d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed

Analysis

max time kernel
103s
max time network
171s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 21:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
Size

758KB
MD5

65aded6ead118d77aeac15573c31e4ed
SHA1

b8002557a064a8ba59942bcefe5c0273cbd9ad1c
SHA256

d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed
SHA512

0bb58e15f7eed332c58ddf2433a01a4d6a1481159befeb756f488f7e6f5569e174c56ef51a4ccc258ecdf8e6264279b3e830da563ec1045905aeca253ae47a60
SSDEEP

1536:OKD0A2T3vLbsih9e8bTTpb/IgQmP9zKcTDB4w/UjlQ/dpKRq:352T3siXei5bcmP9JfUjW

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\SvcHosts32 = "C:\\Windows\\system32\\svchosts.exe"	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers32\GeoWhere 2.11 Crack.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File created	C:\Windows\SysWOW64\drivers32\PhotoShow 2.x Serial Generator.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File created	C:\Windows\SysWOW64\drivers32\FlashGet 1.3 Serial Generator.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Quake III No-Cd Crack.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\UltraEdit-32 10.00b Serial Generator.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File created	C:\Windows\SysWOW64\drivers32\SWiSH 2.0 Crack.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Black & White 2 Serial Generator.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Chrome No-Cd Crack.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Network Cable e ADSL Speed 1.x Crack.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Quake IV Serial Generator.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File created	C:\Windows\SysWOW64\drivers32\FlashFXP 1.4 Crack.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\mIRC 6.03 Crack.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Battlefield 1942 - The Road to Rome Serial Generator.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Madden NFL 2003 Serial Generator.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File created	C:\Windows\SysWOW64\drivers32\DAP Plus 5.3 Serial Generator.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File created	C:\Windows\SysWOW64\drivers32\WinZip 8.1 Crack.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File created	C:\Windows\SysWOW64\drivers32\ZoneAlarm 3.8 Crack.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File created	C:\Windows\SysWOW64\drivers32\Battlefield 1942 - The Road to Rome Serial Generator.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\MusicMatch Jukebox 8.x Serial Generator.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File created	C:\Windows\SysWOW64\drivers32\MVP Baseball 2003 No-Cd Crack.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File created	C:\Windows\SysWOW64\drivers32\Quake IV No-Cd Crack.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File created	C:\Windows\SysWOW64\drivers32\mIRC 6.x Crack.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File created	C:\Windows\SysWOW64\drivers32\Quake IV Serial Generator.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\SimCity 4 No-Cd Crack.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Alpha Communicator 5.0 Crack.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File created	C:\Windows\SysWOW64\drivers32\Silent Hill III No-Cd Crack.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File created	C:\Windows\SysWOW64\drivers32\MechWarrior 3 No-Cd Crack.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File created	C:\Windows\SysWOW64\drivers32\Unreal Tournament 2003 Serial Generator.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File created	C:\Windows\SysWOW64\drivers32\Max Payne 2 - The Fall of Max Payne Serial Generator.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Railroad Tycoon III No-Cd Crack.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Easy CD-DA Extractor 5.x Serial Generator.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Macromedia Flash MX 6.x Serial Generator.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\CloneCD 4.x Serial Generator.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File created	C:\Windows\SysWOW64\drivers32\Freedom - Soldiers of Liberty No-Cd Crack.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Warcraft 3 Serial Generator.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Silent Hill 3 Serial Generator.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\ZoneAlarm 3.7.143 Serial Generator.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Freedom - Soldiers of Liberty No-Cd Crack.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File created	C:\Windows\SysWOW64\drivers32\NASCAR Thunder 2003 Serial Generator.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File created	C:\Windows\SysWOW64\drivers32\Ulead PhotoImpact 8.x Serial Generator.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\MechWarrior IV No-Cd Crack.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Thief 2 No-Cd Crack.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Madden NFL 2003 No-Cd Crack.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Xenus Serial Generator.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\DOOM 3 Serial Generator.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File created	C:\Windows\SysWOW64\drivers32\NHL 2002 Serial Generator.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Internet Turbo 2003 5.x Serial Generator.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Medal of Honor - Allied Assault Breakthrough Serial Generator.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File created	C:\Windows\SysWOW64\drivers32\Download Accelerator Plus 5.3 Crack.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File created	C:\Windows\SysWOW64\drivers32\Kings of War Serial Generator.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File created	C:\Windows\SysWOW64\drivers32\Splinter Cell No-Cd Crack.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File created	C:\Windows\SysWOW64\drivers32\WinAce 2.x Serial Generator.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\DOOM III No-Cd Crack.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Shrek II No-Cd Crack.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File created	C:\Windows\SysWOW64\drivers32\Midtown Madness 2 Serial Generator.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File created	C:\Windows\SysWOW64\drivers32\Winamp 2.91 Crack.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\MechWarrior III No-Cd Crack.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\NASCAR Thunder 2003 No-Cd Crack.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Warlords IV - Heroes of Etheria Serial Generator.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File created	C:\Windows\SysWOW64\drivers32\Tiger Woods PGA TOUR 2003 No-Cd Crack.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Lord of the Rings - War of the Ring No-Cd Crack.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\NASCAR Racing 2003 Serial Generator.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Grand Theft Auto - Vice City Serial Generator.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Quake 3 Serial Generator.exe	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4648 wrote to memory of 3108	4648	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe	88
PID 4648 wrote to memory of 3108	4648	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe	88
PID 4648 wrote to memory of 3108	4648	d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe	88

C:\Users\Admin\AppData\Local\Temp\d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe
"C:\Users\Admin\AppData\Local\Temp\d5b1c49ba24e777626ca7ff3c4f5681753153054cc92b3db1139d07b6b39abed.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4648
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c c:\$$$$$.bat
  2⤵
  PID:3108

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\??\c:\$$$$$.bat

Filesize
264B

MD5
fcd6ae346b64eb19865185f9278081d8

SHA1
c388285d04a2fc949a5b88829e3a9e0c95ae9dee

SHA256
051e946bca9db31d534ad67a1f67c7ea8fb3d7b098503926703a815f188eb2e7

SHA512
f83d152ddde5d8ecce0c6a34b6baabff26ad7d62f9871798369487ce50aee4d7feda8bc54310d2825c25d4f4d92b1a2362beada3074db2cae80222338b204767

Download Submit
memory/4648-132-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/4648-133-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/4648-135-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download