Malware Analysis Report

2025-01-02 06:56

Sample ID 230212-byg6gaad68
Target Hogwarts Legacy v1.0 Plus 22 Trainer.exe
SHA256 af55150d2915c8dac1063378fb872096443fa630b3d234a4008e18043ff992c7
Tags
r77
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

af55150d2915c8dac1063378fb872096443fa630b3d234a4008e18043ff992c7

Threat Level: Known bad

The file Hogwarts Legacy v1.0 Plus 22 Trainer.exe was found to be: Known bad.

Malicious Activity Summary

r77

R77 family

r77 rootkit payload

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-02-12 01:33

Signatures

R77 family

r77

r77 rootkit payload

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-02-12 01:33

Reported

2023-02-12 01:36

Platform

win7-20220812-en

Max time kernel

151s

Max time network

141s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe"

Signatures

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe

"C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 flingtrainer.com udp
US 172.67.177.160:443 flingtrainer.com tcp
US 172.67.177.160:443 flingtrainer.com tcp

Files

memory/1476-54-0x0000000001CC0000-0x0000000001CF2000-memory.dmp

memory/1476-56-0x0000000001CA0000-0x0000000001CAA000-memory.dmp

memory/1476-55-0x0000000001CA0000-0x0000000001CAA000-memory.dmp

memory/1476-57-0x00000000028EA000-0x0000000002909000-memory.dmp

memory/1476-58-0x0000000001CA0000-0x0000000001CAA000-memory.dmp

memory/1476-59-0x00000000028EA000-0x0000000002909000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-02-12 01:33

Reported

2023-02-12 01:36

Platform

win10v2004-20220812-en

Max time kernel

159s

Max time network

168s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe"

Signatures

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe

"C:\Users\Admin\AppData\Local\Temp\Hogwarts Legacy v1.0 Plus 22 Trainer.exe"

Network

Country Destination Domain Proto
NL 8.253.208.113:80 tcp
US 67.27.153.254:80 tcp
US 8.8.8.8:53 flingtrainer.com udp
US 172.67.177.160:443 flingtrainer.com tcp
US 93.184.220.29:80 tcp
US 172.67.177.160:443 flingtrainer.com tcp
US 93.184.220.29:80 tcp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
US 93.184.220.29:80 tcp
US 20.42.65.84:443 tcp
US 172.67.34.170:443 tcp
US 172.67.177.160:443 flingtrainer.com tcp
US 172.67.177.160:443 flingtrainer.com tcp
US 104.21.35.160:443 flingtrainer.com tcp
NL 8.253.208.113:80 tcp
NL 8.253.208.113:80 tcp
NL 8.238.20.254:80 tcp

Files

memory/800-132-0x0000018C67B40000-0x0000018C67B72000-memory.dmp

memory/800-133-0x00007FF833AC0000-0x00007FF834581000-memory.dmp

memory/800-134-0x0000018C714E0000-0x0000018C714E8000-memory.dmp

memory/800-135-0x0000018C70140000-0x0000018C70178000-memory.dmp

memory/800-136-0x0000018C70110000-0x0000018C7011E000-memory.dmp

memory/800-137-0x00007FF833AC0000-0x00007FF834581000-memory.dmp