cea9e976bce7bc95f0be9b0c9a06b34966e424027482b98606ad3460dd191bf5

Analysis

max time kernel
150s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03-10-2024 17:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
Size

1.5MB
MD5

2e285f01bb135e5bcac8c19fec656b49
SHA1

a791d015e349566fd785c65ecaf945af9244152f
SHA256

f1f31ddd37995ca7e38bcb10853222b57ff274ea24ab6d619842e9ccd5b2bf3d
SHA512

6a2dbb371a31899816a0ba10595f3ace5af09980dd31d41bb0649597874763ab2b49a3c983aa8a973aa66d6e8462094d327c81f6561042dc00dc1a30a2222203
SSDEEP

24576:lAd3vG+XeNKiHkGNoyp2lN98WceDSVXT5X4pMLkoya:t+XfiEeo1lN1czXT5X4pvo1

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4016	Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe

C:\Users\Admin\AppData\Local\Temp\Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe
"C:\Users\Admin\AppData\Local\Temp\Saints Row v1.1.4-v1.2.4 Plus 18 Trainer.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4016-0-0x00007FFCF0573000-0x00007FFCF0575000-memory.dmp

Filesize
8KB

Download
memory/4016-3-0x000001CE42F00000-0x000001CE42F32000-memory.dmp

Filesize
200KB

Download
memory/4016-6-0x00007FFCF0570000-0x00007FFCF1031000-memory.dmp

Filesize
10.8MB

Download
memory/4016-7-0x00007FFCF0570000-0x00007FFCF1031000-memory.dmp

Filesize
10.8MB

Download
memory/4016-8-0x00007FFCF0570000-0x00007FFCF1031000-memory.dmp

Filesize
10.8MB

Download
memory/4016-9-0x00007FFCF0570000-0x00007FFCF1031000-memory.dmp

Filesize
10.8MB

Download
memory/4016-10-0x000001CE5F630000-0x000001CE5F638000-memory.dmp

Filesize
32KB

Download
memory/4016-11-0x00007FFCF0570000-0x00007FFCF1031000-memory.dmp

Filesize
10.8MB

Download
memory/4016-13-0x000001CE5F680000-0x000001CE5F68E000-memory.dmp

Filesize
56KB

Download
memory/4016-12-0x000001CE5F6B0000-0x000001CE5F6E8000-memory.dmp

Filesize
224KB

Download
memory/4016-23-0x00007FFCF0573000-0x00007FFCF0575000-memory.dmp

Filesize
8KB

Download
memory/4016-24-0x00007FFCF0570000-0x00007FFCF1031000-memory.dmp

Filesize
10.8MB

Download
memory/4016-25-0x00007FFCF0570000-0x00007FFCF1031000-memory.dmp

Filesize
10.8MB

Download
memory/4016-26-0x00007FFCF0570000-0x00007FFCF1031000-memory.dmp

Filesize
10.8MB

Download
memory/4016-27-0x00007FFCF0570000-0x00007FFCF1031000-memory.dmp

Filesize
10.8MB

Download
memory/4016-28-0x00007FFCF0570000-0x00007FFCF1031000-memory.dmp

Filesize
10.8MB

Download