3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959

Analysis

max time kernel
151s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
03/10/2022, 21:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
Size

2.9MB
MD5

634f59b2b96923c74ac7fc76821cfc18
SHA1

061ae150a0be919e28aefd2142b2d493ecb2f44e
SHA256

3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959
SHA512

0f96e4184f5d74744dc9c33bcfee9ee9b1f14286ff096cefad729005bb5f8db340305b5f13231779235a023cfded001ea7cc27e4b7c5cae476ca3cfe5b21b6fe
SSDEEP

1536:OKD0A2T3vLbsih9e8bTTpb/IgQmP9zKcTDB4w/UjlQ/dpKRq:352T3siXei5bcmP9JfUjW

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RUN\SvcHosts32 = "C:\\Windows\\system32\\svchosts.exe"	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers32\MechWarrior V Serial Generator.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File created	C:\Windows\SysWOW64\drivers32\SnagIt 6.2.2 Serial Generator.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Commandos 3 - Destination Berlin No-Cd Crack.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\DAP Plus 5.3 Crack.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File created	C:\Windows\SysWOW64\drivers32\Train Simulator 2 No-Cd Crack.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File created	C:\Windows\SysWOW64\drivers32\Half-Life Serial Generator.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File created	C:\Windows\SysWOW64\drivers32\WinRAR 3.11 Crack.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File created	C:\Windows\SysWOW64\drivers32\Shrek II Serial Generator.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File created	C:\Windows\SysWOW64\drivers32\MVP Baseball 2003 Serial Generator.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\NBA Live 2003 Serial Generator.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File created	C:\Windows\SysWOW64\drivers32\Ad-aware 6.0 Serial Generator.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\MechWarrior III No-Cd Crack.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File created	C:\Windows\SysWOW64\drivers32\Age of Wonders II - Shadow Magic No-Cd Crack.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File created	C:\Windows\SysWOW64\drivers32\Midtown Madness III No-Cd Crack.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\PhotoShow 2.x Crack.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File created	C:\Windows\SysWOW64\drivers32\SimCity 4 Rush Hour No-Cd Crack.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File created	C:\Windows\SysWOW64\drivers32\GetRight 5.0 Crack.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File created	C:\Windows\SysWOW64\drivers32\Etherlords II Serial Generator.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File created	C:\Windows\SysWOW64\drivers32\Midtown Madness 2 Serial Generator.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\NHL 2002 No-Cd Crack.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File created	C:\Windows\SysWOW64\drivers32\Unreal Tournament 2003 No-Cd Crack.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File created	C:\Windows\SysWOW64\drivers32\Metal Gear Solid 2 No-Cd Crack.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File created	C:\Windows\SysWOW64\drivers32\FIFA Soccer 2004 Serial Generator.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File created	C:\Windows\SysWOW64\drivers32\SimCity 4 Rush Hour Serial Generator.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File created	C:\Windows\SysWOW64\drivers32\Hitman II Serial Generator.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File created	C:\Windows\SysWOW64\drivers32\Ad-aware 6.0 Crack.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File created	C:\Windows\SysWOW64\drivers32\Ulead GIF Animator 5.x Crack.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File created	C:\Windows\SysWOW64\drivers32\Quake IV Serial Generator.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File created	C:\Windows\SysWOW64\drivers32\NHL 2003 Serial Generator.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Unreal Tournament 2003 No-Cd Crack.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Metal Gear Solid III No-Cd Crack.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Madden NFL 2003 No-Cd Crack.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File created	C:\Windows\SysWOW64\drivers32\Thief II No-Cd Crack.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File created	C:\Windows\SysWOW64\drivers32\MusicMatch Jukebox 8.0 Crack.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File created	C:\Windows\SysWOW64\drivers32\Macromedia Flash MX 6.x Crack.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\FireStarter No-Cd Crack.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Download Accelerator Plus 5.3 Crack.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\NBA Live 2003 No-Cd Crack.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File created	C:\Windows\SysWOW64\drivers32\Ulead GIF Animator 6.x Serial Generator.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File created	C:\Windows\SysWOW64\drivers32\FlashGet 1.x Serial Generator.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Metal Gear Solid No-Cd Crack.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Battlefield 1942 - Secret Weapons of World War II No-Cd Crack.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File created	C:\Windows\SysWOW64\drivers32\Warlords IV - Heroes of Etheria Serial Generator.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File created	C:\Windows\SysWOW64\drivers32\WinZip 8.0 Serial Generator.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File created	C:\Windows\SysWOW64\drivers32\ZoneAlarm 3.7.143 Serial Generator.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File created	C:\Windows\SysWOW64\drivers32\Ulead PhotoImpact 9.x Serial Generator.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Tomb Raider - The Angel of Darkness No-Cd Crack.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Neverwinter Nights - Shadows of Undrentide No-Cd Crack.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\NCAA Football 2004 No-Cd Crack.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\NetPumper 1.03 Crack.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File created	C:\Windows\SysWOW64\drivers32\Railroad Tycoon III Serial Generator.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File created	C:\Windows\SysWOW64\drivers32\DAP Plus 5.3 Serial Generator.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File created	C:\Windows\SysWOW64\drivers32\Star Wars Jedi Knight - Jedi Academy No-Cd Crack.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File created	C:\Windows\SysWOW64\drivers32\Lords of the Realm III No-Cd Crack.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File created	C:\Windows\SysWOW64\drivers32\Silent Hill 3 No-Cd Crack.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File created	C:\Windows\SysWOW64\drivers32\Tiger Woods PGA TOUR 2002 No-Cd Crack.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File created	C:\Windows\SysWOW64\drivers32\Trinity Serial Generator.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File created	C:\Windows\SysWOW64\drivers32\Tiger Woods PGA TOUR 2002 Serial Generator.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\ZoneAlarm 3.7.143 Crack.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File created	C:\Windows\SysWOW64\drivers32\Commandos 3 - Destination Berlin No-Cd Crack.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File created	C:\Windows\SysWOW64\drivers32\Soul Reaver III No-Cd Crack.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File created	C:\Windows\SysWOW64\drivers32\Max Payne 2 - The Fall of Max Payne Serial Generator.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File created	C:\Windows\SysWOW64\drivers32\Hitman 3 Serial Generator.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Knights of the Temple No-Cd Crack.exe	3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe

C:\Users\Admin\AppData\Local\Temp\3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe
"C:\Users\Admin\AppData\Local\Temp\3cb8d6bad8a6341f651f13c833bf9ae5bc79e5cc82f238b73d12389d5d816959.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:1224

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1224-54-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/1224-55-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download