cf3d5e41f924da99260de010e8b8ff88fb7ce30f3ff72a1006e491c2a0317291

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
04-05-2024 16:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

STAR WARS Battlefront Promo Trainer.exe
Size

1016KB
MD5

50bb53bca004808190e28b100007a6cc
SHA1

ab07609c5ca7d653c2d917bb4bdccac9e4775f39
SHA256

804699df3aadc32fb4fb5ad0b695b005a3bd646858f03aade8872ecf8f7d1e59
SHA512

c6bcf7d15d7c2c1378688532f88b15e21da1e8dd947a27fa0e43f9f6ea6a3c8a6cb589972475553930d7562e4e82d0c41370ac8db25204a0dc06ab0cf78bb7b1
SSDEEP

24576:ynIM87p8e2EVh/FgZ0oZcdLT/0ElVLSlxxaMbfJBV1Ls2wBP:yRZEVhNNTMElxWxxaMDJBV1Ls2wB

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4416	STAR WARS Battlefront Promo Trainer.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4416	STAR WARS Battlefront Promo Trainer.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4416	STAR WARS Battlefront Promo Trainer.exe
4416	STAR WARS Battlefront Promo Trainer.exe

C:\Users\Admin\AppData\Local\Temp\STAR WARS Battlefront Promo Trainer.exe
"C:\Users\Admin\AppData\Local\Temp\STAR WARS Battlefront Promo Trainer.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Cheathappens\Debug\STAR WARS Battlefront.debug

Filesize
173B

MD5
0a843572417702adc067c23ef0146974

SHA1
0f6a0307e77ac0038a8bb3734b85f9a378de8fd1

SHA256
4b2b5b4caa01fcd0c7755c005ad587c422477120f9ee36dff3f61a4ec1ca6a37

SHA512
49e25c1b08ea101cd7c8096e0b532d9a04e63c23b986ae49752ac0f3d79b7b90bd11b956592292802b4f913314d3e4ccc9280887fdcc2e95b09c36c616bfce9c

Download Submit