Overview

overview

10

Static

static

10

Hollow Kni...er.exe

windows7-x64

1

Hollow Kni...er.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    25s
  • max time network
    27s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    18-08-2024 03:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Hollow Knight v1.5.68 Plus 11 Trainer.exe

  • Size

    1.6MB

  • MD5

    3134f7f217192edbcf704bf2310af360

  • SHA1

    76cd774d5b8cbd291b4ca1cd0b36550ee4a5493e

  • SHA256

    139129aca31da8a2adc0a79efbbe9460faf7e24e06e86c3f2b3740aa8cd836b8

  • SHA512

    45e60f8c4c57cb7d5cf4fff07ee39a987a49275da9edb0856b82ae44766595aca65fa2bdf1895c54275fd68412950b3e7eddebdf2ff601f5b001f795e1df6ab9

  • SSDEEP

    24576:OZpjkFTAE4w4JSSVCiWZwIEkE69peprjcMNnKDSJmJRbJ7mcx:Oq4w8f0iCE69pep8ESfV7mcx

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Hollow Knight v1.5.68 Plus 11 Trainer.exe
    "C:\Users\Admin\AppData\Local\Temp\Hollow Knight v1.5.68 Plus 11 Trainer.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2372
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2372 -s 832
      2⤵
        PID:2776
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:2720

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2372-0-0x000007FEF5103000-0x000007FEF5104000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2372-1-0x00000000001D0000-0x000000000020E000-memory.dmp

        Filesize

        248KB

        Download

      • memory/2372-2-0x000007FEF5100000-0x000007FEF5AEC000-memory.dmp

        Filesize

        9.9MB

        Download

      • memory/2372-3-0x000007FEF5100000-0x000007FEF5AEC000-memory.dmp

        Filesize

        9.9MB

        Download

      • memory/2372-4-0x000007FEF5100000-0x000007FEF5AEC000-memory.dmp

        Filesize

        9.9MB

        Download

      • memory/2372-7-0x000007FEF5100000-0x000007FEF5AEC000-memory.dmp

        Filesize

        9.9MB

        Download

      • memory/2372-9-0x000007FEF5100000-0x000007FEF5AEC000-memory.dmp

        Filesize

        9.9MB

        Download

      • memory/2372-10-0x000007FEF5100000-0x000007FEF5AEC000-memory.dmp

        Filesize

        9.9MB

        Download