d2608eeb19b96c352fb829d56d873da29025fb66b0f219336b6b3b7a4eb8cb42

Analysis

max time kernel
37s
max time network
212s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02-02-2023 17:37

Target

Install League of Legends la1.exe
Size

66.7MB
MD5

0dd7ec74b79bdc528d9ebda5f5d58caa
SHA1

347eb25abb87736a5fb78ef35ccc3f0fb1c964d3
SHA256

d2608eeb19b96c352fb829d56d873da29025fb66b0f219336b6b3b7a4eb8cb42
SHA512

8804254a2d2bdd9b72e08fc38566e3f9b69034b76b86509d35bf7913a864b61664af3a8725c3ddbc8728210719ebf46b7e2c92033a0aae7fb38f9af5680b9355
SSDEEP

1572864:TnRkz7Sp8K0UNl/Ywrt9E7lzPF5KBBhDIVIbjUp1xD:Gqp8KnAtqBBhDIVNj

Score

1^/10

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeIncBasePriorityPrivilege	1852	Install League of Legends la1.exe
Token: SeIncBasePriorityPrivilege	1476	Install League of Legends la1.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1852 wrote to memory of 1476	1852	Install League of Legends la1.exe	26
PID 1852 wrote to memory of 1476	1852	Install League of Legends la1.exe	26
PID 1852 wrote to memory of 1476	1852	Install League of Legends la1.exe	26
PID 1852 wrote to memory of 1476	1852	Install League of Legends la1.exe	26
PID 1852 wrote to memory of 1476	1852	Install League of Legends la1.exe	26
PID 1852 wrote to memory of 1476	1852	Install League of Legends la1.exe	26
PID 1852 wrote to memory of 1476	1852	Install League of Legends la1.exe	26

C:\Users\Admin\AppData\Local\Temp\Install League of Legends la1.exe
"C:\Users\Admin\AppData\Local\Temp\Install League of Legends la1.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1852
- C:\Users\Admin\AppData\Local\Temp\Install League of Legends la1.exe
  "C:\Users\Admin\AppData\Local\Temp\Install League of Legends la1.exe" --agent --riotclient-app-port=49164 --riotclient-auth-token=Zxk2bV1NFtupjVg6UaKtzQ --app-root=C:/Users/Admin/AppData/Local/Temp "--data-root=C:/ProgramData/Riot Games/Metadata" "--update-root=C:/ProgramData/Riot Games/Metadata/Install League of Legends la1/Update" "--log-root=C:/Users/Admin/AppData/Local/Riot Games/Install League of Legends la1/Logs" "--user-data-root=C:/Users/Admin/AppData/Local/Riot Games/Install League of Legends la1" --session-id=fb131073-e20b-7b44-9ac3-3e3e7d0b0ac2
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1476

C:\ProgramData\Riot Games\machine.cfg

Filesize
39B

MD5
2ecec244d6d61dc41820e7b7e53751aa

SHA1
242834bdc21be7a41a256ee99df1bc437bdd0cab

SHA256
ecdedb4a2035ae164a58f1f88282ada1ef6403b2ffb2ff9de9b93e0d49aeea37

SHA512
d8d41149d2e2aea7865594386615b3d379ed4ecf385715d323d18efd732228911a346e9fa2a60bcfcba5025eb6da2a6efc86bddbb263710e927acabeacfc571b

Download Submit
memory/1852-54-0x0000000076151000-0x0000000076153000-memory.dmp

Filesize
8KB

Download