Analysis Overview
SHA256
446e83f044b6319c85d16ace8fc63537a0d8b541658a90dae375756495535003
Threat Level: Known bad
The file HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe was found to be: Known bad.
Malicious Activity Summary
R77 family
r77 rootkit payload
Unsigned PE
Browser Information Discovery
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-23 17:13
Signatures
R77 family
r77 rootkit payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-23 17:13
Reported
2024-11-23 17:16
Platform
win7-20240903-en
Max time kernel
52s
Max time network
145s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
"C:\Users\Admin\AppData\Local\Temp\HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef03c9758,0x7fef03c9768,0x7fef03c9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1188 --field-trial-handle=1252,i,9947612760399551518,17147479946453137469,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1548 --field-trial-handle=1252,i,9947612760399551518,17147479946453137469,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 --field-trial-handle=1252,i,9947612760399551518,17147479946453137469,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2308 --field-trial-handle=1252,i,9947612760399551518,17147479946453137469,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2320 --field-trial-handle=1252,i,9947612760399551518,17147479946453137469,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1524 --field-trial-handle=1252,i,9947612760399551518,17147479946453137469,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1468 --field-trial-handle=1252,i,9947612760399551518,17147479946453137469,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3684 --field-trial-handle=1252,i,9947612760399551518,17147479946453137469,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3700 --field-trial-handle=1252,i,9947612760399551518,17147479946453137469,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3624 --field-trial-handle=1252,i,9947612760399551518,17147479946453137469,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=732 --field-trial-handle=1252,i,9947612760399551518,17147479946453137469,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1780 --field-trial-handle=1252,i,9947612760399551518,17147479946453137469,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2452 --field-trial-handle=1252,i,9947612760399551518,17147479946453137469,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3708 --field-trial-handle=1252,i,9947612760399551518,17147479946453137469,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3932 --field-trial-handle=1252,i,9947612760399551518,17147479946453137469,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3952 --field-trial-handle=1252,i,9947612760399551518,17147479946453137469,131072 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | flingtrainer.com | udp |
| US | 104.26.15.72:443 | flingtrainer.com | tcp |
| US | 104.26.15.72:443 | flingtrainer.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.200.3:80 | c.pki.goog | tcp |
| GB | 142.250.200.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| US | 2.21.72.73:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| RO | 2.20.118.102:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | paste.fo | udp |
| US | 172.67.144.225:443 | paste.fo | tcp |
| US | 172.67.144.225:443 | paste.fo | tcp |
| US | 172.67.144.225:443 | paste.fo | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | js.hcaptcha.com | udp |
| US | 104.19.230.21:443 | js.hcaptcha.com | tcp |
| US | 8.8.8.8:53 | u.paste.fo | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | newassets.hcaptcha.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| GB | 172.217.169.10:443 | content-autofill.googleapis.com | tcp |
