Analysis
-
max time kernel
190s -
max time network
207s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
20-10-2022 15:00
Behavioral task
behavioral1
Sample
f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe
-
Size
388KB
-
MD5
96305ee1d0384ad8bdb3be8edbab60b2
-
SHA1
06c86e995b33113bcf3274f9ba5951db441de5b8
-
SHA256
f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9
-
SHA512
1a4d50a89764e88dbcc150ae3238e316fd6429b92b6ce3451f60f55ff8ca5dfbf5c7bb457d3c4e02a2d431b988ddc828b97aac5acf769687a5897a0dfd602630
-
SSDEEP
1536:OKD0A2T3vLbsih9e8bTTpb/IgQmP9zKcTDB4w/UjlQ/dpKRq:352T3siXei5bcmP9JfUjW
Score
6/10
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\SvcHosts32 = "C:\\Windows\\system32\\svchosts.exe" f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\drivers32\Battlefield 1942 - The Road to Rome No-Cd Crack.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File opened for modification C:\Windows\SysWOW64\drivers32\Metal Gear Solid III No-Cd Crack.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File opened for modification C:\Windows\SysWOW64\drivers32\Harry Potter - Quidditch World Cup Serial Generator.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File created C:\Windows\SysWOW64\drivers32\Command & Conquer Generals No-Cd Crack.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File created C:\Windows\SysWOW64\drivers32\Trinity Serial Generator.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File opened for modification C:\Windows\SysWOW64\drivers32\Lords of EverQuest Serial Generator.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File created C:\Windows\SysWOW64\drivers32\Thief II Serial Generator.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File created C:\Windows\SysWOW64\drivers32\DAP Plus 5.3 Serial Generator.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File opened for modification C:\Windows\SysWOW64\drivers32\Knights of the Temple Serial Generator.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File opened for modification C:\Windows\SysWOW64\drivers32\Midtown Madness 2 Serial Generator.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File opened for modification C:\Windows\SysWOW64\drivers32\SWiSH 2.0 Serial Generator.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File created C:\Windows\SysWOW64\drivers32\NASCAR Racing 2003 No-Cd Crack.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File created C:\Windows\SysWOW64\drivers32\Midtown Madness II No-Cd Crack.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File created C:\Windows\SysWOW64\drivers32\DAP Plus 5.3 Crack.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File created C:\Windows\SysWOW64\drivers32\UT 2003 Serial Generator.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File opened for modification C:\Windows\SysWOW64\drivers32\UT 2004 No-Cd Crack.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File opened for modification C:\Windows\SysWOW64\drivers32\GeoWhere 2.x Serial Generator.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File created C:\Windows\SysWOW64\drivers32\Rainbow Six 3 - Raven Shield Serial Generator.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File created C:\Windows\SysWOW64\drivers32\GetRight 5.0 Serial Generator.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File opened for modification C:\Windows\SysWOW64\drivers32\Winamp 3.x Serial Generator.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File opened for modification C:\Windows\SysWOW64\drivers32\Network Cable e ADSL Speed 1.0.6 Serial Generator.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File opened for modification C:\Windows\SysWOW64\drivers32\NetPumper 1.03 Crack.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File opened for modification C:\Windows\SysWOW64\drivers32\Half-Life Serial Generator.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File opened for modification C:\Windows\SysWOW64\drivers32\Tomb Raider - The Angel of Darkness Serial Generator.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File created C:\Windows\SysWOW64\drivers32\DOOM III No-Cd Crack.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File opened for modification C:\Windows\SysWOW64\drivers32\Age of Mythology - The Titans Serial Generator.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File created C:\Windows\SysWOW64\drivers32\Midtown Madness II Serial Generator.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File created C:\Windows\SysWOW64\drivers32\Microangelo 5.58 Serial Generator.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File opened for modification C:\Windows\SysWOW64\drivers32\ZoneAlarm 3.8 Crack.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File opened for modification C:\Windows\SysWOW64\drivers32\NASCAR Thunder 2003 No-Cd Crack.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File opened for modification C:\Windows\SysWOW64\drivers32\Alpha Communicator 5.0 Crack.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File opened for modification C:\Windows\SysWOW64\drivers32\World War II - Frontline Command Serial Generator.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File created C:\Windows\SysWOW64\drivers32\Warcraft 3 No-Cd Crack.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File created C:\Windows\SysWOW64\drivers32\NCAA Football 2003 No-Cd Crack.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File created C:\Windows\SysWOW64\drivers32\Internet Turbo 2003 5.x Crack.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File created C:\Windows\SysWOW64\drivers32\FlashFXP 1.x Crack.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File created C:\Windows\SysWOW64\drivers32\IconPackager 2.x Crack.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File opened for modification C:\Windows\SysWOW64\drivers32\KaZaA Speedup 3.03 Serial Generator.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File created C:\Windows\SysWOW64\drivers32\Network Cable e ADSL Speed 1.0.6 Crack.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File created C:\Windows\SysWOW64\drivers32\Ulead GIF Animator 6.x Serial Generator.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File opened for modification C:\Windows\SysWOW64\drivers32\Metal Gear Solid No-Cd Crack.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File created C:\Windows\SysWOW64\drivers32\Medal of Honor - Allied Assault Breakthrough No-Cd Crack.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File created C:\Windows\SysWOW64\drivers32\Command & Conquer Generals Serial Generator.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File created C:\Windows\SysWOW64\drivers32\Star Trek - Elite Force II No-Cd Crack.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File created C:\Windows\SysWOW64\drivers32\ACDSee 2.4.x Crack.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File opened for modification C:\Windows\SysWOW64\drivers32\Lords of the Realm III No-Cd Crack.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File opened for modification C:\Windows\SysWOW64\drivers32\Metal Gear Solid Serial Generator.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File opened for modification C:\Windows\SysWOW64\drivers32\GetRight 6.x Serial Generator.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File opened for modification C:\Windows\SysWOW64\drivers32\ZoneAlarm 3.8x Serial Generator.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File opened for modification C:\Windows\SysWOW64\drivers32\LingoWare 3.0 Serial Generator.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File created C:\Windows\SysWOW64\drivers32\Age of Mythology - The Titans No-Cd Crack.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File created C:\Windows\SysWOW64\drivers32\Return to Castle Wolfenstein No-Cd Crack.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File opened for modification C:\Windows\SysWOW64\drivers32\EverQuest 2 No-Cd Crack.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File opened for modification C:\Windows\SysWOW64\drivers32\Xenus Serial Generator.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File opened for modification C:\Windows\SysWOW64\drivers32\Return to Castle Wolfenstein Serial Generator.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File created C:\Windows\SysWOW64\drivers32\Halo No-Cd Crack.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File created C:\Windows\SysWOW64\drivers32\Flight Simulator - Century of Flight No-Cd Crack.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File opened for modification C:\Windows\SysWOW64\drivers32\Madden NFL 2004 Serial Generator.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File opened for modification C:\Windows\SysWOW64\drivers32\GetRight 5.0 Serial Generator.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File opened for modification C:\Windows\SysWOW64\drivers32\MechWarrior 4 Serial Generator.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File opened for modification C:\Windows\SysWOW64\drivers32\Quake 3 Serial Generator.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File created C:\Windows\SysWOW64\drivers32\Freedom - Soldiers of Liberty No-Cd Crack.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File created C:\Windows\SysWOW64\drivers32\Microangelo 5.x Crack.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe File created C:\Windows\SysWOW64\drivers32\SimCity 4 Serial Generator.exe f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2764 wrote to memory of 3728 2764 f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe 82 PID 2764 wrote to memory of 3728 2764 f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe 82 PID 2764 wrote to memory of 3728 2764 f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe 82
Processes
-
C:\Users\Admin\AppData\Local\Temp\f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe"C:\Users\Admin\AppData\Local\Temp\f8a5389f69ae07300d0ac661cc229d8b803b6732b98d6c567b2336bf1fe8f0b9.exe"1⤵
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2764 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c c:\$$$$$.bat2⤵PID:3728
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
264B
MD51f840377f06526da9635a273d5748dfb
SHA1a33454c181cb8e15f7385c52e825f81c92531d2a
SHA256cda6b493cec5acc25c2f2b5cbe4d4ef8b85641015aeae96142a3cfebc8dbec0a
SHA51278823d9f6f983bdf39c0d6e10a6d2c61788442096b82eb1a9f05445f40cd6e6eeea3889c3febbb62c9e2ded05956b5698901db8940179a631fe9fecf8b930216