Analysis
-
max time kernel
150s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
10/01/2024, 20:53
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe
Resource
win7-20231129-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe
-
Size
1.6MB
-
MD5
9eb3b38bd9dee6e4be8dd36224a7618a
-
SHA1
6d11f59ed760cf2432c8804dd70b159d4f7f9224
-
SHA256
e016e8ea4579a75ee1f69e7b61f3e3c9e796c5e8a695f7faddd8e56340a704ca
-
SHA512
6d6a61a207811b49a4065a686a2c9a593fcfbfcef879967e40d037799971193fe71328d1eecfca49f18bd09a25be38005dde2a6c5170d1ffdb42d4309e19b272
-
SSDEEP
24576:FF5ZByB6eTzAdZZ9aaF1dEIWXDSuQeg0Z//QpZ38mYL:1a68zYzcaFvEIY0Y/cG
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeDebugPrivilege 3532 Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe Token: 33 2988 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2988 AUDIODG.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe"C:\Users\Admin\AppData\Local\Temp\Total War THREE KINGDOMS v1.0 Plus 20 Trainer.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3532
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x510 0x4f01⤵
- Suspicious use of AdjustPrivilegeToken
PID:2988