Analysis Overview
SHA256
fd3faaddd9eb1c640e8bdf5831b63660500b67dfa4082c9a273a6c9530708c67
Threat Level: Known bad
The file fd3faaddd9eb1c640e8bdf5831b63660500b67dfa4082c9a273a6c9530708c67 was found to be: Known bad.
Malicious Activity Summary
R77 family
r77 rootkit payload
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-08-06 13:17
Signatures
R77 family
r77 rootkit payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2022-08-06 13:17
Reported
2022-08-06 13:20
Platform
win7-20220715-en
Max time kernel
151s
Max time network
116s
Command Line
Signatures
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\fd3faaddd9eb1c640e8bdf5831b63660500b67dfa4082c9a273a6c9530708c67.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\fd3faaddd9eb1c640e8bdf5831b63660500b67dfa4082c9a273a6c9530708c67.exe
"C:\Users\Admin\AppData\Local\Temp\fd3faaddd9eb1c640e8bdf5831b63660500b67dfa4082c9a273a6c9530708c67.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | flingtrainer.com | udp |
| US | 104.21.35.160:443 | flingtrainer.com | tcp |
| US | 104.21.35.160:443 | flingtrainer.com | tcp |
Files
memory/1936-54-0x00000000001B0000-0x00000000001E0000-memory.dmp
memory/1936-56-0x0000000000190000-0x000000000019A000-memory.dmp
memory/1936-57-0x000000001AEEA000-0x000000001AF09000-memory.dmp
memory/1936-55-0x0000000000190000-0x000000000019A000-memory.dmp
memory/1936-58-0x000000001AEEA000-0x000000001AF09000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-08-06 13:17
Reported
2022-08-06 13:20
Platform
win10v2004-20220722-en
Max time kernel
153s
Max time network
139s
Command Line
Signatures
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\fd3faaddd9eb1c640e8bdf5831b63660500b67dfa4082c9a273a6c9530708c67.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\fd3faaddd9eb1c640e8bdf5831b63660500b67dfa4082c9a273a6c9530708c67.exe
"C:\Users\Admin\AppData\Local\Temp\fd3faaddd9eb1c640e8bdf5831b63660500b67dfa4082c9a273a6c9530708c67.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | flingtrainer.com | udp |
| US | 172.67.177.160:443 | flingtrainer.com | tcp |
| US | 93.184.221.240:80 | tcp | |
| US | 93.184.221.240:80 | tcp |
Files
memory/5092-132-0x000001EADAAA0000-0x000001EADAAD0000-memory.dmp
memory/5092-133-0x00007FFDCB990000-0x00007FFDCC451000-memory.dmp
memory/5092-134-0x000001EADB100000-0x000001EADB108000-memory.dmp
memory/5092-135-0x000001EAF9EF0000-0x000001EAF9F28000-memory.dmp
memory/5092-136-0x000001EAF3640000-0x000001EAF364E000-memory.dmp
memory/5092-137-0x00007FFDCB990000-0x00007FFDCC451000-memory.dmp