Analysis
-
max time kernel
12s -
platform
windows10-1703_x64 -
resource
win10-20240404-fr -
resource tags
arch:x64arch:x86image:win10-20240404-frlocale:fr-fros:windows10-1703-x64systemwindows -
submitted
08/06/2024, 09:22
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
Euro Truck Simulator 2 v1.16.x.x - v1.50.x.x Plus +15 Trainer.exe
Resource
win10-20240404-fr
3 signatures
150 seconds
General
-
Target
Euro Truck Simulator 2 v1.16.x.x - v1.50.x.x Plus +15 Trainer.exe
-
Size
1.4MB
-
MD5
703ca81af310fdf04680883b03f4e42a
-
SHA1
c3aa4e6392eeecdcf4b11d9bde47f4bb63adfb64
-
SHA256
a9381acdda22cc627242244cebe8a4a68ed2c43d9da804271efd62ed8bb2a0f1
-
SHA512
3f759996fc1f5e1665a6af59153a0d85b30a5db5618cc2b8a2287ce46b2722a85f36e19cfa85d45d5dcb801de6558d02b8da6a9ae42506049f4013994a6da9e7
-
SSDEEP
24576:RQ9zseTy/mdQlq6JXF5u5S3raYQKr3XDMhzPX31J6g85wHQvzzwdasvOO:RQ9z2mdQlJXF5KyraTKrDM1P6g855AIm
Score
7/10
Malware Config
Signatures
-
.NET Reactor proctector 1 IoCs
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
resource yara_rule behavioral1/memory/1688-1-0x0000014174330000-0x000001417447E000-memory.dmp net_reactor -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 1688 Euro Truck Simulator 2 v1.16.x.x - v1.50.x.x Plus +15 Trainer.exe 1688 Euro Truck Simulator 2 v1.16.x.x - v1.50.x.x Plus +15 Trainer.exe 1688 Euro Truck Simulator 2 v1.16.x.x - v1.50.x.x Plus +15 Trainer.exe 1688 Euro Truck Simulator 2 v1.16.x.x - v1.50.x.x Plus +15 Trainer.exe 1688 Euro Truck Simulator 2 v1.16.x.x - v1.50.x.x Plus +15 Trainer.exe 1688 Euro Truck Simulator 2 v1.16.x.x - v1.50.x.x Plus +15 Trainer.exe 1688 Euro Truck Simulator 2 v1.16.x.x - v1.50.x.x Plus +15 Trainer.exe 1688 Euro Truck Simulator 2 v1.16.x.x - v1.50.x.x Plus +15 Trainer.exe 1688 Euro Truck Simulator 2 v1.16.x.x - v1.50.x.x Plus +15 Trainer.exe 1688 Euro Truck Simulator 2 v1.16.x.x - v1.50.x.x Plus +15 Trainer.exe 1688 Euro Truck Simulator 2 v1.16.x.x - v1.50.x.x Plus +15 Trainer.exe 1688 Euro Truck Simulator 2 v1.16.x.x - v1.50.x.x Plus +15 Trainer.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeDebugPrivilege 1688 Euro Truck Simulator 2 v1.16.x.x - v1.50.x.x Plus +15 Trainer.exe Token: 33 1688 Euro Truck Simulator 2 v1.16.x.x - v1.50.x.x Plus +15 Trainer.exe Token: SeIncBasePriorityPrivilege 1688 Euro Truck Simulator 2 v1.16.x.x - v1.50.x.x Plus +15 Trainer.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Euro Truck Simulator 2 v1.16.x.x - v1.50.x.x Plus +15 Trainer.exe"C:\Users\Admin\AppData\Local\Temp\Euro Truck Simulator 2 v1.16.x.x - v1.50.x.x Plus +15 Trainer.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1688