2d3a7b5239e9e027038c638e624235e904c1c9d333ebbfd3b23bd21e91a49ef7

Analysis

max time kernel
150s
max time network
111s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
21-08-2022 09:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

《怪物猎人：世界》v20200109-v20210602 六十七项修改器[3DM]/Monster Hunter World v2020.exe
Size

1.6MB
MD5

eb3295617d26a4902d2c51fc8ca4c9b7
SHA1

c1cc56cac046678b5373ff473da1560b35cd4ca6
SHA256

f5e0c4f0ef809417d2fcde05fcc037308a323383226169c56912ae401e996bab
SHA512

f3fc1575075da3c875cb80e4d414a161d2c84be00febb7dacdfeab0f783117fd09984a95f5cf5863ccfa60069492a5e0313d183e01febb54b8b630ed3274eb66

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe
1848	Monster Hunter World v2020.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1848	Monster Hunter World v2020.exe

C:\Users\Admin\AppData\Local\Temp\《怪物猎人：世界》v20200109-v20210602 六十七项修改器[3DM]\Monster Hunter World v2020.exe
"C:\Users\Admin\AppData\Local\Temp\《怪物猎人：世界》v20200109-v20210602 六十七项修改器[3DM]\Monster Hunter World v2020.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1848

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1848-54-0x0000000001CA0000-0x0000000001CD2000-memory.dmp

Filesize
200KB

Download
memory/1848-55-0x000000001ADEC000-0x000000001AE0B000-memory.dmp

Filesize
124KB

Download
memory/1848-56-0x000000001ADEC000-0x000000001AE0B000-memory.dmp

Filesize
124KB

Download