Overview

overview

10

Static

static

10

b8e4405e6d...94.exe

windows7-x64

1

b8e4405e6d...94.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    01/02/2025, 13:55 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe

  • Size

    1.4MB

  • MD5

    c4a19e5bc94ef4c6619be422faf336a2

  • SHA1

    1f5b228ba4e0d56acd7cc8b7d792aee38544c9c9

  • SHA256

    b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794

  • SHA512

    258c81971de62ccf664f24788ab002093b8eae228dcf7493afdf431a79198241d78561af1fb68a1bcbfde5e13b078723f57d69c68bed246acf0ddb8061727e3a

  • SSDEEP

    24576:Ptk6/xxsyaIJQ5spHmcM7yM7leG078N8WnDSfLbJ7T:rTstyEsAcMmM7lV078N8WELV7T

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
    "C:\Users\Admin\AppData\Local\Temp\b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2224

Network

  • flag-us
    DNS
    flingtrainer.com
    b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
    Remote address:
    8.8.8.8:53
    Request
    flingtrainer.com
    IN A
    Response
    flingtrainer.com
    IN A
    104.26.14.72
    flingtrainer.com
    IN A
    172.67.73.26
    flingtrainer.com
    IN A
    104.26.15.72
  • flag-us
    GET
    https://flingtrainer.com/wp-content/check-for-trainer-update/get-trainer-update
    b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
    Remote address:
    104.26.14.72:443
    Request
    GET /wp-content/check-for-trainer-update/get-trainer-update HTTP/1.1
    User-Agent: FLiNGTrainer
    Host: flingtrainer.com
    Response
    HTTP/1.1 200 OK
    Date: Sat, 01 Feb 2025 13:55:31 GMT
    Content-Length: 6
    Connection: keep-alive
    vary: User-Agent
    last-modified: Tue, 09 May 2023 12:34:22 GMT
    etag: "6-5fb41f9908f80"
    accept-ranges: bytes
    Cache-Control: no-cache, no-store, must-revalidate
    pragma: no-cache
    expires: 0
    x-frame-options: SAMEORIGIN
    x-xss-protection: 1; mode=block
    x-content-type-options: nosniff
    cf-cache-status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Bmvza57vb%2FbWRTorNNomsrophWHQWOfzUUC5um%2BPHHUvyEBd%2FEJHZZ0HYoeV%2BJcJR8y3KmTzvvMyx3SAysq5BP7JCsqqMwCMf4TMdpWa9FBCkBDBg88UuE%2F6TSvpqruYne0%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 90b27085dde376ff-LHR
    server-timing: cfL4;desc="?proto=TCP&rtt=62242&min_rtt=32127&rtt_var=63409&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3147&recv_bytes=444&delivery_rate=84477&cwnd=253&unsent_bytes=0&cid=d8f6e86c860ed58b&ts=927&x=0"
  • flag-us
    GET
    https://flingtrainer.com/wp-content/check-for-trainer-update/biomutant-trainer
    b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
    Remote address:
    104.26.14.72:443
    Request
    GET /wp-content/check-for-trainer-update/biomutant-trainer HTTP/1.1
    User-Agent: FLiNGTrainer
    Host: flingtrainer.com
    Response
    HTTP/1.1 200 OK
    Date: Sat, 01 Feb 2025 13:55:31 GMT
    Content-Length: 11
    Connection: keep-alive
    vary: User-Agent
    last-modified: Wed, 26 May 2021 12:24:45 GMT
    etag: "b-5c33aba51dd40"
    accept-ranges: bytes
    Cache-Control: no-cache, no-store, must-revalidate
    pragma: no-cache
    expires: 0
    x-frame-options: SAMEORIGIN
    x-xss-protection: 1; mode=block
    x-content-type-options: nosniff
    cf-cache-status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rm57sXb8MRdCYVeGIzGkKCAwUEltg4Tje%2FVMKyaPdPfqV2d4dXxtvkHNxfRu7xP9V23R3QTPR4ZDkUVi40ECfHyHiv31%2Bj%2B9s1dOwaIGKhxHCEvHqpsnrtjyq3r6wVQTUGQ%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 90b2708b5a2b76ff-LHR
    server-timing: cfL4;desc="?proto=TCP&rtt=84085&min_rtt=32127&rtt_var=91242&sent=8&recv=9&lost=0&retrans=0&sent_bytes=4189&recv_bytes=594&delivery_rate=84477&cwnd=254&unsent_bytes=0&cid=d8f6e86c860ed58b&ts=1562&x=0"
  • flag-us
    DNS
    c.pki.goog
    b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
    Remote address:
    8.8.8.8:53
    Request
    c.pki.goog
    IN A
    Response
    c.pki.goog
    IN CNAME
    pki-goog.l.google.com
    pki-goog.l.google.com
    IN A
    216.58.212.227
  • flag-gb
