Overview

overview

10

Static

static

10

3fb3e18f97...26.rar

windows7-x64

3

3fb3e18f97...26.rar

windows10-2004-x64

7

Baldurs Ga...er.exe

windows7-x64

1

Baldurs Ga...er.exe

windows10-2004-x64

1

游侠网�...��.url

windows7-x64

1

游侠网�...��.url

windows10-2004-x64

1

游侠网�...��.url

windows7-x64

1

游侠网�...��.url

windows10-2004-x64

1

Analysis

  • max time kernel
    1s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    26-12-2023 09:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Baldurs Gate 3 v4.1.1 Plus 21 Trainer.exe

  • Size

    1.7MB

  • MD5

    57d5f54c3cc37156709ecd48cf1a4209

  • SHA1

    9e1d28d83c73574220b2b19c3f57da01b1c80d95

  • SHA256

    c9931125409f9b8da1add53fda4076edc5b2ba5666fff41a253e290aa134edfe

  • SHA512

    e95ca46b0d696ed6da361addb8d021e451c0ef04dd9321e6eb7f84283ff2c0503d12e28e23bf77fec1ddbb701d721caa5331ecbfb2f8d9d544f4b1aea90ea6b0

  • SSDEEP

    24576:o/++Y+IwoslWiJ1OSY+K4nfBkK31iCnG3DSVXT5Xgaya:odAwoslj1OS9K4nfmCHXT5Xga1

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Baldurs Gate 3 v4.1.1 Plus 21 Trainer.exe
    "C:\Users\Admin\AppData\Local\Temp\Baldurs Gate 3 v4.1.1 Plus 21 Trainer.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2928

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    8KB

    MD5

    68c23ffe217cab74a92287306bc13adb

    SHA1

    072a05151a9c2ab603f1348b218e2d3dc63a3e9e

    SHA256

    d98c5ee713d7a5deb38af6553ffd18c556bdbfd43a31308f678d011a097ceb52

    SHA512

    a661a2e07fe222b876551c3c651ff31443e2dba9ee12583f7e7e6f1def941285d5f243fb64c83ede3dcd5e9caf78fc006a933d42d9d9d2f3345c6150e2d459d4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e78cc8a173e760821de5018dcd46ecbd

    SHA1

    f31632a5debb049aecc346bc62a2342ab001d353

    SHA256

    4942ee3efc89fbe0c561825f0474864515811e009c9b1c56394ba418684108e8

    SHA512

    37f2320974863333c5a510b335a1da88c295edfd2e0977e7f7de8f0ac99d0010f3513b51f5362fccc34b86fef61f84792571f1d155cabd370bb3d9cc89333615

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    cbe5fbd1773273bae807703fa274cf7e

    SHA1

    d0d9811a4a976ef88118e1e72cd953edf81504e0

    SHA256

    f521f6dfccafa0d8e90300dc37ec2338518e429e76342297252b3cf732ef17c0

    SHA512

    e51cc2ff5eccf5fe20ae22121cf4b50129ed3db87c8210f0c2c18c482dea028194eaba8a920ece7507f090581ec8f74fce3d67978f940ea564144b3a48acaac8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar152B.tmp
    Filesize

    112KB

    MD5

    0370452cef1f1e8fc8954ce3534ccdc1

    SHA1

    d46d042be8cdcaa055194bd0bb0f65d3b7edfdf2

    SHA256

    c406c49dcb36153e38519a786968688fbfae93df5054f1861e055c0e5cf4a1c5

    SHA512

    4f4f5415166b8b1efecae3c88d70961a1d844e3905436a79652d5a70e8ef1dab50f5521f7c771a12b483091ed5dd3d893481015812fe26f928294d9b627e72bc

    Download Submit

  • memory/2928-4-0x0000000000490000-0x000000000049A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2928-2-0x000000001B040000-0x000000001B0C0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2928-10-0x000000001B040000-0x000000001B0C0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2928-3-0x000000001B040000-0x000000001B0C0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2928-5-0x0000000000490000-0x000000000049A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2928-6-0x000000001B040000-0x000000001B0C0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2928-1-0x000007FEF5EE0000-0x000007FEF68CC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2928-0-0x0000000000240000-0x0000000000274000-memory.dmp

    Filesize

    208KB

    Download

  • memory/2928-141-0x000007FEF5EE0000-0x000007FEF68CC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2928-142-0x000000001B040000-0x000000001B0C0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2928-144-0x0000000000490000-0x000000000049A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2928-143-0x0000000000490000-0x000000000049A000-memory.dmp

    Filesize

    40KB

    Download