Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

Install Le...a1.exe

windows7-x64

1

Install Le...a1.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    90s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/02/2023, 17:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Install League of Legends la1.exe

  • Size

    66.7MB

  • MD5

    0dd7ec74b79bdc528d9ebda5f5d58caa

  • SHA1

    347eb25abb87736a5fb78ef35ccc3f0fb1c964d3

  • SHA256

    d2608eeb19b96c352fb829d56d873da29025fb66b0f219336b6b3b7a4eb8cb42

  • SHA512

    8804254a2d2bdd9b72e08fc38566e3f9b69034b76b86509d35bf7913a864b61664af3a8725c3ddbc8728210719ebf46b7e2c92033a0aae7fb38f9af5680b9355

  • SSDEEP

    1572864:TnRkz7Sp8K0UNl/Ywrt9E7lzPF5KBBhDIVIbjUp1xD:Gqp8KnAtqBBhDIVNj

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Install League of Legends la1.exe
    "C:\Users\Admin\AppData\Local\Temp\Install League of Legends la1.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:616
    • C:\Users\Admin\AppData\Local\Temp\Install League of Legends la1.exe
      "C:\Users\Admin\AppData\Local\Temp\Install League of Legends la1.exe" --agent --riotclient-app-port=49742 --riotclient-auth-token=1ViT5rOBU3_BwcqeqthF1g --app-root=C:/Users/Admin/AppData/Local/Temp "--data-root=C:/ProgramData/Riot Games/Metadata" "--update-root=C:/ProgramData/Riot Games/Metadata/Install League of Legends la1/Update" "--log-root=C:/Users/Admin/AppData/Local/Riot Games/Install League of Legends la1/Logs" "--user-data-root=C:/Users/Admin/AppData/Local/Riot Games/Install League of Legends la1" --session-id=61ba19d6-ede5-454f-8dc4-817fa11f4110
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:4896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Riot Games\machine.cfg
    Filesize

    39B

    MD5

    98942c8ccda20ba012bc7244f7a5bb76

    SHA1

    fee66bdc5fcb2b3544bebc784c0980ba0dd6b0fa

    SHA256

    76827ca1cc0e1e6a54e453c821ea9183bd5801d53da590297b34b6183902af06

    SHA512

    8957a4df3e7c489788b4cf61bdf7601c0facfcfd74a8af52bb4274d600894d6686238d5602286a56f9588de90f260c7f5d70f59d2f3974d09f91d1c345a7cc10

    Download Submit