b2e716c5f45873bc7504493a24f872073a97782f7c8f18f586915a6cd0a8c106

Analysis

max time kernel
152s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
15-10-2023 00:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Starfield v1.0 Plus 36 Trainer.exe
Size

1.6MB
MD5

749f62dbd4c5605b1bf3f985dfd22380
SHA1

06cd246b5b753fb824ca3636daf9f30494db0bca
SHA256

b2e716c5f45873bc7504493a24f872073a97782f7c8f18f586915a6cd0a8c106
SHA512

13ec54499c0f2af7d1b520fbe406bf62d2e5a15f6cebfed5ef99bbf61def1a89b65720e7e4c5a943eb49ea03b607f08ac5b6027f82ff77e4ab9d0aaeb99670ad
SSDEEP

49152:LJwj/5W2CuuEnm6MwHzBxusZQXT5Xq51:Mjm6MoGjD5y1

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe
3800	Starfield v1.0 Plus 36 Trainer.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3800	Starfield v1.0 Plus 36 Trainer.exe
Token: SeDebugPrivilege	3800	Starfield v1.0 Plus 36 Trainer.exe

C:\Users\Admin\AppData\Local\Temp\Starfield v1.0 Plus 36 Trainer.exe
"C:\Users\Admin\AppData\Local\Temp\Starfield v1.0 Plus 36 Trainer.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3800-0-0x000002632BA50000-0x000002632BA84000-memory.dmp

Filesize
208KB

Download
memory/3800-1-0x00007FF9F68C0000-0x00007FF9F7381000-memory.dmp

Filesize
10.8MB

Download
memory/3800-3-0x000002632BB00000-0x000002632BB10000-memory.dmp

Filesize
64KB

Download
memory/3800-2-0x000002632BB00000-0x000002632BB10000-memory.dmp

Filesize
64KB

Download
memory/3800-4-0x000002632BB00000-0x000002632BB10000-memory.dmp

Filesize
64KB

Download
memory/3800-5-0x000002632BB00000-0x000002632BB10000-memory.dmp

Filesize
64KB

Download
memory/3800-6-0x0000026349810000-0x0000026349818000-memory.dmp

Filesize
32KB

Download
memory/3800-7-0x0000026349890000-0x00000263498C8000-memory.dmp

Filesize
224KB

Download
memory/3800-8-0x0000026349860000-0x000002634986E000-memory.dmp

Filesize
56KB

Download
memory/3800-21-0x00007FF9F68C0000-0x00007FF9F7381000-memory.dmp

Filesize
10.8MB

Download
memory/3800-22-0x000002632BB00000-0x000002632BB10000-memory.dmp

Filesize
64KB

Download
memory/3800-23-0x000002632BB00000-0x000002632BB10000-memory.dmp

Filesize
64KB

Download
memory/3800-24-0x000002632BB00000-0x000002632BB10000-memory.dmp

Filesize
64KB

Download
memory/3800-25-0x000002632BB00000-0x000002632BB10000-memory.dmp

Filesize
64KB

Download
memory/3800-26-0x000002632BB00000-0x000002632BB10000-memory.dmp

Filesize
64KB

Download