a3b64e0493c8e9f98b780127d50becb82f6aa268b455219e9270b5d7c104875f

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 06:11

Target

Final Fantasy VII Remake Intergrade v1.0 Plus 24 Trainer.exe
Size

1.4MB
MD5

f28c0ceb4a1c2245f3130e51a1b1ab47
SHA1

abbb49bfc6e897c00af55e7196d97f6b7aa6b350
SHA256

ae61ac07081e736748923fd4d5ef8282377b6426aa1b403ab45186b9b583b6e8
SHA512

1a9071431eb00aae8fdc543381e4ba45141739adf5961c3693994f57acec74837e864ad5474f1c747c547acd74307cbb46f38b10b7ef35ca201e0474b5ae6271
SSDEEP

24576:8tFS4j1cVPdZ8bBHeNxfMCrMhvHyZkno8DSdAqKWbJ7:eriVabB+NeCANRofV7

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
3016	Final Fantasy VII Remake Intergrade v1.0 Plus 24 Trainer.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3016	Final Fantasy VII Remake Intergrade v1.0 Plus 24 Trainer.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3016 wrote to memory of 2672	3016	Final Fantasy VII Remake Intergrade v1.0 Plus 24 Trainer.exe	28
PID 3016 wrote to memory of 2672	3016	Final Fantasy VII Remake Intergrade v1.0 Plus 24 Trainer.exe	28
PID 3016 wrote to memory of 2672	3016	Final Fantasy VII Remake Intergrade v1.0 Plus 24 Trainer.exe	28

C:\Users\Admin\AppData\Local\Temp\Final Fantasy VII Remake Intergrade v1.0 Plus 24 Trainer.exe
"C:\Users\Admin\AppData\Local\Temp\Final Fantasy VII Remake Intergrade v1.0 Plus 24 Trainer.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3016
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3016 -s 916
  2⤵
  PID:2672

memory/3016-0-0x000007FEF5F80000-0x000007FEF696C000-memory.dmp

Filesize
9.9MB

Download
memory/3016-1-0x000000001AE10000-0x000000001AE90000-memory.dmp

Filesize
512KB

Download
memory/3016-2-0x0000000000440000-0x000000000047E000-memory.dmp

Filesize
248KB

Download
memory/3016-3-0x000000001AE10000-0x000000001AE90000-memory.dmp

Filesize
512KB

Download
memory/3016-4-0x000000001AE10000-0x000000001AE90000-memory.dmp

Filesize
512KB

Download
memory/3016-5-0x000000001AE10000-0x000000001AE90000-memory.dmp

Filesize
512KB

Download
memory/3016-9-0x000000001AE10000-0x000000001AE90000-memory.dmp

Filesize
512KB

Download
memory/3016-10-0x000007FEF5F80000-0x000007FEF696C000-memory.dmp

Filesize
9.9MB

Download
memory/3016-11-0x000000001AE10000-0x000000001AE90000-memory.dmp

Filesize
512KB

Download