| GB | 172.217.169.10:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | api2.hcaptcha.com | udp |
| US | 104.19.230.21:443 | api2.hcaptcha.com | udp |
| US | 172.67.144.225:443 | u.paste.fo | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 172.67.144.225:443 | u.paste.fo | udp |
| US | 8.8.8.8:53 | ufile.io | udp |
| US | 104.27.206.87:443 | ufile.io | tcp |
| US | 104.27.206.87:443 | ufile.io | tcp |
| US | 104.27.206.87:443 | ufile.io | udp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | client.crisp.chat | udp |
| US | 8.8.8.8:53 | image.crisp.chat | udp |
| US | 8.8.8.8:53 | settings.crisp.chat | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 104.18.29.104:443 | settings.crisp.chat | tcp |
| US | 104.18.28.104:443 | settings.crisp.chat | tcp |
| BE | 64.233.184.156:443 | stats.g.doubleclick.net | tcp |
| US | 104.18.29.104:443 | settings.crisp.chat | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.169.10:443 | content-autofill.googleapis.com | udp |
| US | 104.18.29.104:443 | settings.crisp.chat | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | cloudflareinsights.com | udp |
| US | 104.18.29.104:443 | settings.crisp.chat | udp |
| US | 8.8.8.8:53 | client.relay.crisp.chat | udp |
| US | 104.18.29.104:443 | settings.crisp.chat | udp |
| DE | 159.89.97.13:443 | client.relay.crisp.chat | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
Files
memory/1688-0-0x000007FEF5E33000-0x000007FEF5E34000-memory.dmp
memory/1688-1-0x0000000000440000-0x0000000000474000-memory.dmp
memory/1688-2-0x000007FEF5E30000-0x000007FEF681C000-memory.dmp
memory/1688-4-0x000007FEF5E30000-0x000007FEF681C000-memory.dmp
memory/1688-3-0x000007FEF5E30000-0x000007FEF681C000-memory.dmp
memory/1688-5-0x000007FEF5E30000-0x000007FEF681C000-memory.dmp
memory/1688-7-0x00000000004B0000-0x00000000004BA000-memory.dmp
memory/1688-6-0x00000000004B0000-0x00000000004BA000-memory.dmp
memory/1688-8-0x000007FEF5E30000-0x000007FEF681C000-memory.dmp
memory/1688-12-0x000007FEF5E30000-0x000007FEF681C000-memory.dmp
memory/1688-31-0x000007FEF5E33000-0x000007FEF5E34000-memory.dmp
memory/1688-30-0x000007FEF5E30000-0x000007FEF681C000-memory.dmp
memory/1688-36-0x000007FEF5E30000-0x000007FEF681C000-memory.dmp
\??\pipe\crashpad_2824_NJHQCHUIIRNIEKIH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
memory/1688-92-0x000007FEF5E30000-0x000007FEF681C000-memory.dmp
memory/1688-93-0x00000000004B0000-0x00000000004BA000-memory.dmp
memory/1688-94-0x00000000004B0000-0x00000000004BA000-memory.dmp
memory/1688-95-0x000007FEF5E30000-0x000007FEF681C000-memory.dmp
memory/1688-105-0x000007FEF5E30000-0x000007FEF681C000-memory.dmp
memory/1688-106-0x000007FEF5E30000-0x000007FEF681C000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 802a63db5ba4471eb5d575f554f556ab |
| SHA1 | 5b4a675bef6b864a3d5387d0c24d17d2ce163bc9 |
| SHA256 | 3f867cae8052986e85f449ae362b6055bb72d13f50af8770ba1b4ce5c658946a |
| SHA512 | 0c44de7892c9eefb99b57fcb24ad04a7bf07257ffafbf5fdc716e307020561752d627a31d6890ea03157bbff63eb687fcdc86dd4c817f43e76390a88b118f359 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 57a12acbcc08246c64fbf1edbe796ea6 |
| SHA1 | 023dfb8db7ad7e9bd4995718270357f55eb9de20 |
| SHA256 | 0d2abcfb40b3eb288343981f3a3b0b6853347cbfc626e080ce409a3de686480f |
| SHA512 | 3561473b5f677a5be35d57c2903bb94600940d215dea031d47d0d5ca9632f999483bf676ed95ccb02d3b184e62d5f7b1f8787d70ca8435be7a0a7b8a201f00a8 |
C:\Users\Admin\AppData\Local\Temp\CabA544.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarA631.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12
| MD5 | 67e486b2f148a3fca863728242b6273e |
