Analysis Overview
SHA256
ea564cb6c1d59d29b0c415366f61b27b8a2456a33227005f80ec9d63120100c4
Threat Level: Known bad
The file Risk of Rain 2 v1.0 Plus 22 Trainer.exe was found to be: Known bad.
Malicious Activity Summary
R77 family
r77 rootkit payload
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-04-05 18:38
Signatures
R77 family
r77 rootkit payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2022-04-05 18:38
Reported
2022-04-05 18:39
Platform
win10v2004-20220331-en
Max time kernel
42s
Max time network
45s
Command Line
Signatures
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Risk of Rain 2 v1.0 Plus 22 Trainer.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Risk of Rain 2 v1.0 Plus 22 Trainer.exe
"C:\Users\Admin\AppData\Local\Temp\Risk of Rain 2 v1.0 Plus 22 Trainer.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | flingtrainer.com | udp |
| US | 104.21.35.160:443 | flingtrainer.com | tcp |
| IE | 52.109.76.30:443 | tcp | |
| US | 8.8.8.8:53 | api.msn.com | udp |
| US | 204.79.197.203:443 | api.msn.com | tcp |
| IE | 20.50.73.10:443 | tcp |
Files
memory/892-124-0x00007FFCFA2A0000-0x00007FFCFAD61000-memory.dmp
memory/892-125-0x0000022CF53C3000-0x0000022CF53C5000-memory.dmp
memory/892-126-0x0000022CF53C0000-0x0000022CF53C2000-memory.dmp
memory/892-127-0x0000022CF53C8000-0x0000022CF53CA000-memory.dmp
memory/892-128-0x0000022CF53CA000-0x0000022CF53CF000-memory.dmp