972d6a3833c8a69366bc4a0a3aaebcb7a60482ed74249646bac637f69bb5e815

General

Target

Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
Size

1.1MB
MD5

f1acd6b84a1b78593048311c87200e75
SHA1

d47bb6dfcdf7d2275747dac41fcfb668926627e2
SHA256

bd08fe915748039a4d2db4a29156279c66b2484760a61ee77263ba6067dd2f18
SHA512

047af820e07d74206651b277c6092b5280ed8c1d77647101b72d9f2cfafce1e110c437c43ab920420355f6a3b6540acda30f222f85031195793a427b3699fd1c
SSDEEP

24576:w2UlQci3khFwLhaOUYo8N3ZbXBFO5ZDSiTbJ7:WGfaw1aOU/orFO5tV7

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe

pid	process
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe

description pid process

Token: SeDebugPrivilege 5024 Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe

description	pid	process
Token: SeDebugPrivilege	5024	Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe

C:\Users\Admin\AppData\Local\Temp\Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe
"C:\Users\Admin\AppData\Local\Temp\Dying Light Enhanced Edition v1.10-v1.49 Plus 29 Trainer Fixed.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5024

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5024-1-0x00007FFE8C563000-0x00007FFE8C565000-memory.dmp

Filesize
8KB

Download
memory/5024-3-0x000002ADE9260000-0x000002ADE9292000-memory.dmp

Filesize
200KB

Download
memory/5024-6-0x00007FFE8C560000-0x00007FFE8D022000-memory.dmp

Filesize
10.8MB

Download
memory/5024-7-0x00007FFE8C560000-0x00007FFE8D022000-memory.dmp

Filesize
10.8MB

Download
memory/5024-8-0x00007FFE8C560000-0x00007FFE8D022000-memory.dmp

Filesize
10.8MB

Download
memory/5024-9-0x00007FFE8C560000-0x00007FFE8D022000-memory.dmp

Filesize
10.8MB

Download
memory/5024-10-0x000002ADE9FA0000-0x000002ADE9FA8000-memory.dmp

Filesize
32KB

Download
memory/5024-12-0x000002ADE9FF0000-0x000002ADE9FFE000-memory.dmp

Filesize
56KB

Download
memory/5024-11-0x000002ADEA020000-0x000002ADEA058000-memory.dmp

Filesize
224KB

Download
memory/5024-15-0x00007FFE8C560000-0x00007FFE8D022000-memory.dmp

Filesize
10.8MB

Download
memory/5024-28-0x00007FFE8C563000-0x00007FFE8C565000-memory.dmp

Filesize
8KB

Download
memory/5024-29-0x00007FFE8C560000-0x00007FFE8D022000-memory.dmp

Filesize
10.8MB

Download
memory/5024-30-0x00007FFE8C560000-0x00007FFE8D022000-memory.dmp

Filesize
10.8MB

Download
memory/5024-31-0x00007FFE8C560000-0x00007FFE8D022000-memory.dmp

Filesize
10.8MB

Download
memory/5024-32-0x00007FFE8C560000-0x00007FFE8D022000-memory.dmp

Filesize
10.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads