Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    106s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    27/04/2023, 21:21 UTC

General

  • Target

    God of War v1.0-v1.0.2 Plus 15 Trainer.exe

  • Size

    1.4MB

  • MD5

    9faacd1a138c7b8835ef20c59ac21108

  • SHA1

    9d2273ffa0a4feca417aa77745b1c31931d67973

  • SHA256

    4ec7dfe3818d650ed9adc12dc8127adb656bfcb42b779b7a4536502f291ce175

  • SHA512

    14b0e1ad0a9db3f455723215b7467275c944370d18cce691706f8c368fcf806d7d3741af74c383334746239bf8cd7d58ae42c732a59dbb4aac2347c90c4c089a

  • SSDEEP

    24576:bQdnyqwGxVsxD9m02dT4hqJDDfyNYpXDSv5bJ7:WeGHsxxmNEhq9qNYp+V7

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\God of War v1.0-v1.0.2 Plus 15 Trainer.exe
    "C:\Users\Admin\AppData\Local\Temp\God of War v1.0-v1.0.2 Plus 15 Trainer.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1052

Network

  • flag-us
    DNS
    flingtrainer.com
    God of War v1.0-v1.0.2 Plus 15 Trainer.exe
    Remote address:
    8.8.8.8:53
    Request
    flingtrainer.com
    IN A
    Response
    flingtrainer.com
    IN A
    104.21.35.160
    flingtrainer.com
    IN A
    172.67.177.160
  • flag-us
    GET
    https://flingtrainer.com/wp-content/check-for-trainer-update/god-of-war-trainer
    God of War v1.0-v1.0.2 Plus 15 Trainer.exe
    Remote address:
    104.21.35.160:443
    Request
    GET /wp-content/check-for-trainer-update/god-of-war-trainer HTTP/1.1
    User-Agent: FLiNGTrainer
    Host: flingtrainer.com
    Response
    HTTP/1.1 200 OK
    Date: Thu, 27 Apr 2023 21:21:52 GMT
    Content-Length: 11
    Connection: keep-alive
    last-modified: Sun, 20 Nov 2022 22:43:53 GMT
    etag: "b-5edeeac67390f"
    accept-ranges: bytes
    Cache-Control: no-cache, no-store, must-revalidate
    pragma: no-cache
    expires: 0
    x-frame-options: SAMEORIGIN
    x-xss-protection: 1; mode=block
    x-content-type-options: nosniff
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s6Zg%2BjxQApAFxyNhko37rJyzkZMpaqQWhs9RR4s6OBqRNLwvTOhsDbeLxDwGdh1bE95mrXOrLw1lbBsnFhdL1k3RpmGAh9q8QJsLD%2B%2FbB3q6qoaJsPcis8g5QcP4a7Nlw90N"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 7bea1e1b3a490b6c-AMS
    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
  • flag-us
    GET
    https://flingtrainer.com/wp-content/check-for-trainer-update/get-trainer-update
    God of War v1.0-v1.0.2 Plus 15 Trainer.exe
    Remote address:
    104.21.35.160:443
    Request
    GET /wp-content/check-for-trainer-update/get-trainer-update HTTP/1.1
    User-Agent: FLiNGTrainer
    Host: flingtrainer.com
    Response
    HTTP/1.1 200 OK
    Date: Thu, 27 Apr 2023 21:21:52 GMT
    Content-Length: 6
    Connection: keep-alive
    last-modified: Sat, 13 Feb 2021 01:32:39 GMT
    etag: "6-5bb2dba77b7fa"
    accept-ranges: bytes
    Cache-Control: no-cache, no-store, must-revalidate
    pragma: no-cache
    expires: 0
    x-frame-options: SAMEORIGIN
    x-xss-protection: 1; mode=block
    x-content-type-options: nosniff
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Cuzr1SbRMl3WLDq5yHL5q3wA9jRW%2BgYdy9Ffdo3SQXlvjUcXVaF5HSXDll8brBW2J05QJfWmLfZcnMPAs8JwGOFMs3HlH0Xwcio6I4%2FFMawY40lX0Ho4q%2Bu9Eh8vm54Q8%2FF5"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 7bea1e1dab8d0a70-AMS
    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
  • 104.21.35.160:443
    https://flingtrainer.com/wp-content/check-for-trainer-update/god-of-war-trainer
    tls, http
    God of War v1.0-v1.0.2 Plus 15 Trainer.exe
    896 B
    7.5kB
    9
    11

    HTTP Request

    GET https://flingtrainer.com/wp-content/check-for-trainer-update/god-of-war-trainer

    HTTP Response

    200
  • 104.21.35.160:443
    https://flingtrainer.com/wp-content/check-for-trainer-update/get-trainer-update
    tls, http
    God of War v1.0-v1.0.2 Plus 15 Trainer.exe
    896 B
    7.5kB
    9
    11

    HTTP Request

    GET https://flingtrainer.com/wp-content/check-for-trainer-update/get-trainer-update

    HTTP Response

    200
  • 8.8.8.8:53
    flingtrainer.com
    dns
    God of War v1.0-v1.0.2 Plus 15 Trainer.exe
    62 B
    94 B
    1
    1

    DNS Request

    flingtrainer.com

    DNS Response

    104.21.35.160
    172.67.177.160

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\FLiNGTrainer\TrainerSettings.ini

    Filesize

    29B

    MD5

    100ad43a6e39d44013fad7f3aa343e3b

    SHA1

    dc8050bdee8a74354cb4a2057e4e703e7a460943

    SHA256

    a7b15ee77dd0db946e7fdbf574889bd30c23fa3d7bff6d509df118595ee14ec5

    SHA512

    20f9b26416804f917d0642d35de32ccae0849c34bff4eb75c6450b1ee83756f3275850101d7482eb59c78356b1489c2d4db6cd95ae9b72b64d5eeab700d36ba8

  • memory/1052-54-0x0000000001D20000-0x0000000001D5E000-memory.dmp

    Filesize

    248KB

  • memory/1052-56-0x000000001AEF0000-0x000000001AF70000-memory.dmp

    Filesize

    512KB

  • memory/1052-55-0x000000001AEF0000-0x000000001AF70000-memory.dmp

    Filesize

    512KB

  • memory/1052-57-0x000000001AEF0000-0x000000001AF70000-memory.dmp

    Filesize

    512KB

  • memory/1052-61-0x000000001AEF0000-0x000000001AF70000-memory.dmp

    Filesize

    512KB

  • memory/1052-82-0x000000001AEF0000-0x000000001AF70000-memory.dmp

    Filesize

    512KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.