41890043e0f622a2c99a2e4d8643f73d89e7291cdffb74ba472c1e03bef57fce

Resubmissions

24-02-2024 07:04

240224-hv5wpacg49 10

24-02-2024 07:00

240224-hs3njsde3w 10

Analysis

max time kernel
146s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24-02-2024 07:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
Size

1.3MB
MD5

eefd6641aca0cc297639e36480681ee7
SHA1

dd4e9d80a905be8b150758e8ff43d842737e3316
SHA256

41890043e0f622a2c99a2e4d8643f73d89e7291cdffb74ba472c1e03bef57fce
SHA512

3fb6a18777b5d0b66af109d9700fc2f089d1d1761df0af799a34182db835630480d4a03e3daa57811f8d73546b0b2cf0ab0e8adadacec95fb5de695bbcf627af
SSDEEP

24576:qdkmJRnGLLV+ZUlrWFOueBhPmjzi2DSVXT5XdMcR7vpya:eJRnGLLiUXhPmIXT5XdMyl1

Score

1^/10

Malware Config

Signatures

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
212	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
Token: SeDebugPrivilege	3820	Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
Token: SeDebugPrivilege	212	taskmgr.exe
Token: SeSystemProfilePrivilege	212	taskmgr.exe
Token: SeCreateGlobalPrivilege	212	taskmgr.exe
Token: 33	212	taskmgr.exe
Token: SeIncBasePriorityPrivilege	212	taskmgr.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe

Suspicious use of SendNotifyMessage 51 IoCs

pid	Process
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe
212	taskmgr.exe

C:\Users\Admin\AppData\Local\Temp\Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe
"C:\Users\Admin\AppData\Local\Temp\Dying Light 2 Stay Human v1.0.3-v1.14.0 Plus 21 Trainer.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3820

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/212-30-0x0000021040B80000-0x0000021040B81000-memory.dmp

Filesize
4KB

Download
memory/212-42-0x0000021040B80000-0x0000021040B81000-memory.dmp

Filesize
4KB

Download
memory/212-41-0x0000021040B80000-0x0000021040B81000-memory.dmp

Filesize
4KB

Download
memory/212-40-0x0000021040B80000-0x0000021040B81000-memory.dmp

Filesize
4KB

Download
memory/212-38-0x0000021040B80000-0x0000021040B81000-memory.dmp

Filesize
4KB

Download
memory/212-39-0x0000021040B80000-0x0000021040B81000-memory.dmp

Filesize
4KB

Download
memory/212-37-0x0000021040B80000-0x0000021040B81000-memory.dmp

Filesize
4KB

Download
memory/212-36-0x0000021040B80000-0x0000021040B81000-memory.dmp

Filesize
4KB

Download
memory/212-32-0x0000021040B80000-0x0000021040B81000-memory.dmp

Filesize
4KB

Download
memory/212-31-0x0000021040B80000-0x0000021040B81000-memory.dmp

Filesize
4KB

Download
memory/3820-6-0x00000143074D0000-0x00000143074E0000-memory.dmp

Filesize
64KB

Download
memory/3820-8-0x000001431FCC0000-0x000001431FCF8000-memory.dmp

Filesize
224KB

Download
memory/3820-24-0x00000143074D0000-0x00000143074E0000-memory.dmp

Filesize
64KB

Download
memory/3820-25-0x00000143074D0000-0x00000143074E0000-memory.dmp

Filesize
64KB

Download
memory/3820-29-0x00007FFCAEDB0000-0x00007FFCAF871000-memory.dmp

Filesize
10.8MB

Download
memory/3820-22-0x00007FFCAEDB0000-0x00007FFCAF871000-memory.dmp

Filesize
10.8MB

Download
memory/3820-9-0x000001431FC90000-0x000001431FC9E000-memory.dmp

Filesize
56KB

Download
memory/3820-23-0x00000143074D0000-0x00000143074E0000-memory.dmp

Filesize
64KB

Download
memory/3820-7-0x0000014323BB0000-0x0000014323BB8000-memory.dmp

Filesize
32KB

Download
memory/3820-0-0x0000014306D10000-0x0000014306D44000-memory.dmp

Filesize
208KB

Download
memory/3820-5-0x00000143074D0000-0x00000143074E0000-memory.dmp

Filesize
64KB

Download
memory/3820-4-0x00000143074D0000-0x00000143074E0000-memory.dmp

Filesize
64KB

Download
memory/3820-3-0x00000143074D0000-0x00000143074E0000-memory.dmp

Filesize
64KB

Download
memory/3820-2-0x00000143074D0000-0x00000143074E0000-memory.dmp

Filesize
64KB

Download
memory/3820-1-0x00007FFCAEDB0000-0x00007FFCAF871000-memory.dmp

Filesize
10.8MB

Download