63099056cb799342f77361e6b5c8699c228f3a9721054309a419568069638434

Analysis

max time kernel
150s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
24-10-2022 00:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
Size

1.3MB
MD5

f33994ea6d1435c9ce022be397d577db
SHA1

d289253f905c33e0808a20634d02379285a81c6f
SHA256

9176d5869473bf0624ad1006a00df74d2e3042387ed43536ed84ebd3fe853847
SHA512

1230c1c5037521458c973055ff436759de848af2352b1218dd5e07eff7bd08d7b0e23a55f4b314d9a45cd863874cc71c4afe4c1dd13d6064c00b62b280997b26
SSDEEP

24576:d0f5g1jTVqnV0HNz2oKjHdlukYy8RfEQbJ74A9BDS:OhIknaHlHgdd2fEQV779

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3280	Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe

C:\Users\Admin\AppData\Local\Temp\Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe
"C:\Users\Admin\AppData\Local\Temp\Gui Gu Ba Huang Early Access Plus 54 Trainer Updated 2022.07.19.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3280

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3280-132-0x000002717C760000-0x000002717C790000-memory.dmp

Filesize
192KB

Download
memory/3280-133-0x00007FFC9FA40000-0x00007FFCA0501000-memory.dmp

Filesize
10.8MB

Download
memory/3280-134-0x000002717FEB0000-0x000002717FEB8000-memory.dmp

Filesize
32KB

Download
memory/3280-135-0x000002717FF00000-0x000002717FF38000-memory.dmp

Filesize
224KB

Download
memory/3280-136-0x000002717FEC0000-0x000002717FECE000-memory.dmp

Filesize
56KB

Download
memory/3280-137-0x00007FFC9FA40000-0x00007FFCA0501000-memory.dmp

Filesize
10.8MB

Download