| SHA1 | 452a84c183d7ea5b7c015b597e94af8eef66d44a |
| SHA256 | facaf1c3a4bf232abce19a2d534e495b0d3adc7dbe3797d336249aa6f70adcfb |
| SHA512 | d3a37da3bb10a9736dc03e8b2b49baceef5d73c026e2077b8ebc1b786f2c9b2f807e0aa13a5866cf3b3cafd2bc506242ef139c423eaffb050bbb87773e53881e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12
| MD5 | 10fb5d23546c0f4d28656a9381af8d3e |
| SHA1 | 2ce92e7f58b3dbdfb3ff4e9ea7fad7179cec863f |
| SHA256 | 5804b51f4e84bd98442d1a126f6b2efe07105e9a7fce4d2bf70d3a00fd1d0dae |
| SHA512 | 77fba7c3dc33783eefe562ef297c36557d3bbc9cbfa9e8771b5bce9d5816e8a7cf7e71b703ad9b42ab9bde7eb3a8fc9e4d250ad0b9d08bc9f5ec04ece25f9e59 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8
| MD5 | 971c514f84bba0785f80aa1c23edfd79 |
| SHA1 | 732acea710a87530c6b08ecdf32a110d254a54c8 |
| SHA256 | f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895 |
| SHA512 | 43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8
| MD5 | 73b8e43461e466a47e1d3279d92ebf7f |
| SHA1 | 5cb97a9eb84da767b443b248071cc505c304892e |
| SHA256 | 70f47610f3780720eb426cad63e1ac0baed7ce37d14f5f8a12a2351f0c6b2fd4 |
| SHA512 | a09489f8bfe18d6bf0854a51b5fda6e18d441379f2b5a427b8febad812f889f9a1bef6abb1efb1f53044d4355e292b8724ef5b96850a4a69dc444b29b1918900 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5afb5d7f5f1c91ee342e6d75ece0be32 |
| SHA1 | 87503d20cdb9ef9998f5fec9d1c49a6915117bed |
| SHA256 | 02f7ad4ac354b688455fdce43a20a3c9deefe560be9f3331edd405488007caa6 |
| SHA512 | 53c3aff76a29da7ed8a3e704768b9377b8b4c164eabf97b650ac0e11886dd73626f612f174ec5e950bc12469efbf4e2b324c5f45df13caeb9f50a326a69d4859 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e37124f87840789bfd3b8c6649453167 |
| SHA1 | a06549475b0927198af37400d3301d96185a5e48 |
| SHA256 | 2393cb0c8a69fa5df1dff03742afd58ef7c60dbc95025ba734f7a614c98ebeff |
| SHA512 | 0987648510bcb5b804ca3b46faa213b53acd9e4240311c100cf24330dbace9a1e18631aa48ee975a4685e3e32303cc7dbd6df2316c5e2b785db54658c853b6f1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\3f7ffb11-a7a6-4f97-b7af-bb66d0e4568d.tmp
| MD5 | 115777cbf80993df1a9d421f2d6ba411 |
| SHA1 | 2296faaf4bd46bb127ffba2c0b975eacd8965260 |
| SHA256 | ba9acebf1800a3236fb18b437de94e13177559d48921ab453b4b7d4a6a4f5fbf |
| SHA512 | dad0bf574375f6347b419a2ff2b883ed0416e921a35be51c775ef933cfefbd3da84f6009abb233a8c42599a582477910dd9e83641fb1961a8260a4e48be39354 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 28a03fd1cc8e41cbc797fe6e078de368 |
| SHA1 | 641da91323e913c9f8cc7e7980045c89fe9a9177 |
| SHA256 | 861fad58f59df225d3dd572105193f681828679188edc45bfbb9a8e436ba63c0 |
| SHA512 | 209d92d845630876562b233ed7e5de0f86ae48eea649cc169d3cb504edb11c6225ef1c8c39f15318b67b7562c2b59e20d717fcc82751894712cbdf732dd92410 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 84005b0890a7844bb136d5e351fee560 |
| SHA1 | 133712a99214b46398d760880b26c777d0559b93 |
| SHA256 | b2a9820b7b748b9a2cd9b0e4a6aab3f560a1f6dd8d954aa733be278843fded2b |
| SHA512 | 4fb00b95e4eadb97771db3ee70dbdc524257000cf2e76644c19095072e1301b7d9eaf28cf9cb13063d06f516148d5119394ef7dbfd2b2a42e0058c3a16474dcd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a51bc5d7e610afb6494e99d9eb011c24 |
| SHA1 | 1cdee646e2145594ac82f02bfa204f02ac2b6bb0 |
| SHA256 | ed4399256fba7066dca4d24f113ec448f456093f565d08471933cfe0750ca103 |
| SHA512 | 18957e4865e7d144a2b2b287eb2e300d99feccdcaa8f9a84c9c7e0ab5c4bd83962d58fbd2b849986148c237039e4076a1c5edf71d0feb2d8c77d0640a5c4efda |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ae2d2f030ad53960e22d66b42d02d79f |
| SHA1 | dbc81e570323537feb56b4448f3c2ed89a773eb1 |
| SHA256 | c59734cb6e1b2dbf5a40c1f2dd9883e2b396a0f38771f7db6ecc39e98f57fdf7 |
