Resubmissions

08/06/2024, 09:22

240608-lb1dmsaf7t 7

08/06/2024, 09:14

240608-k7e7xaaf6v 7

Analysis

  • max time kernel
    12s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-fr
  • resource tags

    arch:x64arch:x86image:win10-20240404-frlocale:fr-fros:windows10-1703-x64systemwindows
  • submitted
    08/06/2024, 09:22

General

  • Target

    Euro Truck Simulator 2 v1.16.x.x - v1.50.x.x Plus +15 Trainer.exe

  • Size

    1.4MB

  • MD5

    703ca81af310fdf04680883b03f4e42a

  • SHA1

    c3aa4e6392eeecdcf4b11d9bde47f4bb63adfb64

  • SHA256

    a9381acdda22cc627242244cebe8a4a68ed2c43d9da804271efd62ed8bb2a0f1

  • SHA512

    3f759996fc1f5e1665a6af59153a0d85b30a5db5618cc2b8a2287ce46b2722a85f36e19cfa85d45d5dcb801de6558d02b8da6a9ae42506049f4013994a6da9e7

  • SSDEEP

    24576:RQ9zseTy/mdQlq6JXF5u5S3raYQKr3XDMhzPX31J6g85wHQvzzwdasvOO:RQ9z2mdQlJXF5KyraTKrDM1P6g855AIm

Score
7/10

Malware Config

Signatures

  • .NET Reactor proctector 1 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Euro Truck Simulator 2 v1.16.x.x - v1.50.x.x Plus +15 Trainer.exe
    "C:\Users\Admin\AppData\Local\Temp\Euro Truck Simulator 2 v1.16.x.x - v1.50.x.x Plus +15 Trainer.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1688

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1688-0-0x00007FFF69763000-0x00007FFF69764000-memory.dmp

          Filesize

          4KB

        • memory/1688-1-0x0000014174330000-0x000001417447E000-memory.dmp

          Filesize

          1.3MB

        • memory/1688-2-0x00007FFF69760000-0x00007FFF6A14C000-memory.dmp

          Filesize

          9.9MB

        • memory/1688-3-0x00007FFF69760000-0x00007FFF6A14C000-memory.dmp

          Filesize

          9.9MB

        • memory/1688-4-0x0000014174640000-0x0000014174714000-memory.dmp

          Filesize

          848KB

        • memory/1688-5-0x00007FFF69760000-0x00007FFF6A14C000-memory.dmp

          Filesize

          9.9MB

        • memory/1688-6-0x00007FFF69760000-0x00007FFF6A14C000-memory.dmp

          Filesize

          9.9MB

        • memory/1688-7-0x00007FFF69760000-0x00007FFF6A14C000-memory.dmp

          Filesize

          9.9MB