Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/01/2024, 20:53

General

  • Target

    Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe

  • Size

    1.6MB

  • MD5

    9eb3b38bd9dee6e4be8dd36224a7618a

  • SHA1

    6d11f59ed760cf2432c8804dd70b159d4f7f9224

  • SHA256

    e016e8ea4579a75ee1f69e7b61f3e3c9e796c5e8a695f7faddd8e56340a704ca

  • SHA512

    6d6a61a207811b49a4065a686a2c9a593fcfbfcef879967e40d037799971193fe71328d1eecfca49f18bd09a25be38005dde2a6c5170d1ffdb42d4309e19b272

  • SSDEEP

    24576:FF5ZByB6eTzAdZZ9aaF1dEIWXDSuQeg0Z//QpZ38mYL:1a68zYzcaFvEIY0Y/cG

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe
    "C:\Users\Admin\AppData\Local\Temp\Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3532
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x510 0x4f0
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2988

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads