Description	Indicator	Process	Target
Token: SeIncreaseQuotaPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\games installer.exe	N/A
Token: SeSecurityPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\games installer.exe	N/A
Token: SeTakeOwnershipPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\games installer.exe	N/A
Token: SeLoadDriverPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\games installer.exe	N/A
Token: SeSystemProfilePrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\games installer.exe	N/A
Token: SeSystemtimePrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\games installer.exe	N/A
Token: SeProfSingleProcessPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\games installer.exe	N/A
Token: SeIncBasePriorityPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\games installer.exe	N/A
Token: SeCreatePagefilePrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\games installer.exe	N/A
Token: SeBackupPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\games installer.exe	N/A
Token: SeRestorePrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\games installer.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\games installer.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\games installer.exe	N/A
Token: SeSystemEnvironmentPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\games installer.exe	N/A
Token: SeChangeNotifyPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\games installer.exe	N/A
Token: SeRemoteShutdownPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\games installer.exe	N/A
Token: SeUndockPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\games installer.exe	N/A
Token: SeManageVolumePrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\games installer.exe	N/A
Token: SeImpersonatePrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\games installer.exe	N/A
Token: SeCreateGlobalPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\games installer.exe	N/A
Token: 33	N/A	C:\Users\Admin\AppData\Local\Temp\games installer.exe	N/A
Token: 34	N/A	C:\Users\Admin\AppData\Local\Temp\games installer.exe	N/A
Token: 35	N/A	C:\Users\Admin\AppData\Local\Temp\games installer.exe	N/A
Token: 36	N/A	C:\Users\Admin\AppData\Local\Temp\games installer.exe	N/A

Suspicious use of SetWindowsHookEx

Description	Indicator	Process	Target
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\games installer.exe	N/A

Processes

C:\Users\Admin\AppData\Local\Temp\games installer.exe

"C:\Users\Admin\AppData\Local\Temp\games installer.exe"

Network

Country	Destination	Domain	Proto
US	8.8.8.8:53	income-saying.gl.at.ply.gg	udp
US	147.185.221.19:51714	income-saying.gl.at.ply.gg	tcp

Files

memory/2896-0-0x00000000024B0000-0x00000000024B1000-memory.dmp

memory/2896-1-0x0000000000400000-0x00000000004B2000-memory.dmp

Malware Analysis Report

2024-08-06 18:52

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

Threat Level: Known bad

Malicious Activity Summary

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Sample ID	240705-rrrdkazekm
Target	games installer.exe
SHA256	8a1970ca792a8e2bfc4ae792d52dd267d2347aa5e5072db254d12cb781248aaa
Tags	guest16_min darkcomet rat trojan