9254ff51d8e2ae293a22fb754d3a038792601bc6ecdc5e159a4b99ea7dad8a1a

Submit
Reports

Overview

overview

Static

static

The.Saplin...PC.url

windows7-x64

The.Saplin...PC.url

windows10-2004-x64

The.Saplin...ng.exe

windows7-x64

The.Saplin...ng.exe

windows10-2004-x64

The.Saplin...ss.dll

windows7-x64

The.Saplin...ss.dll

windows10-2004-x64

The.Saplin...rp.dll

windows7-x64

The.Saplin...rp.dll

windows10-2004-x64

The.Saplin...ss.dll

windows7-x64

The.Saplin...ss.dll

windows10-2004-x64

The.Saplin...pt.dll

windows7-x64

The.Saplin...pt.dll

windows10-2004-x64

The.Saplin...ng.dll

windows7-x64

The.Saplin...ng.dll

windows10-2004-x64

The.Saplin...ty.dll

windows7-x64

The.Saplin...ty.dll

windows10-2004-x64

The.Saplin...re.dll

windows7-x64

The.Saplin...re.dll

windows10-2004-x64

The.Saplin...em.dll

windows7-x64

The.Saplin...em.dll

windows10-2004-x64

The.Saplin...ng.dll

windows7-x64

The.Saplin...ng.dll

windows10-2004-x64

The.Saplin...ne.dll

windows7-x64

The.Saplin...ne.dll

windows10-2004-x64

The.Saplin...UI.dll

windows7-x64

The.Saplin...UI.dll

windows10-2004-x64

The.Saplin...ne.dll

windows7-x64

The.Saplin...ne.dll

windows10-2004-x64

The.Saplin...ng.dll

windows7-x64

The.Saplin...ng.dll

windows10-2004-x64

The.Saplin...ib.dll

windows7-x64

The.Saplin...ib.dll

windows10-2004-x64

Analysis

max time kernel
134s
max time network
174s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10/08/2024, 20:44

Sharing

Copy URL

Twitter E-mail

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

The.Sapling.v11.30/STEAMUNLOCKED » Free Steam Games Pre-installed for PC.url

Resource

win7-20240705-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

The.Sapling.v11.30/STEAMUNLOCKED » Free Steam Games Pre-installed for PC.url

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

The.Sapling.v11.30/The.Sapling.v11.30/the_sapling.exe

Resource

win7-20240729-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

The.Sapling.v11.30/The.Sapling.v11.30/the_sapling.exe

Resource

win10v2004-20240802-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral5

Sample

The.Sapling.v11.30/The.Sapling.v11.30/the_sapling_Data/Managed/Assembly-CSharp-firstpass.dll

Resource

win7-20240705-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral6

Sample

The.Sapling.v11.30/The.Sapling.v11.30/the_sapling_Data/Managed/Assembly-CSharp-firstpass.dll

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral7

Sample

The.Sapling.v11.30/The.Sapling.v11.30/the_sapling_Data/Managed/Assembly-CSharp.dll

Resource

win7-20240704-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

The.Sapling.v11.30/The.Sapling.v11.30/the_sapling_Data/Managed/Assembly-CSharp.dll

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

The.Sapling.v11.30/The.Sapling.v11.30/the_sapling_Data/Managed/Assembly-UnityScript-firstpass.dll

Resource

win7-20240729-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral10

Sample

The.Sapling.v11.30/The.Sapling.v11.30/the_sapling_Data/Managed/Assembly-UnityScript-firstpass.dll

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral11

Sample

The.Sapling.v11.30/The.Sapling.v11.30/the_sapling_Data/Managed/Assembly-UnityScript.dll

Resource

win7-20240704-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral12

Sample

The.Sapling.v11.30/The.Sapling.v11.30/the_sapling_Data/Managed/Assembly-UnityScript.dll

