Overview

overview

10

Static

static

10

3fb3e18f97...26.rar

windows7-x64

3

3fb3e18f97...26.rar

windows10-2004-x64

7

Baldurs Ga...er.exe

windows7-x64

1

Baldurs Ga...er.exe

windows10-2004-x64

1

游侠网�...��.url

windows7-x64

1

游侠网�...��.url

windows10-2004-x64

1

游侠网�...��.url

windows7-x64

1

游侠网�...��.url

windows10-2004-x64

1

Analysis

  • max time kernel
    0s
  • max time network
    115s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-12-2023 09:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Baldurs Gate 3 v4.1.1 Plus 21 Trainer.exe

  • Size

    1.7MB

  • MD5

    57d5f54c3cc37156709ecd48cf1a4209

  • SHA1

    9e1d28d83c73574220b2b19c3f57da01b1c80d95

  • SHA256

    c9931125409f9b8da1add53fda4076edc5b2ba5666fff41a253e290aa134edfe

  • SHA512

    e95ca46b0d696ed6da361addb8d021e451c0ef04dd9321e6eb7f84283ff2c0503d12e28e23bf77fec1ddbb701d721caa5331ecbfb2f8d9d544f4b1aea90ea6b0

  • SSDEEP

    24576:o/++Y+IwoslWiJ1OSY+K4nfBkK31iCnG3DSVXT5Xgaya:odAwoslj1OS9K4nfmCHXT5Xga1

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Baldurs Gate 3 v4.1.1 Plus 21 Trainer.exe
    "C:\Users\Admin\AppData\Local\Temp\Baldurs Gate 3 v4.1.1 Plus 21 Trainer.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4724-0-0x0000018F64F90000-0x0000018F64FC4000-memory.dmp

    Filesize

    208KB

    Download

  • memory/4724-3-0x0000018F7DA40000-0x0000018F7DA50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4724-2-0x0000018F7DA40000-0x0000018F7DA50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4724-1-0x00007FFE65500000-0x00007FFE65FC1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4724-4-0x0000018F7DA40000-0x0000018F7DA50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4724-5-0x0000018F7F360000-0x0000018F7F368000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4724-7-0x0000018F7F370000-0x0000018F7F37E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4724-6-0x0000018F7F3B0000-0x0000018F7F3E8000-memory.dmp

    Filesize

    224KB

    Download

  • memory/4724-20-0x00007FFE65500000-0x00007FFE65FC1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4724-21-0x0000018F7DA40000-0x0000018F7DA50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4724-22-0x0000018F7DA40000-0x0000018F7DA50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4724-23-0x0000018F7DA40000-0x0000018F7DA50000-memory.dmp

    Filesize

    64KB

    Download