9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a

Analysis

max time kernel
151s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/09/2022, 19:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
Size

32KB
MD5

df0c310d4be0222791cd9461cad3fbb8
SHA1

e162df913ba68526c27252ffa19ff33549ab73bb
SHA256

9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a
SHA512

fad4055a8d667d4866c8d4f4cb99086a3a8e3d2f60c1f60c7308e953b027afc4f1896d28b4ec039ea726986327fa7b14452e928ab37139c98600e53f1dd2e4b2
SSDEEP

192:xW+vmKC06EoThVyXaQV8O4f9GeVMzkjoNJXRRwS6mKskxU4y:xW+vmKZ6piK4W91Mzk6XPwS4rxU4y

Score

8^/10

evasion persistence

Malware Config

Signatures

Looks for VMWare Tools registry key 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\VMware, Inc.\VMware Tools	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\WinProfile = "sndcfg16.exe"	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunServices	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunServices\WinProfile = "sndcfg16.exe"	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\eDonkey2000\incoming\Starcraft - Battlechest no cd crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\eDonkey2000\incoming\Windows XP Activation Crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\eDonkey2000\incoming\VirtualLab Data Recovery crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\eDonkey2000\incoming\Dragon Ball Z - Supersonic Warriors GBA Atari crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\LimeWire\Shared\FlashFXP v2.2 crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\eDonkey2000\incoming\Medal Of Honor - Allied Assault no cd crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\LimeWire\Shared\Max Payne 2 NO CD Crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\LimeWire\Shared\Madden NFL 2003 no cd crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\LimeWire\Shared\XBOX X-Fer Ripper and Transfer.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\eDonkey2000\incoming\Tom Clancy's Splinter Cell Pandora Tomorrow crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\eDonkey2000\incoming\Kingdom Hearts II Role-Playing Square Enix crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\LimeWire\Shared\Grand Theft Auto 3 no cd crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\LimeWire\Shared\The Legend of Zelda - The Minish Cap GBA Nintendo crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\eDonkey2000\incoming\Sponge Bob Square Pants - Operation Krabby Patty no cd crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\eDonkey2000\incoming\Dark Age Of Camelot - Trials Of Atlantis no cd crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\LimeWire\Shared\Tom Clancys Ghost Recon - Desert Siege no cd crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\LimeWire\Shared\Age Of Mythology no cd crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\LimeWire\Shared\Besieger Strategy DreamCatcher Interactive crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\LimeWire\Shared\Classic NES Series - The Legend of Zelda GBA Role-Playing Nintendo crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\LimeWire\Shared\Diablo 2 NO CD crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\LimeWire\Shared\Psi-Ops - The Mindgate Conspiracy Midway crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\eDonkey2000\incoming\Medal Of Honor - Allied Assault BreakThrough no cd crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\eDonkey2000\incoming\Adobe Illustrator v10.0 Time Limit Crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\eDonkey2000\incoming\XBOX X-Fer Ripper and Transfer.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\LimeWire\Shared\Macromedia Contribute v2.0 crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\LimeWire\Shared\Warez P2P.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\eDonkey2000\incoming\The Sims - Makin Magic Expansion Pack no cd crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\eDonkey2000\incoming\Gran Turismo 4 SCEA crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\eDonkey2000\incoming\The Sims no cd crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\eDonkey2000\incoming\Backyard Baseball 2003 no cd crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\eDonkey2000\incoming\Doom 3 Activision crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\LimeWire\Shared\Nero Burning ROM v6.x crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\LimeWire\Shared\Mario Tennis GC Nintendo crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\eDonkey2000\incoming\McFarlanes Evil Prophecy Konami crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\LimeWire\Shared\Adobe Photoshop 7 keygen.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\eDonkey2000\incoming\WinZip All Versions keygen.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\eDonkey2000\incoming\WinZip v8.x - v9.x patch.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\LimeWire\Shared\iMesh patch.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\LimeWire\Shared\Avant Browser.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\LimeWire\Shared\Medal of Honor Pacific Assault EA Games crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\eDonkey2000\incoming\Anti-Trojan 4.0.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\eDonkey2000\incoming\iMesh patch.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\LimeWire\Shared\Hidden & Dangerous 2 NO CD Crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\LimeWire\Shared\Halo - Combat Evolved - Microsoft no cd crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\LimeWire\Shared\Macromedia Dreamweaver UltraDev 4.0 Patch.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\eDonkey2000\incoming\Unreal Tournament 2004 NO CD crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\eDonkey2000\incoming\Metal Gear Solid 3 - Snake Eater Konami crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\LimeWire\Shared\Civilization III crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\eDonkey2000\incoming\mIRC 6.X crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\eDonkey2000\incoming\Need for Speed Underground 2 Electronic Arts crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\LimeWire\Shared\Medieval - Total War no cd crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\LimeWire\Shared\Medal Of Honor - Allied Assault BreakThrough no cd crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\eDonkey2000\incoming\NeedforspeedUnderground-nocd.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\eDonkey2000\incoming\Adobe Photoshop 7 keygen.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\LimeWire\Shared\Macromedia Fireworks 4.0 Patch.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\eDonkey2000\incoming\Doom 3 NO CD Crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\eDonkey2000\incoming\The Sims Deluxe no cd crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\eDonkey2000\incoming\Download Accelerator Plus (spyware free).exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\LimeWire\Shared\Adobe PageMaker v7.0 Keygen.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\LimeWire\Shared\WinZip v8.0 Keygen.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\LimeWire\Shared\Tony Hawks Underground crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\eDonkey2000\incoming\Adobe PageMaker v7.0 Keygen.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\eDonkey2000\incoming\Microsoft Office 2000 Regmaker.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Program Files\eDonkey2000\incoming\Full Spectrum Warrior Strategy THQ crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Downloaded Program Files\Halo - Combat Evolved - Microsoft no cd crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\Warez P2P.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\The Sims - Vacation Expansion Pack no cd crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\Medal Of Honor - Allied Assault no cd crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\Starcraft - Battlechest no cd crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\The Sims - Unleashed Expansion Pack no cd crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\The Sims - Makin Magic Expansion Pack no cd crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\FlashFXP v2.2 crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\Hidden & Dangerous 2 NO CD Crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\Warcraft III - Reign Of Chaos no cd crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\The Sims - Vacation Expansion Pack no cd crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\Adobe Photoshop 7 keygen.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\Microsoft Office XP Professional Serial.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\Microsoft Office XP Professional Crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\Need for Speed Underground NO CD crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\Age of Empires II The Age of Kings NO CD crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\Soldier of Fortune II- Double Helix no cd crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\Zoo Tycoon- Dinosaur Digs no cd crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\Windows XP Professional crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\Macromedia ColdFusion MX crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\Civilization III crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\Dark Age Of Camelot - Trials Of Atlantis no cd crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\Star Wars - Jedi Knight - Jedi Academy no cd crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\Macromedia Dreamweaver MX v6.0 crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\Need For Speed 5 - no cd.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\FlashFXP v2.1 crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\Morpheus patch.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\DivX Player and Codec.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\The Sims - Hot Date Expansion Pack no cd crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\MS Zoo Tycoon no cd crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\Backyard Baseball 2003 no cd crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\Zoo Tycoon - Complete Collection no cd crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File opened for modification	C:\Windows\Downloaded Program Files\The Sims no cd crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\mirc 6.1x reg entries.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\WinZIP v9.0 Keygen.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\Trillian crasher.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\Microsoft Office XP Universal Activator v1.0.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\RoboForm crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\Sim Theme Park World no cd crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\Max Payne 2 Fall Of Max Payne no cd crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File opened for modification	C:\Windows\Downloaded Program Files\Macromedia Dreamweaver MX v6.0 crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\Macromedia Flash All Versions keygen.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\Final Fantasy XI - Square Enix USA no cd crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\Jedi Academy NO CD Crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\Deus Ex Invisible War NO CD Crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\Icewind Dale 2 no cd crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\Madden NFL 2003 no cd crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\iMesh patch.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\Roller Coaster Tycoon no cd crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\Adobe Golive v6.0 Keygen.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\Anti-Trojan 4.0.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\WinZip Self-Extractor v2.2 keygen.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\Sim City 4 - Rush Hour no cd crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\Macromedia Fireworks 4.0 Patch.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\Winzip keygen.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\ICQ Pro 2003b.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\Unreal Tournament 2004 crack (keygen).exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\Tom Clancys Ghost Recon - Desert Siege no cd crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File opened for modification	C:\Windows\Downloaded Program Files\MaxPayne 2 The Fall Of Max Payne Crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\FlashFXP v1.4.1 Crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\Microsoft Office 2000 Regmaker.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\RYL crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\Mafia no cd crack.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
File created	C:\Windows\Downloaded Program Files\Adobe Photoshop all.exe	9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe

C:\Users\Admin\AppData\Local\Temp\9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe
"C:\Users\Admin\AppData\Local\Temp\9d80c28aed0377e9a4ef9a31177aa36f5fdf574d86d6bc7f85f30980c8257b1a.exe"
1⤵
- Looks for VMWare Tools registry key
- Adds Run key to start application
- Drops file in Program Files directory
- Drops file in Windows directory
PID:1044

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1044-54-0x0000000075501000-0x0000000075503000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads