Malware Analysis Report

2024-12-08 02:27

Sample ID 230210-tl8rrshf92
Target Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
SHA256 a9ac519ca396e0878eb15b11d7c697bc175f380b00162f4cb351239353747d3a
Tags
r77
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a9ac519ca396e0878eb15b11d7c697bc175f380b00162f4cb351239353747d3a

Threat Level: Known bad

The file Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe was found to be: Known bad.

Malicious Activity Summary

r77

R77 family

r77 rootkit payload

Enumerates physical storage devices

Program crash

Modifies system certificate store

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-02-10 16:09

Signatures

R77 family

r77

r77 rootkit payload

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-02-10 16:09

Reported

2023-02-10 16:13

Platform

win7-20221111-en

Max time kernel

149s

Max time network

200s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe"

Signatures

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "26" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "382814103" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\DOMStorage\flingtrainer.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c2ca96a188178048b9a5f3f8eafb4db300000000020000000000106600000001000020000000fba7e983b50eac16d417a4a1d697bb21f7acefc9cf8d20daad827679696a1b59000000000e800000000200002000000002c9b08856ea9b071224e5ec0091e46b66f64c0d1575937e4d76ec0bad3d0f37200000002ce89c8a53b766b95745f10fba16e55545c0986eb3f1459d508fefe8b746a3b6400000003c0678949c058b7ee7823bae724aa0fefaa5add6131d778c8b16421f533b1f572507f9f1f32dfb71563f6be377800cbd22b271bfd6db31a9cd03b5c5889dd92c C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c2ca96a188178048b9a5f3f8eafb4db300000000020000000000106600000001000020000000d9ef8796ea92998e0f61321f31757bb64983d2f5463bfe0130fe8074ac0da95e000000000e8000000002000020000000f515219e790334c14a89bd5885aa8470f16a966af0fc1faff9617d69d3ae84d990000000ba88712f346dd81f5ea7b5392bbba2a0364ff0095b2492e9050961f53903adee16f0884447ecc46fbbb178432ec6fe25698a601e73da0043f7647a3bf0284ada639f3e36536bfd37d198af0b92f6729bb18c4f4d059e188ddedee5aec86ecd2e580871d92405ee13b7b74099962770170b3996027ba86711126312a991901bdf8135c753059de7661215e75f0a52b16740000000e720dab5861cea85d3d2e51b9a9280522b3deca6b86a7e8e9503235cef06bb5d018b3ab6aa6e74b76bde20ef9fbd3b93f4f4d766c8f5acd04655236f00228794 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\DOMStorage\flingtrainer.com\Total = "26" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\DOMStorage\flingtrainer.com\Total = "58" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "47" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\DOMStorage\flingtrainer.com\ = "58" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\DOMStorage\flingtrainer.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "58" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\DOMStorage\flingtrainer.com\ = "26" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FD49AB01-A965-11ED-B110-4EFAD8A2B6A5} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 603361f3723dd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47409000000010000000c000000300a06082b060105050703011d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c00b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f00740000000f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe

"C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://flingtrainer.com/tag/dragon-ball-z-kakarot

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:972 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 flingtrainer.com udp
US 104.21.35.160:443 flingtrainer.com tcp
US 104.21.35.160:443 flingtrainer.com tcp
US 104.21.35.160:443 flingtrainer.com tcp
US 172.67.177.160:443 flingtrainer.com tcp
US 172.67.177.160:443 flingtrainer.com tcp
US 172.67.177.160:443 flingtrainer.com tcp
US 172.67.177.160:443 flingtrainer.com tcp
US 172.67.177.160:443 flingtrainer.com tcp
US 172.67.177.160:443 flingtrainer.com tcp
US 172.67.177.160:443 flingtrainer.com tcp
US 172.67.177.160:443 flingtrainer.com tcp
US 172.67.177.160:443 flingtrainer.com tcp
US 172.67.177.160:443 flingtrainer.com tcp
US 172.67.177.160:443 flingtrainer.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.194:443 googleads.g.doubleclick.net tcp
NL 142.250.179.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 partner.googleadservices.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
NL 142.251.36.1:443 tpc.googlesyndication.com tcp
NL 142.251.36.1:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
NL 142.250.27.155:443 stats.g.doubleclick.net tcp
NL 142.250.27.155:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 fe0.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp

