2b2ff0f08c60f44ce321573ce0f00a44e336538775735a8f5d6644a12b46124f

Analysis

max time kernel
47s
max time network
48s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
25-05-2023 20:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PlayniteInstaller.exe
Size

248KB
MD5

216721738f08fbd3b233e07619950619
SHA1

08c9849bfc78aa4f8f358cbf2301598fdb48620f
SHA256

2b2ff0f08c60f44ce321573ce0f00a44e336538775735a8f5d6644a12b46124f
SHA512

24d6f3e6cd9b823169cdcce8977f03b38a7b9579ff8c65257570de9aeb440cf966fc2c571d9de363d10eead47a49c58bf4d55f9ae2860a0fea76cc84e77426cf
SSDEEP

3072:xNi5RzqbBZCKzSU/8+xFO0AtqtCi2yJir3YgECNWmkCK2yJir3YgECNWmTN8lQx1:7iDzqfoKtO0Atq6Z

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2028	PlayniteInstaller.exe

C:\Users\Admin\AppData\Local\Temp\PlayniteInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\PlayniteInstaller.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2028

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2028-54-0x0000000000250000-0x0000000000290000-memory.dmp

Filesize
256KB

Download
memory/2028-55-0x0000000004890000-0x00000000048D0000-memory.dmp

Filesize
256KB

Download
memory/2028-56-0x0000000000310000-0x000000000031A000-memory.dmp

Filesize
40KB

Download
memory/2028-57-0x0000000004890000-0x00000000048D0000-memory.dmp

Filesize
256KB

Download
memory/2028-58-0x0000000004890000-0x00000000048D0000-memory.dmp

Filesize
256KB

Download
memory/2028-59-0x0000000004890000-0x00000000048D0000-memory.dmp

Filesize
256KB

Download