436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9

Analysis

max time kernel
106s
max time network
178s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19/10/2022, 13:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
Size

646KB
MD5

a20cb4571fdf32c654763508eb3e5860
SHA1

2725dcbda472d394040bb1f529c1f465b3b77520
SHA256

436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9
SHA512

08687499d93b1ebba06bc306bf206ede927540c60494659dc102eec6666a887ac6f43f8ad9e2a7ba668f23183afed645ade26bd6b88a0f40d5dcadf912a3dbde
SSDEEP

1536:OKD0A2T3vLbsih9e8bTTpb/IgQmP9zKcTDB4w/UjlQ/dpKRqvYGVpRlBSvPo2Ght:352T3siXei5bcmP9JfUjWhpE

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\SvcHosts32 = "C:\\Windows\\system32\\svchosts.exe"	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\drivers32\Lord of the Rings - The Two Towers Serial Generator.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Hitman II Serial Generator.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File created	C:\Windows\SysWOW64\drivers32\DOOM 3 No-Cd Crack.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File created	C:\Windows\SysWOW64\drivers32\EverQuest 2 Serial Generator.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Kings of War No-Cd Crack.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Madden NFL 2004 No-Cd Crack.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Nero Burning ROM 6.x Crack.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File created	C:\Windows\SysWOW64\drivers32\FireStarter No-Cd Crack.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File created	C:\Windows\SysWOW64\drivers32\Kings of War No-Cd Crack.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File created	C:\Windows\SysWOW64\drivers32\MechWarrior V Serial Generator.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\The Sims Superstar No-Cd Crack.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\FlashGet 1.3 Crack.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\UltraEdit-32 10.x Crack.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Winamp 3.x Serial Generator.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Microangelo 5.58 Serial Generator.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File created	C:\Windows\SysWOW64\drivers32\Thief 2 No-Cd Crack.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Train Simulator 2 Serial Generator.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File created	C:\Windows\SysWOW64\drivers32\MechWarrior 3 Serial Generator.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Ulead GIF Animator 6.x Crack.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File created	C:\Windows\SysWOW64\drivers32\Midtown Madness II Serial Generator.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File created	C:\Windows\SysWOW64\drivers32\Ulead PhotoImpact 9.x Serial Generator.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File created	C:\Windows\SysWOW64\drivers32\Internet Turbo 2003 5.x Serial Generator.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File created	C:\Windows\SysWOW64\drivers32\mIRC 6.03 Serial Generator.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File created	C:\Windows\SysWOW64\drivers32\Praetorians No-Cd Crack.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File created	C:\Windows\SysWOW64\drivers32\Grand Theft Auto - Vice City No-Cd Crack.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File created	C:\Windows\SysWOW64\drivers32\Internet Turbo 2003 5.x Crack.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File created	C:\Windows\SysWOW64\drivers32\SimCity 4 Rush Hour Serial Generator.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\NCAA Football 2003 No-Cd Crack.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Alpha Communicator 5.0 Crack.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Thief II No-Cd Crack.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File created	C:\Windows\SysWOW64\drivers32\Trinity No-Cd Crack.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File created	C:\Windows\SysWOW64\drivers32\FlashGet 1.x Crack.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File created	C:\Windows\SysWOW64\drivers32\UltraEdit-32 10.00b Serial Generator.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Need for Speed Underground No-Cd Crack.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File created	C:\Windows\SysWOW64\drivers32\FIFA Soccer 2003 Serial Generator.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File created	C:\Windows\SysWOW64\drivers32\FlashFXP 1.x Serial Generator.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\QuickTime 6.x Crack.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\WindowBlinds 4.0 Serial Generator.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File created	C:\Windows\SysWOW64\drivers32\Divx 5.x Serial Generator.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File created	C:\Windows\SysWOW64\drivers32\WinZip 9.x Serial Generator.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Metal Gear Solid No-Cd Crack.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Railroad Tycoon III No-Cd Crack.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File created	C:\Windows\SysWOW64\drivers32\Hitman 2 No-Cd Crack.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File created	C:\Windows\SysWOW64\drivers32\NCAA Football 2004 No-Cd Crack.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File created	C:\Windows\SysWOW64\drivers32\Internet Download Manager 3.15 Crack.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File created	C:\Windows\SysWOW64\drivers32\Harry Potter - Quidditch World Cup Serial Generator.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Ulead PhotoImpact 8.x Crack.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Commandos 3 - Destination Berlin Serial Generator.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Hitman 2 Serial Generator.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File created	C:\Windows\SysWOW64\drivers32\Battlefield 1942 - The Road to Rome Serial Generator.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Star Wars Jedi Knight - Jedi Academy Serial Generator.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Macromedia Flash MX 6.x Serial Generator.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File created	C:\Windows\SysWOW64\drivers32\FIFA Soccer 2004 No-Cd Crack.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File created	C:\Windows\SysWOW64\drivers32\Star Wars Jedi Knight - Jedi Academy No-Cd Crack.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File created	C:\Windows\SysWOW64\drivers32\Sniper Elite - Berlin 1943 Serial Generator.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File created	C:\Windows\SysWOW64\drivers32\Black & White 2 Serial Generator.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File created	C:\Windows\SysWOW64\drivers32\Shrek II No-Cd Crack.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File created	C:\Windows\SysWOW64\drivers32\Winamp 2.91 Serial Generator.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\WinRAR 3.12 Crack.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\WinZip 8.1 Serial Generator.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Thief 3 No-Cd Crack.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Internet Download Manager 3.15 Crack.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\ACDSee 2.4.x Crack.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Train Simulator II Serial Generator.exe	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1512 wrote to memory of 1200	1512	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe	82
PID 1512 wrote to memory of 1200	1512	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe	82
PID 1512 wrote to memory of 1200	1512	436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe	82

C:\Users\Admin\AppData\Local\Temp\436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe
"C:\Users\Admin\AppData\Local\Temp\436034a41f567fcb1d0184562d683e724a3253bd054e25d9161b959ff836f6d9.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1512
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c c:\$$$$$.bat
  2⤵
  PID:1200

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\??\c:\$$$$$.bat

Filesize
264B

MD5
4838b5ead790a2b04e585e2334dff7c1

SHA1
f72cae5f3eae4395cb454e6720f0357f26a1f339

SHA256
d04a8ec95daf3b7a8d23110e1b3b999f7e6c519518776aad941c81c1bd422dbb

SHA512
26b5f4badf94ccd5147b6e83136134cebafbf6a8619af2dd5f7e765ad40adbe17485fe38e93f91db3f734510ee2a9e0821c06d583b2ad51594b8c59ff862adbc

Download Submit
memory/1512-132-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/1512-133-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/1512-135-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download