File name:	PhasmoMenu v0.5.2.3 By PappyG_[unknowncheats.me]_.exe
Full analysis:	https://app.any.run/tasks/edb8dc5d-324b-4d25-ab24-ed8607e3cec9
Verdict:	Malicious activity
Analysis date:	June 07, 2024, 18:06:39
OS:	Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME:	application/x-dosexec
File info:	PE32 executable (GUI) Intel 80386, for MS Windows
MD5:	7BC39B1E9ECA1E9E34A960EC8AFC5BDA
SHA1:	A2B7C7A49376602E73BC2DDFD8FAD95BC669C4EC
SHA256:	0B5ABDAB10D692754FA7080F648A1CC83C823835A6C7CCACEE668E935794C743
SSDEEP:	98304:DilkE/beF6q6Spgi4sfObaqxhvOELVNCEY21J8xW1R7xW3VuP3+xlWs8VGWaJx1o:A5Z4OB7ku1+

.exe	\|	Win32 Executable MS Visual C++ (generic) (67.4)
.dll	\|	Win32 Dynamic Link Library (generic) (14.2)
.exe	\|	Win32 Executable (generic) (9.7)
.exe	\|	Generic Win/DOS Executable (4.3)
.exe	\|	DOS Executable Generic (4.3)

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2013:06:28 14:45:44+00:00
ImageFileCharacteristics:	Executable, 32-bit
PEType:	PE32
LinkerVersion:	9
CodeSize:	36352
InitializedDataSize:	7475200
UninitializedDataSize:	-
EntryPoint:	0x15eb
OSVersion:	5
ImageVersion:	-
SubsystemVersion:	5
Subsystem:	Windows GUI


(PID) Process:	(6660) PhasmoMenu v0.5.2.3 By PappyG_[unknowncheats.me]_.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Cheat Engine
Operation:	write	Name:	DPI Aware
Value: 1

