Overview

overview

10

Static

static

10

Hogwarts L...er.exe

windows7-x64

1

Hogwarts L...er.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    267s
  • max time network
    336s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    12/02/2023, 01:27

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Hogwarts Legacy v1.0 Plus 22 Trainer.exe

  • Size

    1.5MB

  • MD5

    27344d8439934ef053013751a0f6989a

  • SHA1

    6b9eef0949931715ae47fb4db620a6136919eb6b

  • SHA256

    af55150d2915c8dac1063378fb872096443fa630b3d234a4008e18043ff992c7

  • SHA512

    646ed33d9d89fef0f5680e0d4a2e5bf072708763fb39a070368b9697b3c95ce845ee0cd4e4678de92fc52826655610bcfa82f108bc99adff133c66ae5e007528

  • SSDEEP

    24576:c3HIOFyr/LI8O6jXV5TIHvNJyxG7peDSVXT5XfeGQzya:2ArbOWl5CvLAGdzXT5Xfeh1

Score
1/10

Malware Config

Signatures

  • Modifies system certificate store 2 TTPs 4 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe
    "C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe"
    1⤵
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:580

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/580-54-0x0000000001D30000-0x0000000001D62000-memory.dmp

          Filesize

          200KB

          Download

        • memory/580-56-0x0000000001D20000-0x0000000001D2A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/580-55-0x0000000001D20000-0x0000000001D2A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/580-57-0x000000001B0CA000-0x000000001B0E9000-memory.dmp

          Filesize

          124KB

          Download

        • memory/580-59-0x0000000001D20000-0x0000000001D2A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/580-58-0x0000000001D20000-0x0000000001D2A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/580-60-0x000000001B0CA000-0x000000001B0E9000-memory.dmp

          Filesize

          124KB

          Download