Analysis Overview
SHA256
8eb3334ffbbc7acc174210126d8c7fe3e303c43d11f43582d451e315d057304a
Threat Level: Known bad
The file God of War v1.0 Plus 15 Trainer.exe was found to be: Known bad.
Malicious Activity Summary
R77 family
r77 rootkit payload
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-12-28 13:23
Signatures
R77 family
r77 rootkit payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2022-12-28 13:23
Reported
2022-12-28 13:26
Platform
win10-20220901-es
Max time kernel
150s
Max time network
126s
Command Line
Signatures
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\God of War v1.0 Plus 15 Trainer.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\God of War v1.0 Plus 15 Trainer.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\God of War v1.0 Plus 15 Trainer.exe
"C:\Users\Admin\AppData\Local\Temp\God of War v1.0 Plus 15 Trainer.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 8.8.8.8:53 | flingtrainer.com | udp |
| N/A | 172.67.177.160:443 | flingtrainer.com | tcp |
| N/A | 51.104.15.253:443 | tcp | |
| N/A | 209.197.3.8:80 | tcp |
Files
memory/2616-120-0x0000019C6E2B0000-0x0000019C6E2EE000-memory.dmp
memory/2616-121-0x0000019C706DA000-0x0000019C706DF000-memory.dmp
memory/2616-122-0x0000019C76050000-0x0000019C76152000-memory.dmp
memory/2616-123-0x0000019C706DA000-0x0000019C706DF000-memory.dmp