Malware Analysis Report

2025-01-02 06:57

Sample ID 221223-z5m73ahb63
Target Elden Ring v1.02-v1.03 Plus 30 Trainer.exe
SHA256 cc4864a25a305759921b73d753116873493f2c526a396839d4da6815492299d8
Tags
r77
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

cc4864a25a305759921b73d753116873493f2c526a396839d4da6815492299d8

Threat Level: Known bad

The file Elden Ring v1.02-v1.03 Plus 30 Trainer.exe was found to be: Known bad.

Malicious Activity Summary

r77

r77 rootkit payload

R77 family

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-12-23 21:18

Signatures

R77 family

r77

r77 rootkit payload

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-12-23 21:18

Reported

2022-12-23 21:20

Platform

win7-20221111-en

Max time kernel

150s

Max time network

107s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe"

Signatures

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe

"C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe"

Network

Country Destination Domain Proto
N/A 8.8.8.8:53 flingtrainer.com udp
N/A 104.21.35.160:443 flingtrainer.com tcp
N/A 104.21.35.160:443 flingtrainer.com tcp

Files

memory/1944-54-0x0000000000240000-0x000000000027E000-memory.dmp

memory/1944-55-0x000000001B13C000-0x000000001B15B000-memory.dmp

memory/1944-56-0x000000001B13C000-0x000000001B15B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2022-12-23 21:18

Reported

2022-12-23 21:20

Platform

win10v2004-20220812-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe"

Signatures

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe

"C:\Users\Admin\AppData\Local\Temp\Elden Ring v1.02-v1.03 Plus 30 Trainer.exe"

Network

Country Destination Domain Proto
N/A 8.8.8.8:53 flingtrainer.com udp
N/A 172.67.177.160:443 flingtrainer.com tcp
N/A 13.89.179.8:443 tcp
N/A 87.248.202.1:80 tcp

Files

memory/4296-132-0x00007FFD3D1B0000-0x00007FFD3DC71000-memory.dmp

memory/4296-133-0x0000019869F3A000-0x0000019869F3F000-memory.dmp

memory/4296-134-0x0000019870DE0000-0x0000019870DE3000-memory.dmp

memory/4296-135-0x00007FFD3D1B0000-0x00007FFD3DC71000-memory.dmp

memory/4296-136-0x0000019869F3A000-0x0000019869F3F000-memory.dmp

memory/4296-137-0x0000019870DE0000-0x0000019870DE3000-memory.dmp