Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
26-01-2025 10:46
Behavioral task
behavioral1
Sample
7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe
Resource
win7-20240903-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe
Resource
win10v2004-20241007-en
2 signatures
150 seconds
General
-
Target
7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe
-
Size
1.7MB
-
MD5
1162bebd28f3ebee8f16363b04c268f5
-
SHA1
74683760841442ad7d18a7d4b4aa0b41896d130b
-
SHA256
7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c
-
SHA512
f1c4ddec33055d6bdd780b5c2f28f0b0c642df50817d53eb5692e44a71e6e20e0dd402034551e80be19cc3ac663fc83638d4989c72b5920de008d207abb747b7
-
SSDEEP
24576:vmQn8AtHx3OXiORxXpv9aRmqZhm9tChfKsKNDSVXT5XUjlkyaQ:vm8tHAXV3Xp2m6h0UfKszXT5XUjG1Q
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe Token: SeDebugPrivilege 4808 7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe
Processes
Network
-
Remote address:8.8.8.8:53Request58.55.71.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request181.129.81.91.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestflingtrainer.comIN AResponseflingtrainer.comIN A104.26.14.72flingtrainer.comIN A104.26.15.72flingtrainer.comIN A172.67.73.26
-
GEThttps://flingtrainer.com/wp-content/check-for-trainer-update/get-trainer-update7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exeRemote address:104.26.14.72:443RequestGET /wp-content/check-for-trainer-update/get-trainer-update HTTP/1.1
User-Agent: FLiNGTrainer
Host: flingtrainer.com
ResponseHTTP/1.1 200 OK
Content-Length: 6
Connection: keep-alive
vary: User-Agent
last-modified: Tue, 09 May 2023 12:34:22 GMT
etag: "6-5fb41f9908f80"
accept-ranges: bytes
Cache-Control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=42VemqF%2BlLA8Rm%2BvaMwa6anVw34iZwxiYQmD74ZlX9ae9VrY6yBVjOANHe9lmenBMU6fhtl86GslGNOUEVirKVb2zN%2F6zvbEL20MhNZIxcLuueQphIe3KEdSS91mc%2FlYqiw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 907fec263db635dd-LHR
server-timing: cfL4;desc="?proto=TCP&rtt=47321&min_rtt=46967&rtt_var=7637&sent=6&recv=9&lost=0&retrans=0&sent_bytes=3299&recv_bytes=427&delivery_rate=85743&cwnd=253&unsent_bytes=0&cid=c5f926677c18bd48&ts=698&x=0"
-
GEThttps://flingtrainer.com/wp-content/check-for-trainer-update/assassins-creed-origins-trainer7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exeRemote address:104.26.14.72:443RequestGET /wp-content/check-for-trainer-update/assassins-creed-origins-trainer HTTP/1.1
User-Agent: FLiNGTrainer
Host: flingtrainer.com
ResponseHTTP/1.1 200 OK
Content-Length: 11
Connection: keep-alive
vary: User-Agent
last-modified: Tue, 30 Jan 2024 05:16:06 GMT
etag: "b-61022dc0453ce"
accept-ranges: bytes
Cache-Control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y8U0wxzcDlpuJkQWd3S5OF4VblE9cw4hTs%2BCjeZIvfHTC0Ogo5Zyx5B3iPwJ1pCqhi%2BiqU6jKXeeYaY3vqczRTDJq2AY1BS3j5ItkAOjMPib2uNiO%2FBXTNyzw6hsHD0JL88%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 907fec2e7e2c35dd-LHR
server-timing: cfL4;desc="?proto=TCP&rtt=47255&min_rtt=46792&rtt_var=5860&sent=8&recv=11&lost=0&retrans=0&sent_bytes=4338&recv_bytes=591&delivery_rate=85743&cwnd=254&unsent_bytes=0&cid=c5f926677c18bd48&ts=1778&x=0"
-
Remote address:8.8.8.8:53Requestc.pki.googIN AResponsec.pki.googIN CNAMEpki-goog.l.google.compki-goog.l.google.comIN A142.250.187.227
-
GEThttp://c.pki.goog/r/gsr1.crl7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exeRemote address:142.250.187.227:80RequestGET /r/gsr1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: c.pki.goog
ResponseHTTP/1.1 200 OK
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 1739
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sun, 26 Jan 2025 10:41:13 GMT
Expires: Sun, 26 Jan 2025 11:31:13 GMT
Cache-Control: public, max-age=3000
Age: 347
Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
-
Remote address:142.250.187.227:80RequestGET /r/r4.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: c.pki.goog
ResponseHTTP/1.1 200 OK
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 436
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sun, 26 Jan 2025 10:45:01 GMT
Expires: Sun, 26 Jan 2025 11:35:01 GMT
Cache-Control: public, max-age=3000
Age: 119
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
-
Remote address:8.8.8.8:53Request72.14.26.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request138.32.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request227.187.250.142.in-addr.arpaIN PTRResponse227.187.250.142.in-addr.arpaIN PTRlhr25s34-in-f31e100net
-
Remote address:8.8.8.8:53Request5.114.82.104.in-addr.arpaIN PTRResponse5.114.82.104.in-addr.arpaIN PTRa104-82-114-5deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request154.239.44.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request154.239.44.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request197.87.175.4.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request18.31.95.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request88.238.56.23.in-addr.arpaIN PTRResponse88.238.56.23.in-addr.arpaIN PTRa23-56-238-88deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request22.236.111.52.in-addr.arpaIN PTRResponse
-
104.26.14.72:443https://flingtrainer.com/wp-content/check-for-trainer-update/assassins-creed-origins-trainertls, http7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe1.1kB 5.8kB 12 10
HTTP Request
GET https://flingtrainer.com/wp-content/check-for-trainer-update/get-trainer-updateHTTP Response
200HTTP Request
GET https://flingtrainer.com/wp-content/check-for-trainer-update/assassins-creed-origins-trainerHTTP Response
200 -
142.250.187.227:80http://c.pki.goog/r/r4.crlhttp7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe602 B 3.9kB 8 6
HTTP Request
GET http://c.pki.goog/r/gsr1.crlHTTP Response
200HTTP Request
GET http://c.pki.goog/r/r4.crlHTTP Response
200
-
70 B 144 B 1 1
DNS Request
58.55.71.13.in-addr.arpa
-
72 B 147 B 1 1
DNS Request
181.129.81.91.in-addr.arpa
-
8.8.8.8:53flingtrainer.comdns7ba917f33035a91756dcd5d4812314af445e10abad4bb213b8c530f7521d479c.exe62 B 110 B 1 1
DNS Request
flingtrainer.com
DNS Response
104.26.14.72104.26.15.72172.67.73.26
-
56 B 107 B 1 1
DNS Request
c.pki.goog
DNS Response
142.250.187.227
-
71 B 133 B 1 1
DNS Request
72.14.26.104.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
138.32.126.40.in-addr.arpa
-
74 B 112 B 1 1
DNS Request
227.187.250.142.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
5.114.82.104.in-addr.arpa
-
144 B 158 B 2 1
DNS Request
154.239.44.20.in-addr.arpa
DNS Request
154.239.44.20.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
197.87.175.4.in-addr.arpa
-
70 B 144 B 1 1
DNS Request
18.31.95.13.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
88.238.56.23.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
22.236.111.52.in-addr.arpa
-