dad77209dea88cae7c63804e081920c411c3656d4f787174ad3f2c1de876bd1c

Analysis

max time kernel
143s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
21-07-2023 17:25

Target

Mount and Blade II Bannerlord v1.0-v1.1.0 Plus 33 Trainer.exe
Size

1.6MB
MD5

09c3035eada95859a50bcbfb724c12e7
SHA1

3a57b3edaa815963ce836b95113a5cd3e7e4990f
SHA256

dad77209dea88cae7c63804e081920c411c3656d4f787174ad3f2c1de876bd1c
SHA512

29536b4cd70b783566f53696236f28e5c57c4de5498847f948b5ab3fa867cb382fa7c32bd6913cab52e885058e64b7b2ac70fb8b93f743129b4522f882e1115f
SSDEEP

24576:Dx90EHDoN8ZyNi5sXlyE3Zpjbs5HyaViYcDSVXT5XsM1:9PHSyYi6cEzg5H1jXT5XR

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4420	2552	WerFault.exe	83

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2552	Mount and Blade II Bannerlord v1.0-v1.1.0 Plus 33 Trainer.exe

C:\Users\Admin\AppData\Local\Temp\Mount and Blade II Bannerlord v1.0-v1.1.0 Plus 33 Trainer.exe
"C:\Users\Admin\AppData\Local\Temp\Mount and Blade II Bannerlord v1.0-v1.1.0 Plus 33 Trainer.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2552
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2552 -s 1660
  2⤵
  - Program crash
  PID:4420

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 404 -p 2552 -ip 2552
1⤵
PID:2388

C:\Users\Admin\AppData\Local\Temp\FLiNGTrainer.tmp

Filesize
183KB

MD5
9d2940e9cdc66572d9a4d9954eccf8c1

SHA1
73b30dd1a9a70b96f0bfe880aa51c2fd04e0500a

SHA256
53bf7c86ab01c763ce63acb0aa3f2956be836f6af0421fef0a909e22b037fbcc

SHA512
ad1048809cf2baa77bec3ec61bfd28db942705db8c2648e613c2efcf6d1849ef470c13c36d33277dd53fbe53a55865855d114ca33df1b852f813c191bc9e78f2

Download Submit
memory/2552-135-0x0000022C7D2A0000-0x0000022C7D2D4000-memory.dmp

Filesize
208KB

Download
memory/2552-138-0x00007FFC8A1E0000-0x00007FFC8ACA1000-memory.dmp

Filesize
10.8MB

Download
memory/2552-139-0x0000022C7DD10000-0x0000022C7DD20000-memory.dmp

Filesize
64KB

Download
memory/2552-140-0x0000022C7DD10000-0x0000022C7DD20000-memory.dmp

Filesize
64KB

Download
memory/2552-141-0x0000022C7DD10000-0x0000022C7DD20000-memory.dmp

Filesize
64KB

Download
memory/2552-142-0x0000022C7FF70000-0x0000022C7FF78000-memory.dmp

Filesize
32KB

Download
memory/2552-144-0x00007FFC8A1E0000-0x00007FFC8ACA1000-memory.dmp

Filesize
10.8MB

Download