Files

memory/2012-54-0x0000000001C70000-0x0000000001CA2000-memory.dmp

memory/2012-55-0x00000000024EC000-0x000000000250B000-memory.dmp

memory/2012-56-0x00000000024EC000-0x000000000250B000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 f52c62cd342ecab74df733e90777db4c
SHA1 b0b8c50a110f9f278f51768663dddfe375546517
SHA256 a721740583dbc33f321d2d3ba435de82fe1d325b69fdd824cc348e7b1ff64f89
SHA512 b722e16f5404e9c3b5988e4e8f33dfcf3a989e12c9f5e5e4600544b04e8df61a3dffcc6f261ec980f8e786c8714e5487cd9887fb666b6a7dfd29e9be184d9b6a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 ce6e444ed50fdde4225048e6a38735dd
SHA1 bd11837a2d0479bb4ff67e620b535fe5c837aa78
SHA256 f041e8d3c5f1951d19c6a03171c00b8e8af946162fb380111dd26052b2118be4
SHA512 f1c9ece690b43870128424357934c1665a22353dd04257cdccf93ed34c87b341c880efac388a725fbbd9ed6c4839fb6cc4652be2aa5bd4ae77b8bdcdde951cb7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9FF67FB3141440EED32363089565AE60_05ED48EBCAD3CF1C57469DA2AC7B214B

MD5 e6bfb75272dcd99e4c743ffc1b332c9b
SHA1 fc273e463f921daf51ad55fa8e5fad5f7e798641
SHA256 d66ea8fc2ebd44ee2ba9f20f7ee7a3da98aebed52ed1d644ecad40c8927027c7
SHA512 e71f6203f83b839dc48c6325823d8922620bc11f84179e7509acbcaea2e84af36334190a1d3de0ae16101ad3784d9d8b40f74225187969e7984859db6ae1a367

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9FF67FB3141440EED32363089565AE60_05ED48EBCAD3CF1C57469DA2AC7B214B

MD5 53abdc45c1a134121aaebb3612781d73
SHA1 68cb11aa3bcb7568f49402074412ced31a1ebc7a
SHA256 f8b5e93e3a26d2f41edc42ea9d3262726bcb876bd938ad2236a9aab16278ba73
SHA512 d1af482854aacfe3da513d55521ae25e92516f552fbad9a1aaecff271045958d0b35d268d57209b029a62936ee52f3755c90b804211f7a153fb0e5e39e2aee97

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 fc4666cbca561e864e7fdf883a9e6661
SHA1 2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5
SHA256 10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b
SHA512 c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 032cd9aa51a615f48092b5b87de46a7e
SHA1 f8ce5560d14491fcb768817c581eb9d3d9a7470f
SHA256 737767a676313e2f70ed1e42bc875b18ff351d2c79504d73266648d1bd1895cf
SHA512 da013f0f3733d7c761d4b45112c4d3f50c64ce9075ed3cdd0c71ea071c1d6735bd05e415b71efdd6eb3789c2722d53fa6f80527413c738cbc4459fade5a86435

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\try74lz\imagestore.dat

MD5 3620383de14da28e3152e4be049125c6
SHA1 f24e7356208199de846b825c6e7e5000ba71b271
SHA256 2c2fe9e757691cd2c05c3ef470e2e7c2a22c8b07a8e27ae8b9779f6d73339a31
SHA512 51cb018a9aeb11bbc71cba82019d91976c6632cd592b6916d5060119b7873d4802e9ab6422a00ee1dc25a66f2bf18c0c4f85e170fb3a975a770c789c1c3a0c6e

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\KI43NRHK.txt

MD5 5751b4421a00f47ad8cd5d043a6c90f8
SHA1 b11389b16afd301f8641df897f822223c40702d0
SHA256 d797029054aba69c51156d2c44d40a1b420cb3b0cd2b3290dbc7bdaeca7b129f
SHA512 603a000ded9056266e54e8d6b485e8eb8174c8abd01232eaf62cb1d3e58daa2f1da118db5611c18ad60a1187f1e6d197586e643db46c52037e9f45599aafb948

Analysis: behavioral2

Detonation Overview

Submitted

2023-02-10 16:09

Reported

2023-02-10 16:13

Platform

win10v2004-20221111-en

Max time kernel

138s

Max time network

160s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe

"C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 416 -p 4840 -ip 4840

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 4840 -s 1164

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 508 -p 4840 -ip 4840

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 4840 -s 1164

Network

Country Destination Domain Proto
US 8.248.7.254:80 tcp
US 93.184.220.29:80 tcp
US 8.248.7.254:80 tcp
NL 88.221.25.154:80 tcp
NL 88.221.25.154:80 tcp
NL 104.80.225.205:443 tcp
IE 20.50.73.9:443 tcp
US 204.79.197.200:443 tcp
NL 8.238.177.126:80 tcp
US 8.248.7.254:80 tcp
US 8.248.7.254:80 tcp
US 8.248.7.254:80 tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp

Files

memory/4840-132-0x00007FFB80490000-0x00007FFB80F51000-memory.dmp

memory/4840-133-0x00007FFB80490000-0x00007FFB80F51000-memory.dmp