0d4b0737001b931a214fc447adf75836aca3ca69d2929510a424fee7f619dd23

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
30-10-2023 09:26

Target

Mount and Blade II Bannerlord Early Access Plus 33 Trainer Updated 2021.12.15.exe
Size

1.3MB
MD5

9d46046e8e10f24ff6df4cfc5888da51
SHA1

3633c2a6a71055280338df9608de072546811d35
SHA256

169bded3a2e34ecb9a8a8e7dc565d7171eae39dce8c851815e3c1ffcd266e510
SHA512

24012658b195d0c1887064aaac7a19fe6f64c2553487e466aec214161b160f268aae51973e1ae44b1d56b4ad75a98b6c298ff05b25d2b9932394a3ac2598bb31
SSDEEP

24576:dbxGRIUx2m+IPEq1HmlUlNOi680Jlc/bJ7MiYoDS43:dICAn+IseLPMoV71

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3636	Mount and Blade II Bannerlord Early Access Plus 33 Trainer Updated 2021.12.15.exe

C:\Users\Admin\AppData\Local\Temp\Mount and Blade II Bannerlord Early Access Plus 33 Trainer Updated 2021.12.15.exe
"C:\Users\Admin\AppData\Local\Temp\Mount and Blade II Bannerlord Early Access Plus 33 Trainer Updated 2021.12.15.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3636

memory/3636-0-0x000001F015960000-0x000001F015992000-memory.dmp

Filesize
200KB

Download
memory/3636-1-0x00007FFDC1DD0000-0x00007FFDC2891000-memory.dmp

Filesize
10.8MB

Download
memory/3636-2-0x000001F02E4F0000-0x000001F02E500000-memory.dmp

Filesize
64KB

Download
memory/3636-3-0x000001F02E4F0000-0x000001F02E500000-memory.dmp

Filesize
64KB

Download
memory/3636-4-0x000001F02E4F0000-0x000001F02E500000-memory.dmp

Filesize
64KB

Download
memory/3636-5-0x000001F02E4F0000-0x000001F02E500000-memory.dmp

Filesize
64KB

Download
memory/3636-6-0x000001F02E4F0000-0x000001F02E500000-memory.dmp

Filesize
64KB

Download
memory/3636-7-0x00007FFDC1DD0000-0x00007FFDC2891000-memory.dmp

Filesize
10.8MB

Download