c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515

Analysis

max time kernel
136s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2022, 14:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
Size

231KB
MD5

633d6cadf426ae145f9e4f9e2f01b87b
SHA1

975512f82055635b28ccce5b87b7fbf750786eb5
SHA256

c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515
SHA512

3d9fe2aec6a3116f7783ead51b17d7c29534e315e6b1c18e0b5f50f7fadda3ffc0b9054de86c1344fa57546e15e37f3a537755d0f5f804c7edb03cadb78dc9b0
SSDEEP

1536:OKD0A2T3vLbsih9e8bTTpb/IgQmP9zKcTDB4w/UjlQ/dpKRq:352T3siXei5bcmP9JfUjW

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\SvcHosts32 = "C:\\Windows\\system32\\svchosts.exe"	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers32\Tomb Raider - The Angel of Darkness Serial Generator.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File created	C:\Windows\SysWOW64\drivers32\Sniper Elite - Berlin 1943 Serial Generator.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File created	C:\Windows\SysWOW64\drivers32\ZoneAlarm 3.7.143 Serial Generator.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\FireStarter No-Cd Crack.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Praetorians No-Cd Crack.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Dark Age of Camelot - Trials of Atlantis Serial Generator.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Soul Reaver III Serial Generator.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Thief III Serial Generator.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Easy CD-DA Extractor 5.x Serial Generator.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File created	C:\Windows\SysWOW64\drivers32\Nero Burning ROM 6.x Crack.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File created	C:\Windows\SysWOW64\drivers32\Dark Age of Camelot - Trials of Atlantis Serial Generator.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File created	C:\Windows\SysWOW64\drivers32\MechWarrior 4 Serial Generator.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Alpha Communicator 5.0 Crack.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\ZoneAlarm 3.x Serial Generator.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File created	C:\Windows\SysWOW64\drivers32\MechWarrior IV No-Cd Crack.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Tony Hawks Pro Skater 4 No-Cd Crack.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File created	C:\Windows\SysWOW64\drivers32\Half-Life 2 No-Cd Crack.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File created	C:\Windows\SysWOW64\drivers32\ICUII 5.x.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\IconPackager 2.12 Crack.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\MechWarrior 5 Serial Generator.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File created	C:\Windows\SysWOW64\drivers32\Quake III No-Cd Crack.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File created	C:\Windows\SysWOW64\drivers32\PhotoShow 2.0 Crack.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File created	C:\Windows\SysWOW64\drivers32\NASCAR Thunder 2004 Serial Generator.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Freedom - Soldiers of Liberty No-Cd Crack.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\WinRAR 3.12 Serial Generator.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Adobe Photoshop 7.x Serial Generator.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File created	C:\Windows\SysWOW64\drivers32\Xenus No-Cd Crack.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File created	C:\Windows\SysWOW64\drivers32\Quake IV No-Cd Crack.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File created	C:\Windows\SysWOW64\drivers32\Adobe Acrobat 5.x Crack.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File created	C:\Windows\SysWOW64\drivers32\WS_FTP 5.x Crack.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File created	C:\Windows\SysWOW64\drivers32\Alpha Communicator 5.0 Serial Generator.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File created	C:\Windows\SysWOW64\drivers32\Download Accelerator Plus 5.3 Serial Generator.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File created	C:\Windows\SysWOW64\drivers32\GetRight 5.x Serial Generator.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File created	C:\Windows\SysWOW64\drivers32\UltraEdit-32 10.x Serial Generator.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File created	C:\Windows\SysWOW64\drivers32\Microangelo 6.x Serial Generator.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Metal Gear Solid 2 No-Cd Crack.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Age of Wonders II - Shadow Magic No-Cd Crack.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Nero Burning ROM 6.x Serial Generator.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File created	C:\Windows\SysWOW64\drivers32\Counter-Strike - Condition Zero No-Cd Crack.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File created	C:\Windows\SysWOW64\drivers32\Hitman III Serial Generator.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Flight Simulator - Century of Flight No-Cd Crack.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\NASCAR Racing 2003 No-Cd Crack.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\NASCAR Thunder 2004 No-Cd Crack.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Winamp 2.91 Crack.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\UltraEdit-32 10.00b Serial Generator.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File created	C:\Windows\SysWOW64\drivers32\Warlords IV - Heroes of Etheria No-Cd Crack.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File created	C:\Windows\SysWOW64\drivers32\World War II - Frontline Command Serial Generator.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Tomb Raider - The Angel of Darkness No-Cd Crack.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Warcraft III No-Cd Crack.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\WinZip 8.0 Crack.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Unreal Tournament 2004 Serial Generator.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\NASCAR Thunder 2004 Serial Generator.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\MechWarrior IV Serial Generator.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\PhotoShow 2.x Serial Generator.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\KaZaA Speedup 3.03 Serial Generator.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File created	C:\Windows\SysWOW64\drivers32\Hitman II No-Cd Crack.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File created	C:\Windows\SysWOW64\drivers32\GeoWhere 2.11 Crack.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\FireStarter Serial Generator.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Metal Gear Solid 2 Serial Generator.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Command & Conquer Generals Serial Generator.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Internet Turbo 2003 5.x Serial Generator.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File created	C:\Windows\SysWOW64\drivers32\Age of Wonders II - Shadow Magic No-Cd Crack.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File created	C:\Windows\SysWOW64\drivers32\MechWarrior 4 No-Cd Crack.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
File created	C:\Windows\SysWOW64\drivers32\WinRAR 3.11 Crack.exe	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3600 wrote to memory of 4860	3600	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe	83
PID 3600 wrote to memory of 4860	3600	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe	83
PID 3600 wrote to memory of 4860	3600	c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe	83

C:\Users\Admin\AppData\Local\Temp\c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe
"C:\Users\Admin\AppData\Local\Temp\c57d1ac838565c272795e44338daa096d23267d7a1658116cad8d88f64dc8515.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:3600
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c c:\$$$$$.bat
  2⤵
  PID:4860

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\??\c:\$$$$$.bat

Filesize
264B

MD5
de5f3ece3bd2ddcd5fbfe112986e5771

SHA1
230152d85907fe6cfcc70626f1688288a4018566

SHA256
b13201fb665437dbddc56fd59d31f295258eecb8534344269483a65008524530

SHA512
58a50fd4d384e09ca0066c6c7aa0d9ff77fad52e6dc8346cb71a8059f18ac165a4cf3c857b385ba8351c784a4903ca76378ecdd51efae3656351aa1bfe5935fb

Download Submit
memory/3600-132-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/3600-133-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/3600-135-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download