b9dd35f49b4e60e9c3f3d7d94a3d1748883bb5edfd7d888fce3f2e755fa52b3c

Resubmissions

30/09/2024, 02:57

30/09/2024, 02:54

30/09/2024, 02:49

30/09/2024, 02:46

max time kernel
38s
max time network
38s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
30/09/2024, 02:46

Target

Balatro.v1.0.1c.Beta/Balatro/Balatro.exe
Size

52.9MB
MD5

64caa2d5ff3dac02fd59b1fa9a650dd3
SHA1

454417e509ccb73ebdff7f3e6b00291fe098e317
SHA256

9655b8f1c113acec16ed95220dd531fe1e03165194fe8e9966fb370ffbc43d01
SHA512

79850108ec7181aec920f3423ab8abde1a7fce7d0ab45e058a8e16185e145fefe82f98a7ea00eb0862918b392c054f042610f1bd3d6eda4439df0c3378c3fac7
SSDEEP

1572864:0cbQO2JtEJJ8jCaMC6534f317kuL2CeCC8Wu/:5bQO2DqTaMR1uLGCC8Wi

Score

1^/10

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4604	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4604	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1996	Balatro.exe
4832	MiniSearchHost.exe

C:\Users\Admin\AppData\Local\Temp\Balatro.v1.0.1c.Beta\Balatro\Balatro.exe
"C:\Users\Admin\AppData\Local\Temp\Balatro.v1.0.1c.Beta\Balatro\Balatro.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1996

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004DC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4604

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
a73ea6e1db27acedbe4055c448f82ef7

SHA1
01769a266d26c4b4b374099606e86b8874ddd55f

SHA256
c3059c62596021e555ec7901361fcde75078ad931bcac6027539930bef8b77d9

SHA512
f9cfe99077e40ac3ff11ab39020d6e159ec06cf50f9b1d156858198d48851d29de8882a18609a17dd30ddea421c6c415683b8d7b14fa30a51ddd1cd76032deb4

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\~earchHoverUnifiedTileModelCache.tmp

Filesize
10KB

MD5
c08cda8b30daf0f971ed3fca378d480d

SHA1
8c0a3593ff62ec10f1c6e88d448eb8e23aaf7662

SHA256
1af0cf8b1e5f3299794832e511471afa6fcd4a10987464a7c043285cd49f0c58

SHA512
3cae2439b79bc45a0e233e9178224eba4164e535f7b94dbc02d703db37513c73c4ea6cb94cd2f37b2c5e3c37f807555c51bb7902679db2538c3f16a9db1114a2

Download Submit