8251658d43e0b12b94eb638b10d8d14e02429b7ba1dfbf42d1279e7de3fa4e9d

General

Target

Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
Size

2.0MB
MD5

95779e3dfdb1913709206febfa60d5cf
SHA1

2eeb7300f46a929dd73fc303d018dbc2bafee3a9
SHA256

bedecf37fe86e0167b104c921b630ab8f842925b2f2018e4080c530a2e4f8ce0
SHA512

d28db83d7d495635f9bd6c9a71e385339ad4098bc2bdfbfdbf79701fbee9ecd180c425c2a906f45d5cb49d88aaf129ae397b2df23b4abf93e1f87dc3a8b045ff
SSDEEP

49152:7pwbbZRnVbeJ7HPHqWNXR+XT5XGLpoOE4I1:C/KJ7p1MD52L+OHI1

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe

pid	process
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe

description	pid	process
Token: SeDebugPrivilege	2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
Token: SeDebugPrivilege	2516	Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe

C:\Users\Admin\AppData\Local\Temp\Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe
"C:\Users\Admin\AppData\Local\Temp\Magicraft Early Access Plus 12 Trainer Updated 2024.03.15.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2516-0-0x000007FEF5C13000-0x000007FEF5C14000-memory.dmp

Filesize
4KB

Download
memory/2516-1-0x0000000001D50000-0x0000000001D84000-memory.dmp

Filesize
208KB

Download
memory/2516-2-0x000007FEF5C10000-0x000007FEF65FC000-memory.dmp

Filesize
9.9MB

Download
memory/2516-3-0x000007FEF5C10000-0x000007FEF65FC000-memory.dmp

Filesize
9.9MB

Download
memory/2516-4-0x000007FEF5C10000-0x000007FEF65FC000-memory.dmp

Filesize
9.9MB

Download
memory/2516-5-0x000007FEF5C10000-0x000007FEF65FC000-memory.dmp

Filesize
9.9MB

Download
memory/2516-6-0x0000000001E20000-0x0000000001E2A000-memory.dmp

Filesize
40KB

Download
memory/2516-7-0x000007FEF5C10000-0x000007FEF65FC000-memory.dmp

Filesize
9.9MB

Download
memory/2516-11-0x000007FEF5C10000-0x000007FEF65FC000-memory.dmp

Filesize
9.9MB

Download
memory/2516-34-0x000007FEF5C13000-0x000007FEF5C14000-memory.dmp

Filesize
4KB

Download
memory/2516-35-0x000007FEF5C10000-0x000007FEF65FC000-memory.dmp

Filesize
9.9MB

Download
memory/2516-36-0x000007FEF5C10000-0x000007FEF65FC000-memory.dmp

Filesize
9.9MB

Download
memory/2516-37-0x000007FEF5C10000-0x000007FEF65FC000-memory.dmp

Filesize
9.9MB

Download
memory/2516-38-0x000007FEF5C10000-0x000007FEF65FC000-memory.dmp

Filesize
9.9MB

Download
memory/2516-39-0x0000000001E20000-0x0000000001E2A000-memory.dmp

Filesize
40KB

Download
memory/2516-40-0x000007FEF5C10000-0x000007FEF65FC000-memory.dmp

Filesize
9.9MB

Download
memory/2516-41-0x000007FEF5C10000-0x000007FEF65FC000-memory.dmp

Filesize
9.9MB

Download

Analysis

Sharing