1feca441a4025150d5ac3e4c21decbbb124b135ec31e80b096d396f168fcf13c

Analysis

max time kernel
19s
max time network
12s
platform
windows11-21h2_x64
resource
win11-20250217-en
resource tags

arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
submitted
13/03/2025, 18:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Library Of Ruina v1.1.0 Plus 11 Trainer.exe
Size

1.5MB
MD5

b0dce6eddc2a6f8fb5637a8c148fcf30
SHA1

4b7699ede79761ea3ccb64cb47ff0851f3457499
SHA256

1feca441a4025150d5ac3e4c21decbbb124b135ec31e80b096d396f168fcf13c
SHA512

fbdd8e207114bec20e85d57ac81fe60cc1f2af4e3a0460eebe05dd891cc441440e3c902311c057ed10d1cf379d16a896598d4cfce9d00a9eecb57410a7c0ec88
SSDEEP

24576:8yo7Ff8Rf+jUrkQ80tJQE/ke9qMbJ7Bx4uDS0CURb:k2Rf/Id0YECMV7742CURb

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe
4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4836	Library Of Ruina v1.1.0 Plus 11 Trainer.exe

C:\Users\Admin\AppData\Local\Temp\Library Of Ruina v1.1.0 Plus 11 Trainer.exe
"C:\Users\Admin\AppData\Local\Temp\Library Of Ruina v1.1.0 Plus 11 Trainer.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4836-0-0x00007FFCC36D3000-0x00007FFCC36D5000-memory.dmp

Filesize
8KB

Download
memory/4836-1-0x000001F44F780000-0x000001F44F7B2000-memory.dmp

Filesize
200KB

Download
memory/4836-2-0x00007FFCC36D0000-0x00007FFCC4192000-memory.dmp

Filesize
10.8MB

Download
memory/4836-3-0x00007FFCC36D0000-0x00007FFCC4192000-memory.dmp

Filesize
10.8MB

Download
memory/4836-4-0x00007FFCC36D0000-0x00007FFCC4192000-memory.dmp

Filesize
10.8MB

Download
memory/4836-7-0x00007FFCC36D0000-0x00007FFCC4192000-memory.dmp

Filesize
10.8MB

Download
memory/4836-9-0x00007FFCC36D0000-0x00007FFCC4192000-memory.dmp

Filesize
10.8MB

Download
memory/4836-18-0x00007FFCC36D0000-0x00007FFCC4192000-memory.dmp

Filesize
10.8MB

Download
memory/4836-19-0x00007FFCC36D0000-0x00007FFCC4192000-memory.dmp

Filesize
10.8MB

Download
memory/4836-20-0x00007FFCC36D0000-0x00007FFCC4192000-memory.dmp

Filesize
10.8MB

Download
memory/4836-21-0x00007FFCC36D0000-0x00007FFCC4192000-memory.dmp

Filesize
10.8MB

Download
memory/4836-22-0x00007FFCC36D0000-0x00007FFCC4192000-memory.dmp

Filesize
10.8MB

Download