ea564cb6c1d59d29b0c415366f61b27b8a2456a33227005f80ec9d63120100c4

Analysis

max time kernel
42s
max time network
45s
platform
windows10-2004_x64
resource
win10v2004-20220331-en
submitted
05-04-2022 18:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Risk of Rain 2 v1.0 Plus 22 Trainer.exe
Size

1.5MB
MD5

32a2fc44e119549fcdc1aa8e988b08c3
SHA1

a2f2a3d8283aee058e0c24898dce6546590b8386
SHA256

ea564cb6c1d59d29b0c415366f61b27b8a2456a33227005f80ec9d63120100c4
SHA512

b92104664d247940c77f9462bd4a10bb48ad6eca39cbf1246c7ffcae396a6b93896f923e83e007f99a406715c4d64417d6e4435c7bf24f91afd404eeb2cd5b39

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe
892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	892	Risk of Rain 2 v1.0 Plus 22 Trainer.exe

C:\Users\Admin\AppData\Local\Temp\Risk of Rain 2 v1.0 Plus 22 Trainer.exe
"C:\Users\Admin\AppData\Local\Temp\Risk of Rain 2 v1.0 Plus 22 Trainer.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/892-124-0x00007FFCFA2A0000-0x00007FFCFAD61000-memory.dmp

Filesize
10.8MB

Download
memory/892-125-0x0000022CF53C3000-0x0000022CF53C5000-memory.dmp

Filesize
8KB

Download
memory/892-126-0x0000022CF53C0000-0x0000022CF53C2000-memory.dmp

Filesize
8KB

Download
memory/892-127-0x0000022CF53C8000-0x0000022CF53CA000-memory.dmp

Filesize
8KB

Download
memory/892-128-0x0000022CF53CA000-0x0000022CF53CF000-memory.dmp

Filesize
20KB

Download