PID	Process	Filename		Type
6600	PhasmoMenu v0.5.2.3 By PappyG_[unknowncheats.me]_.exe	C:\Users\admin\AppData\Local\Temp\cetrainers\CET341D.tmp\CET_Archive.dat		—
		MD5:—	SHA256:—
6600	PhasmoMenu v0.5.2.3 By PappyG_[unknowncheats.me]_.exe	C:\Users\admin\AppData\Local\Temp\cetrainers\CET341D.tmp\PhasmoMenu v0.5.2.3 By PappyG_[unknowncheats.me]_.exe		executable
		MD5:971B37CEDF686E0AC8CA0297A953AAD9	SHA256:1965546A19990B4523A1588EB0D7FDD42BD443E2BCC632DAE04343D358394AE7
6636	PhasmoMenu v0.5.2.3 By PappyG_[unknowncheats.me]_.exe	C:\Users\admin\AppData\Local\Temp\cetrainers\CET341D.tmp\extracted\PhasmoMenu v0.5.2.3 By PappyG_[unknowncheats.me]_.exe		executable
		MD5:EDEEF697CBF212B5ECFCD9C1D9A8803D	SHA256:AC9BCC7813C0063BDCD36D8E4E79A59B22F6E95C2D74C65A4249C7D5319AE3F6
6636	PhasmoMenu v0.5.2.3 By PappyG_[unknowncheats.me]_.exe	C:\Users\admin\AppData\Local\Temp\cetrainers\CET341D.tmp\extracted\autorun\dlls\MonoDataCollector32.dll		executable
		MD5:C5B870CE07DA5206D8A81E139920B7DC	SHA256:EB26B38A604CF98B95A39FD249C0771E351061A9894D22284CDFE984E8FC7A6C
6636	PhasmoMenu v0.5.2.3 By PappyG_[unknowncheats.me]_.exe	C:\Users\admin\AppData\Local\Temp\cetrainers\CET341D.tmp\extracted\autorun\forms\MonoDataCollector.frm		xml
		MD5:03D4DD46084BCBE16A39D72BA22E5446	SHA256:4F254BBC897AD0E165986D18577E0A04FD31C93CCA542A0999FA0093EDC5BC61
6636	PhasmoMenu v0.5.2.3 By PappyG_[unknowncheats.me]_.exe	C:\Users\admin\AppData\Local\Temp\cetrainers\CET341D.tmp\extracted\CET_TRAINER.CETRAINER		binary
		MD5:FEBD1A6978F677F9DE60F05C6FFB061A	SHA256:BE51321A68278F5DD7F76BD22E62711C07B269617EFED2FCD4B098D7B8864C0A
6636	PhasmoMenu v0.5.2.3 By PappyG_[unknowncheats.me]_.exe	C:\Users\admin\AppData\Local\Temp\cetrainers\CET341D.tmp\extracted\autorun\monoscript.lua		text
		MD5:76168CA68F3ED8ADE110B140244EFBAF	SHA256:5832B5AB00E84690AC1E780E8B1C4ABD9649465234C9FFA2CECB410BE66A6B8A
6636	PhasmoMenu v0.5.2.3 By PappyG_[unknowncheats.me]_.exe	C:\Users\admin\AppData\Local\Temp\cetrainers\CET341D.tmp\extracted\autorun\dlls\MonoDataCollector64.dll		executable
		MD5:4237719534B21BB179480ED8BB23C0CC	SHA256:15EE5851FF1B33E369B43C66D44E3D1452A212C2A37F337B680FE8BD88DF8748
6636	PhasmoMenu v0.5.2.3 By PappyG_[unknowncheats.me]_.exe	C:\Users\admin\AppData\Local\Temp\cetrainers\CET341D.tmp\extracted\autorun\luasymbols.lua		text
		MD5:DF4D243AB0407A1F03CCF448232FCF62	SHA256:C5A35380AF8BEBE96B85377F5F41F8C068CB857C74B9CB85B7467B35C1DE10C4
6636	PhasmoMenu v0.5.2.3 By PappyG_[unknowncheats.me]_.exe	C:\Users\admin\AppData\Local\Temp\cetrainers\CET341D.tmp\extracted\defines.lua		text
		MD5:62E1FA241D417668F7C5DA6E4009A5A6	SHA256:82E8EF7DF20A86791CEF062F2DCACB1D91B4ADC9F5DEA2FD274886BE8365B2F8

PID	Process	IP	Domain	ASN	CN	Reputation
4	System	192.168.100.255:138	—	—	—	whitelisted
5548	svchost.exe	51.104.136.2:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
4364	svchost.exe	239.255.255.250:1900	—	—	—	unknown
1744	RUXIMICS.exe	51.104.136.2:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	unknown
5140	MoUsoCoreWorker.exe	51.104.136.2:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	unknown
4	System	192.168.100.255:137	—	—	—	whitelisted
5140	MoUsoCoreWorker.exe	40.127.240.158:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	unknown
5456	svchost.exe	40.127.240.158:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	unknown
2908	OfficeClickToRun.exe	52.168.112.66:443	self.events.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	unknown

Domain	IP	Reputation
settings-win.data.microsoft.com	51.104.136.2 40.127.240.158	unknown
self.events.data.microsoft.com	52.168.112.66	unknown

General Info

PhasmoMenu v0.5.2.3 By PappyG_[unknowncheats.me]_.exe

7BC39B1E9ECA1E9E34A960EC8AFC5BDA

A2B7C7A49376602E73BC2DDFD8FAD95BC669C4EC

0B5ABDAB10D692754FA7080F648A1CC83C823835A6C7CCACEE668E935794C743

98304:DilkE/beF6q6Spgi4sfObaqxhvOELVNCEY21J8xW1R7xW3VuP3+xlWs8VGWaJx1o:A5Z4OB7ku1+

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

Drops the executable file immediately after the start

SUSPICIOUS

Executable content was dropped or overwritten

INFO

Checks supported languages

Reads the computer name

Create files in a temporary directory

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings