93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98

Analysis

max time kernel
154s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/10/2022, 13:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
Size

683KB
MD5

a0a11597fb4e163954de831c40a554b0
SHA1

9327ad8bfeac86b858da7234fcf53140847b0777
SHA256

93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98
SHA512

63932f1fd91977cb1432c3a4359d635c0df7ff21f95b94407ec741a4adda4191e7aa443f215a7a64580f9b95c13102b279dfd508db0ff810c0058ff67fabe62c
SSDEEP

3072:352T3siXei5bcmP9JfUjW95kodkdwqcAmeG+XzWc8zhQ15:34xu2bFP5koedwhAmeG+6cKQv

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RUN\SvcHosts32 = "C:\\Windows\\system32\\svchosts.exe"	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\drivers32\Paint Shop Pro 8.x Crack.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File created	C:\Windows\SysWOW64\drivers32\FlashGet 1.3 Crack.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File created	C:\Windows\SysWOW64\drivers32\Midtown Madness II Serial Generator.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File created	C:\Windows\SysWOW64\drivers32\GetRight 5.0 Serial Generator.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\MechWarrior IV No-Cd Crack.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Quake 3 No-Cd Crack.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File created	C:\Windows\SysWOW64\drivers32\Nero Burning ROM 6.x Serial Generator.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File created	C:\Windows\SysWOW64\drivers32\Microangelo 6.x Serial Generator.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\IL-2 Sturmovik - Forgotten Battles No-Cd Crack.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Silent Hill III No-Cd Crack.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File created	C:\Windows\SysWOW64\drivers32\Thief 3 No-Cd Crack.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File created	C:\Windows\SysWOW64\drivers32\Soul Reaver III Serial Generator.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File created	C:\Windows\SysWOW64\drivers32\Madden NFL 2004 Serial Generator.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Download Accelerator Plus 5.3 Crack.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File created	C:\Windows\SysWOW64\drivers32\Divx 5.x Crack.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File created	C:\Windows\SysWOW64\drivers32\Star Trek - Elite Force II Serial Generator.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File created	C:\Windows\SysWOW64\drivers32\ICUII 5.x.exe.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Dark Age of Camelot - Trials of Atlantis No-Cd Crack.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File created	C:\Windows\SysWOW64\svchosts.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File created	C:\Windows\SysWOW64\drivers32\Etherlords II Serial Generator.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File created	C:\Windows\SysWOW64\drivers32\Network Cable e ADSL Speed 1.x Serial Generator.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\DOOM 3 No-Cd Crack.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File created	C:\Windows\SysWOW64\drivers32\Metal Gear Solid 2 Serial Generator.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File created	C:\Windows\SysWOW64\drivers32\Max Payne 2 - The Fall of Max Payne Serial Generator.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File created	C:\Windows\SysWOW64\drivers32\Ulead GIF Animator 6.x Serial Generator.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Railroad Tycoon III No-Cd Crack.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File created	C:\Windows\SysWOW64\drivers32\Conflict - Desert Storm II - Back to Baghdad Serial Generator.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File created	C:\Windows\SysWOW64\drivers32\MechWarrior V Serial Generator.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Battlefield 1942 - Secret Weapons of World War II No-Cd Crack.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File created	C:\Windows\SysWOW64\drivers32\Unreal Tournament 2003 No-Cd Crack.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File created	C:\Windows\SysWOW64\drivers32\WinZip 8.1 Crack.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File created	C:\Windows\SysWOW64\drivers32\PhotoShow 2.x Crack.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File created	C:\Windows\SysWOW64\drivers32\Nero Burning ROM 5.5.x Crack.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File created	C:\Windows\SysWOW64\drivers32\Raven Shield Serial Generator.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Macromedia Flash MX 6.x Crack.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Max Payne 2 - The Fall of Max Payne No-Cd Crack.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\WinZip 8.1 Crack.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File created	C:\Windows\SysWOW64\drivers32\Silent Hill 3 No-Cd Crack.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File created	C:\Windows\SysWOW64\drivers32\WinRAR 3.12 Crack.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File created	C:\Windows\SysWOW64\drivers32\SWiSH 2.x Crack.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File created	C:\Windows\SysWOW64\drivers32\Dark Age of Camelot - Trials of Atlantis Serial Generator.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Star Wars Jedi Knight - Jedi Academy No-Cd Crack.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\WinZip 8.0 Crack.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File created	C:\Windows\SysWOW64\drivers32\Etherlords II No-Cd Crack.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File created	C:\Windows\SysWOW64\drivers32\FireStarter No-Cd Crack.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File created	C:\Windows\SysWOW64\drivers32\Microangelo 5.58 Crack.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File created	C:\Windows\SysWOW64\drivers32\Silent Hill III Serial Generator.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Madden NFL 2004 No-Cd Crack.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\QuickTime 6.x Crack.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File created	C:\Windows\SysWOW64\drivers32\Splinter Cell No-Cd Crack.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File created	C:\Windows\SysWOW64\drivers32\Network Cable e ADSL Speed 1.x Crack.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File created	C:\Windows\SysWOW64\drivers32\Half-Life Serial Generator.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File created	C:\Windows\SysWOW64\drivers32\Ulead PhotoImpact 9.x Serial Generator.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\ICUII 5.x.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Xenus No-Cd Crack.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Ulead PhotoImpact 8.x Crack.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\NBA Live 2004 No-Cd Crack.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File created	C:\Windows\SysWOW64\drivers32\Download Accelerator Plus 5.3 Crack.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File created	C:\Windows\SysWOW64\drivers32\Hex Workshop Hex Editor 4.1 Crack.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File created	C:\Windows\SysWOW64\drivers32\WinZip 8.1 Serial Generator.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File created	C:\Windows\SysWOW64\drivers32\Download Accelerator Plus 5.3 Serial Generator.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File created	C:\Windows\SysWOW64\drivers32\Flight Simulator - Century of Flight Serial Generator.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File created	C:\Windows\SysWOW64\drivers32\DOOM III Serial Generator.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Harry Potter - Quidditch World Cup No-Cd Crack.exe	93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe

C:\Users\Admin\AppData\Local\Temp\93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe
"C:\Users\Admin\AppData\Local\Temp\93f190610c1fb54e8931305bbd6b8dff4925bc0c20c6cca786cb2d0c8294ab98.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:368

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/368-54-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/368-55-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download