWOW64\rundll32.exe "rundll32.exe" SystemCoreHelper.dll,GetCompiled

Source: ValorantHack.exe

Virustotal: Detection: 25%

Source: unknown	Process created: C:\Users\user\Desktop\ValorantHack.exe "C:\Users\user\Desktop\ValorantHack.exe"
Source: C:\Users\user\Desktop\ValorantHack.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "rundll32.exe" SystemCoreHelper.dll,GetCompiled
Source: C:\Users\user\Desktop\ValorantHack.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "rundll32.exe" SystemCoreHelper.dll,GetCompiled			Jump to behavior

Source: C:\Users\user\Desktop\ValorantHack.exe	Section loaded: mscoree.dll			Jump to behavior
Source: C:\Users\user\Desktop\ValorantHack.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Users\user\Desktop\ValorantHack.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\Desktop\ValorantHack.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Users\user\Desktop\ValorantHack.exe	Section loaded: vcruntime140_clr0400.dll			Jump to behavior
Source: C:\Users\user\Desktop\ValorantHack.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\Desktop\ValorantHack.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior

Source: ValorantHack.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: ValorantHack.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: ValorantHack.exe

Static file information: File size 31469568 > 1048576

Source: ValorantHack.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x1e01600

Source: ValorantHack.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: ValorantHack.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Data Obfuscation

Source: ValorantHack.exe

Static PE information: 0xFEB07701 [Thu May 28 18:14:25 2105 UTC]

Hooking and other Techniques for Hiding and Protection

Source: C:\Users\user\Desktop\ValorantHack.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\ValorantHack.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\ValorantHack.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\ValorantHack.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\ValorantHack.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\ValorantHack.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\ValorantHack.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\ValorantHack.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\ValorantHack.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\ValorantHack.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\ValorantHack.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\ValorantHack.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Malware Analysis System Evasion

Source: C:\Users\user\Desktop\ValorantHack.exe	Memory allocated: 4580000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\ValorantHack.exe	Memory allocated: 4770000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\ValorantHack.exe	Memory allocated: 6770000 memory reserve | memory write watch			Jump to behavior

Source: C:\Users\user\Desktop\ValorantHack.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\ValorantHack.exe TID: 6804

Thread sleep time: -922337203685477s >= -30000s

Jump to behavior

Source: C:\Users\user\Desktop\ValorantHack.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Anti Debugging

Source: C:\Users\user\Desktop\ValorantHack.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Source: C:\Users\user\Desktop\ValorantHack.exe

Process created: C:\Windows\SysWOW64\rundll32.exe "rundll32.exe" SystemCoreHelper.dll,GetCompiled

Jump to behavior

Language, Device and Operating System Detection

Source: C:\Users\user\Desktop\ValorantHack.exe

Queries volume information: C:\Users\user\Desktop\ValorantHack.exe VolumeInformation

Jump to behavior