| SHA512 | 18519e36879dc072fdd25b106b398a8d646ff85941e247e082053aad9b07db5cb9ced7b9f2d7cdb7256833824a549ce565d828f04e9bca4aafd168751ff7dbb1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 8e7f4d613a49f49bf6d982ab79e34c5b |
| SHA1 | 3ad27199bb1761d4a867214ab557311db9fadd22 |
| SHA256 | 6b753d87b872d86cde3bf2db3a263476fcc89ad16f7c5aaf1c5dca9cf5c73add |
| SHA512 | 2a8f1fda70606d1a73d6063d698758f0396558f9b4051947a7e86e6ba1f64b630a032bc7fc34b2bb4f2a7a3258f2c26403adc577f838edeb7b643de4ac57f34b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 349d52ad6ed068a84855aa899cda6673 |
| SHA1 | c7d87d2f8ba9ca317bd71cd82259e4fab7aa4354 |
| SHA256 | a42496d1a6b89d5d79fb47e41656c180e192b635634ec2ff4742ab9819cd94e5 |
| SHA512 | 419d712372c88ff0de4a126c652d46c2de73cd4d10e43fe56f52e137bc7f6d925e54e91ef47906758b088666f8bb31809e7b640a13ec373d96c578115be61538 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017
| MD5 | 2be38925751dc3580e84c3af3a87f98d |
| SHA1 | 8a390d24e6588bef5da1d3db713784c11ca58921 |
| SHA256 | 1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b |
| SHA512 | 1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 4193243afecbc1551ad83b8b841acd33 |
| SHA1 | 87a471883c26395e9cfaa0448caf5014211bc1de |
| SHA256 | cb227e339c5015c8bce324dc663396a5cc0959153a86f7d2ed162d7dd408c76a |
| SHA512 | 9952614751e3776cde520f569b67f336a07337ac59f5b5da03b29980af09eb428a4d9432e9a7caeca16870ce8870586477f51b9c6a958c24ae28ffd4a69c4f34 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 699db21ee0c63e79456bc52879149315 |
| SHA1 | c19a57717a6a441e9e78418a0a53c24178b7acf9 |
| SHA256 | 8c762846609a8893b95a4f79a3daa6666f5502d24825a78d4706ed4aea7003f3 |
| SHA512 | 5383f53c4aaa6e284698547863f8d2841efd78d9183a838cb32ac312e8e6232ac2ff2d1d5ee89cd170b89087a349730d2532c7cc8637286acbaeac0c5c4c2a51 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 06d158ed2dcfa8ae36059bed9c9997b6 |
| SHA1 | 357e6430ee35ae35f430b8fad26a816fc57b1e9d |
| SHA256 | cda508ce9651d8c3841b2f0fbbd2e833d8d81d049ae2987ca9094cbd1a1b5b61 |
| SHA512 | 95ccff179954d6926f572e6ec52870cb295eb48999a6096dc53e54296f4cbd09612094a50d94ad6c410dd819e8f30316b8f67ef876a56188945dbdc28b28dd26 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-23 17:13
Reported
2024-11-23 17:16
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
140s
Command Line
Signatures
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
"C:\Users\Admin\AppData\Local\Temp\HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | flingtrainer.com | udp |
| US | 104.26.15.72:443 | flingtrainer.com | tcp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.200.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | 72.15.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
Files
memory/4308-0-0x00007FFA102C3000-0x00007FFA102C5000-memory.dmp
memory/4308-1-0x00000292C8570000-0x00000292C85A4000-memory.dmp
memory/4308-2-0x00007FFA102C0000-0x00007FFA10D81000-memory.dmp
memory/4308-3-0x00007FFA102C0000-0x00007FFA10D81000-memory.dmp
memory/4308-4-0x00007FFA102C0000-0x00007FFA10D81000-memory.dmp
memory/4308-5-0x00007FFA102C0000-0x00007FFA10D81000-memory.dmp
memory/4308-6-0x00007FFA102C0000-0x00007FFA10D81000-memory.dmp
memory/4308-7-0x00000292C87C0000-0x00000292C87C8000-memory.dmp
memory/4308-9-0x00000292E2BF0000-0x00000292E2BFE000-memory.dmp
memory/4308-8-0x00000292E2C30000-0x00000292E2C68000-memory.dmp
memory/4308-22-0x00007FFA102C3000-0x00007FFA102C5000-memory.dmp
memory/4308-23-0x00007FFA102C0000-0x00007FFA10D81000-memory.dmp
memory/4308-24-0x00007FFA102C0000-0x00007FFA10D81000-memory.dmp
memory/4308-25-0x00007FFA102C0000-0x00007FFA10D81000-memory.dmp
memory/4308-26-0x00007FFA102C0000-0x00007FFA10D81000-memory.dmp