56955378e61028ec4b41b3fc7f0f1b70d26ef7dadced8ce5845a6fbaa3233dac

General

Target

Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
Size

78KB
MD5

163ac5f5d72546cd7e4faddb77310e1e
SHA1

7c07a0900de8a567fd3af74792d8175a490c6521
SHA256

2e2308368370aeaf1137f3c68f0cb563ae7b221f2e8a36afa015d11b7017134d
SHA512

efea2f6ff5336b04a6a0d5cdb0794c5728108f0d40c52b325b088f94bcdf8236471a87f7ba3fe85d318209a75b8cf8c3fdf69ed5c6722e320fdc5914c5bb0e15
SSDEEP

1536:zGvbCpEPTSy1z32XWHeaLcqm8hfGmaVnKMKlvk:tpE+Ej2XI9hfGmYnzO

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe

pid	process
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description pid process

Token: 33 444 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 444 AUDIODG.EXE

description	pid	process
Token: 33	444	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	444	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe

pid	process
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
1108	Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe

C:\Users\Admin\AppData\Local\Temp\Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe
"C:\Users\Admin\AppData\Local\Temp\Batman_Arkham_Asylum_V1.0_Plus_4_Trainer_By_KelSat.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1108

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e4 0x50c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1108-133-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1108-134-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1108-135-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1108-136-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1108-137-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1108-138-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1108-139-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1108-140-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1108-141-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1108-142-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1108-143-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1108-144-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1108-145-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1108-146-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1108-147-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1108-148-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download

Analysis

Sharing