Analysis
-
max time kernel
150s -
max time network
136s -
platform
windows10-2004_x64 -
resource
win10v2004-20250129-en -
resource tags
arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system -
submitted
30/01/2025, 20:00 UTC
Behavioral task
behavioral1
Sample
84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe
Resource
win7-20241010-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe
Resource
win10v2004-20250129-en
2 signatures
150 seconds
General
-
Target
84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe
-
Size
1.4MB
-
MD5
f8720dd2c07bdb66761ac7b54760aaaf
-
SHA1
b3e1d4137352e4fddcf99d6681702252c32e5d25
-
SHA256
84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954
-
SHA512
baa1a60cc793f518e2d9e4570c410d74b3093d2e8d42221acd15eee1d9f943baa879910b8ff6f83112f80a268627404fdeaef8d7c7996f6b4c954f016c7ff1b4
-
SSDEEP
24576:N9/QSW61N8Lqpgz7R0Ahn5nRQfbJ7MiYPDS/R:OeyepURPh5nRQfV7D
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 448 84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe
Processes
Network
-
Remote address:8.8.8.8:53Request131.160.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request131.160.190.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request103.209.201.84.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request103.209.201.84.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Requestflingtrainer.comIN AResponseflingtrainer.comIN A104.26.15.72flingtrainer.comIN A104.26.14.72flingtrainer.comIN A172.67.73.26
-
GEThttps://flingtrainer.com/wp-content/check-for-trainer-update/hades-trainer84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exeRemote address:104.26.15.72:443RequestGET /wp-content/check-for-trainer-update/hades-trainer HTTP/1.1
User-Agent: FLiNGTrainer
Host: flingtrainer.com
ResponseHTTP/1.1 200 OK
Content-Length: 11
Connection: keep-alive
vary: User-Agent
last-modified: Fri, 03 Sep 2021 00:43:16 GMT
etag: "b-5cb0c95c03100"
accept-ranges: bytes
Cache-Control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9mqI%2B7nzMb3L8HZW2XGBOYVoGKfCX%2FrdM3FKJfC43vpQcv1slSmchjH4BxwavKacKfzAa0siKtM9ahiyjeVsszLHAPuaf4gARmLt0pqf9S9b3GfWuBLEzJP8nxJ1P5EBOck%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 90a40d0b3d3f3db2-LHR
server-timing: cfL4;desc="?proto=TCP&rtt=28497&min_rtt=28497&rtt_var=14248&sent=11&recv=8&lost=0&retrans=4&sent_bytes=6596&recv_bytes=422&delivery_rate=6890&cwnd=254&unsent_bytes=0&cid=37b84f04aecc59cb&ts=2858&x=0"
-
Remote address:8.8.8.8:53Requestc.pki.googIN AResponsec.pki.googIN CNAMEpki-goog.l.google.compki-goog.l.google.comIN A142.250.179.227
-
Remote address:8.8.8.8:53Requestc.pki.googIN A
-
Remote address:8.8.8.8:53Request72.15.26.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request72.15.26.104.in-addr.arpaIN PTR
-
GEThttp://c.pki.goog/r/gsr1.crl84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exeRemote address:142.250.179.227:80RequestGET /r/gsr1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: c.pki.goog
ResponseHTTP/1.1 200 OK
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 1739
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 30 Jan 2025 19:24:09 GMT
Expires: Thu, 30 Jan 2025 20:14:09 GMT
Cache-Control: public, max-age=3000
Age: 2206
Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
-
Remote address:142.250.179.227:80RequestGET /r/r4.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: c.pki.goog
ResponseHTTP/1.1 200 OK
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 436
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 30 Jan 2025 19:24:07 GMT
Expires: Thu, 30 Jan 2025 20:14:07 GMT
Cache-Control: public, max-age=3000
Age: 2208
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
-
Remote address:8.8.8.8:53Request227.179.250.142.in-addr.arpaIN PTRResponse227.179.250.142.in-addr.arpaIN PTRlhr25s31-in-f31e100net
-
Remote address:8.8.8.8:53Request56.163.245.4.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request56.163.245.4.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request171.39.242.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request171.39.242.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request98.117.19.2.in-addr.arpaIN PTRResponse98.117.19.2.in-addr.arpaIN PTRa2-19-117-98deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request98.117.19.2.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request98.117.19.2.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request48.229.111.52.in-addr.arpaIN PTRResponse
-
104.26.15.72:443https://flingtrainer.com/wp-content/check-for-trainer-update/hades-trainertls, http84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe1.1kB 6.5kB 13 11
HTTP Request
GET https://flingtrainer.com/wp-content/check-for-trainer-update/hades-trainerHTTP Response
200 -
142.250.179.227:80http://c.pki.goog/r/r4.crlhttp84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe706 B 5.1kB 10 8
HTTP Request
GET http://c.pki.goog/r/gsr1.crlHTTP Response
200HTTP Request
GET http://c.pki.goog/r/r4.crlHTTP Response
200
-
146 B 159 B 2 1
DNS Request
131.160.190.20.in-addr.arpa
DNS Request
131.160.190.20.in-addr.arpa
-
146 B 133 B 2 1
DNS Request
103.209.201.84.in-addr.arpa
DNS Request
103.209.201.84.in-addr.arpa
-
8.8.8.8:53flingtrainer.comdns84a7fcdb4f44190092e6ec8b4a7a0aa40f1b61943a78c6bfd75055e7b5089954.exe62 B 110 B 1 1
DNS Request
flingtrainer.com
DNS Response
104.26.15.72104.26.14.72172.67.73.26
-
112 B 107 B 2 1
DNS Request
c.pki.goog
DNS Request
c.pki.goog
DNS Response
142.250.179.227
-
142 B 133 B 2 1
DNS Request
72.15.26.104.in-addr.arpa
DNS Request
72.15.26.104.in-addr.arpa
-
74 B 112 B 1 1
DNS Request
227.179.250.142.in-addr.arpa
-
142 B 157 B 2 1
DNS Request
56.163.245.4.in-addr.arpa
DNS Request
56.163.245.4.in-addr.arpa
-
144 B 158 B 2 1
DNS Request
171.39.242.20.in-addr.arpa
DNS Request
171.39.242.20.in-addr.arpa
-
210 B 133 B 3 1
DNS Request
98.117.19.2.in-addr.arpa
DNS Request
98.117.19.2.in-addr.arpa
DNS Request
98.117.19.2.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
48.229.111.52.in-addr.arpa