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral13

Sample

The.Sapling.v11.30/The.Sapling.v11.30/the_sapling_Data/Managed/Boo.Lang.dll

Resource

win7-20240705-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral14

Sample

The.Sapling.v11.30/The.Sapling.v11.30/the_sapling_Data/Managed/Boo.Lang.dll

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral15

Sample

The.Sapling.v11.30/The.Sapling.v11.30/the_sapling_Data/Managed/Mono.Security.dll

Resource

win7-20240705-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral16

Sample

The.Sapling.v11.30/The.Sapling.v11.30/the_sapling_Data/Managed/Mono.Security.dll

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral17

Sample

The.Sapling.v11.30/The.Sapling.v11.30/the_sapling_Data/Managed/System.Core.dll

Resource

win7-20240708-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral18

Sample

The.Sapling.v11.30/The.Sapling.v11.30/the_sapling_Data/Managed/System.Core.dll

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral19

Sample

The.Sapling.v11.30/The.Sapling.v11.30/the_sapling_Data/Managed/System.dll

Resource

win7-20240704-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral20

Sample

The.Sapling.v11.30/The.Sapling.v11.30/the_sapling_Data/Managed/System.dll

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral21

Sample

The.Sapling.v11.30/The.Sapling.v11.30/the_sapling_Data/Managed/UnityEngine.Networking.dll

Resource

win7-20240708-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral22

Sample

The.Sapling.v11.30/The.Sapling.v11.30/the_sapling_Data/Managed/UnityEngine.Networking.dll

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral23

Sample

The.Sapling.v11.30/The.Sapling.v11.30/the_sapling_Data/Managed/UnityEngine.Timeline.dll

Resource

win7-20240704-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral24

Sample

The.Sapling.v11.30/The.Sapling.v11.30/the_sapling_Data/Managed/UnityEngine.Timeline.dll

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral25

Sample

The.Sapling.v11.30/The.Sapling.v11.30/the_sapling_Data/Managed/UnityEngine.UI.dll

Resource

win7-20240704-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral26

Sample

The.Sapling.v11.30/The.Sapling.v11.30/the_sapling_Data/Managed/UnityEngine.UI.dll

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral27

Sample

The.Sapling.v11.30/The.Sapling.v11.30/the_sapling_Data/Managed/UnityEngine.dll

Resource

win7-20240708-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral28

Sample

The.Sapling.v11.30/The.Sapling.v11.30/the_sapling_Data/Managed/UnityEngine.dll

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral29

Sample

The.Sapling.v11.30/The.Sapling.v11.30/the_sapling_Data/Managed/UnityScript.Lang.dll

Resource

win7-20240708-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral30

Sample

The.Sapling.v11.30/The.Sapling.v11.30/the_sapling_Data/Managed/UnityScript.Lang.dll

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral31

Sample

The.Sapling.v11.30/The.Sapling.v11.30/the_sapling_Data/Managed/mscorlib.dll

Resource

win7-20240729-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral32

Sample

The.Sapling.v11.30/The.Sapling.v11.30/the_sapling_Data/Managed/mscorlib.dll

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Report Analysis Logs

General

Target

The.Sapling.v11.30/The.Sapling.v11.30/the_sapling.exe
Size

22.4MB
MD5

a55e79e51bf43dec2001efb124a2c1a0
SHA1

2585f4c079bd1d0a45ae67c098737b6308e7534b
SHA256

40d3819ec4ad62539ebf6d65f55c195f90d7305cb4c51c567f01716e831ef282
SHA512

88bf57278c33816ca785202acb7d80d87906e3f8f39ba45c403e7ce39ba6474a22e79fbcdc5d64270d7a886cadc8c585c5157618ba2da4230442e27cfdddfac8
SSDEEP

393216:sbIjpwyjlK2m5MM2cf9WPBK53E2vaPvWfpXJu4+Ahze:l2Tu4VN

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2104	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2104	AUDIODG.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\The.Sapling.v11.30\The.Sapling.v11.30\the_sapling.exe
"C:\Users\Admin\AppData\Local\Temp\The.Sapling.v11.30\The.Sapling.v11.30\the_sapling.exe"
1⤵
PID:760

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x490 0x394
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/760-1-0x0000000004D10000-0x0000000004E10000-memory.dmp

Filesize
1024KB

Download
memory/760-0-0x0000000005360000-0x0000000005460000-memory.dmp

Filesize
1024KB

Download
memory/760-2-0x0000000005360000-0x0000000005460000-memory.dmp

Filesize
1024KB

Download
memory/760-3-0x0000000004D10000-0x0000000004E10000-memory.dmp

Filesize
1024KB

Download