    GET
    http://c.pki.goog/r/gsr1.crl
    b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
    Remote address:
    216.58.212.227:80
    Request
    GET /r/gsr1.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: c.pki.goog
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
    Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
    Content-Length: 1739
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Sat, 01 Feb 2025 13:24:59 GMT
    Expires: Sat, 01 Feb 2025 14:14:59 GMT
    Cache-Control: public, max-age=3000
    Age: 1831
    Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT
    Content-Type: application/pkix-crl
    Vary: Accept-Encoding
  • flag-gb
    GET
    http://c.pki.goog/r/r4.crl
    b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
    Remote address:
    216.58.212.227:80
    Request
    GET /r/r4.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: c.pki.goog
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
    Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
    Content-Length: 436
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Sat, 01 Feb 2025 13:25:01 GMT
    Expires: Sat, 01 Feb 2025 14:15:01 GMT
    Cache-Control: public, max-age=3000
    Age: 1829
    Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
    Content-Type: application/pkix-crl
    Vary: Accept-Encoding
  • flag-us
    DNS
    crl.microsoft.com
    Remote address:
    8.8.8.8:53
    Request
    crl.microsoft.com
    IN A
    Response
    crl.microsoft.com
    IN CNAME
    crl.www.ms.akadns.net
    crl.www.ms.akadns.net
    IN CNAME
    a1363.dscg.akamai.net
    a1363.dscg.akamai.net
    IN A
    88.221.134.83
    a1363.dscg.akamai.net
    IN A
    88.221.134.146
  • flag-gb
    GET
    http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
    Remote address:
    88.221.134.83:80
    Request
    GET /pki/crl/products/MicRooCerAut2011_2011_03_22.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    If-Modified-Since: Thu, 11 Jul 2024 01:45:51 GMT
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: crl.microsoft.com
    Response
    HTTP/1.1 200 OK
    Content-Length: 1036
    Content-Type: application/octet-stream
    Content-MD5: +oTkvMkqpdtzWrUHEQQM3g==
    Last-Modified: Thu, 12 Dec 2024 00:06:56 GMT
    ETag: 0x8DD1A40E476D877
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 729f9bbc-001e-0005-142b-4c8531000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 01 Feb 2025 13:56:01 GMT
    Connection: keep-alive
  • flag-us
    DNS
    www.microsoft.com
    Remote address:
    8.8.8.8:53
    Request
    www.microsoft.com
    IN A
    Response
    www.microsoft.com
    IN CNAME
    www.microsoft.com-c-3.edgekey.net
    www.microsoft.com-c-3.edgekey.net
    IN CNAME
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    IN CNAME
    e13678.dscb.akamaiedge.net
    e13678.dscb.akamaiedge.net
    IN A
    23.192.18.101
  • flag-gb
    GET
    http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
    Remote address:
    23.192.18.101:80
    Request
    GET /pkiops/crl/MicCodSigPCA2011_2011-07-08.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    If-Modified-Since: Sun, 18 Aug 2024 00:23:49 GMT
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: www.microsoft.com
    Response
    HTTP/1.1 200 OK
    Content-Length: 1078
    Content-Type: application/octet-stream
    Content-MD5: HqJzZuA065RHozzmOcAUiQ==
    Last-Modified: Tue, 14 Jan 2025 20:41:31 GMT
    ETag: 0x8DD34DBD43549F4
    x-ms-request-id: 90d94cda-601e-004e-55c9-667962000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    X-EdgeConnect-Origin-MEX-Latency: 141
    Date: Sat, 01 Feb 2025 13:56:01 GMT
    Connection: keep-alive
    TLS_version: UNKNOWN
    ms-cv: CASMicrosoftCV19f3b4fa.0
    ms-cv-esi: CASMicrosoftCV19f3b4fa.0
    X-RTag: RT
  • 104.26.14.72:443
    https://flingtrainer.com/wp-content/check-for-trainer-update/biomutant-trainer
    tls, http
    b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
    1.0kB
     5.6kB
     10
    10

