ab7e4085828b98e52db4a171a5c3b01f7e6a3c1ab97885466a5f97e35e6a10a1

Analysis

max time kernel
72s
max time network
82s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
20-05-2024 05:00

Target

Cisco's Fantasy Medieval RPG [Ultimate]-V4b.zip
Size

22.6MB
MD5

ad9989a186a8413e9ae02a04f84a256c
SHA1

cca0935b73187667a5b285d4776fd4dd5544938e
SHA256

ab7e4085828b98e52db4a171a5c3b01f7e6a3c1ab97885466a5f97e35e6a10a1
SHA512

234da10922701ddb9104aada1460fb5fc76cdd34103fef67ff07b30977a79ac372dc75d91f7b739c33d4cf289729cff1cbe4aa3a516e55aa9f4e8aaf2b4db5af
SSDEEP

393216:erNgFyOgiLO+yU2PP4NunamVcf063tcTUA5WIK4FHLgqsCEOMk3xwdfbBr7l0F:erNg0Og1HzUunv+ZOTUzp2EOMk3xEbBg

Score

1^/10

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings	control.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3696	control.exe
Token: SeCreatePagefilePrivilege	3696	control.exe

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Cisco's Fantasy Medieval RPG [Ultimate]-V4b.zip"
1⤵
PID:2988

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:3168