    HTTP Request

    GET https://flingtrainer.com/wp-content/check-for-trainer-update/get-trainer-update

    HTTP Response

    200

    HTTP Request

    GET https://flingtrainer.com/wp-content/check-for-trainer-update/biomutant-trainer

    HTTP Response

    200
  • 216.58.212.227:80
    http://c.pki.goog/r/r4.crl
    http
    b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
    606 B
     5.0kB
     8
    6

    HTTP Request

    GET http://c.pki.goog/r/gsr1.crl

    HTTP Response

    200

    HTTP Request

    GET http://c.pki.goog/r/r4.crl

    HTTP Response

    200
  • 88.221.134.83:80
    http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
    http
    399 B
     1.7kB
     4
    4

    HTTP Request

    GET http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl

    HTTP Response

    200
  • 23.192.18.101:80
    http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
    http
    393 B
     1.8kB
     4
    4

    HTTP Request

    GET http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl

    HTTP Response

    200
  • 8.8.8.8:53
    flingtrainer.com
    dns
    b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
    62 B
     110 B
     1
    1

    DNS Request

    flingtrainer.com

    DNS Response

    104.26.14.72
    172.67.73.26
    104.26.15.72

  • 8.8.8.8:53
    c.pki.goog
    dns
    b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
    56 B
     107 B
     1
    1

    DNS Request

    c.pki.goog

    DNS Response

    216.58.212.227

  • 8.8.8.8:53
    crl.microsoft.com
    dns
    63 B
     162 B
     1
    1

    DNS Request

    crl.microsoft.com

    DNS Response

    88.221.134.83
    88.221.134.146

  • 8.8.8.8:53
    www.microsoft.com
    dns
    63 B
     230 B
     1
    1

    DNS Request

    www.microsoft.com

    DNS Response

    23.192.18.101

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2224-0-0x000007FEF5F03000-0x000007FEF5F04000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2224-1-0x0000000000240000-0x000000000027E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2224-2-0x000007FEF5F00000-0x000007FEF68EC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2224-3-0x000007FEF5F00000-0x000007FEF68EC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2224-4-0x000007FEF5F00000-0x000007FEF68EC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2224-7-0x000007FEF5F00000-0x000007FEF68EC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2224-9-0x000007FEF5F00000-0x000007FEF68EC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2224-10-0x000007FEF5F00000-0x000007FEF68EC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2224-11-0x000007FEF5F00000-0x000007FEF68EC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2224-12-0x000007FEF5F00000-0x000007FEF68EC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2224-31-0x000007FEF5F03000-0x000007FEF5F04000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2224-32-0x000007FEF5F00000-0x000007FEF68EC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2224-33-0x000007FEF5F00000-0x000007FEF68EC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2224-34-0x000007FEF5F00000-0x000007FEF68EC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2224-35-0x000007FEF5F00000-0x000007FEF68EC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2224-36-0x000007FEF5F00000-0x000007FEF68EC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2224-37-0x000007FEF5F00000-0x000007FEF68EC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2224-38-0x000007FEF5F00000-0x000007FEF68EC000-memory.dmp

    Filesize

    9.9MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.