20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a

Analysis

max time kernel
154s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
30-10-2022 05:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
Size

1.7MB
MD5

a3366b7b58a2647a330f6de9f6440930
SHA1

0a1f3e83ed782a5e5e625ab27727b0e3bbd5cf01
SHA256

20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a
SHA512

d76b079aa6ef0b6001ea9156db5ba5be756e3b9c98700142e53d989c8545e91e0f0bc0b1f3bdd48bbaa7093b8511b33f2ef6df370e32ef5fa0c3cfa836861873
SSDEEP

1536:OKD0A2T3vLbsih9e8bTTpb/IgQmP9zKcTDB4w/UjlQ/dpKRqvYGVp:352T3siXei5bcmP9JfUjWhp

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RUN\SvcHosts32 = "C:\\Windows\\system32\\svchosts.exe"	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers32\Trinity No-Cd Crack.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File created	C:\Windows\SysWOW64\drivers32\Madden NFL 2004 No-Cd Crack.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File created	C:\Windows\SysWOW64\drivers32\Ulead GIF Animator 5.x Serial Generator.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File created	C:\Windows\SysWOW64\drivers32\mIRC 6.03 Serial Generator.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Freedom - Soldiers of Liberty No-Cd Crack.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\NHL 2002 No-Cd Crack.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File created	C:\Windows\SysWOW64\drivers32\Thief III No-Cd Crack.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File created	C:\Windows\SysWOW64\drivers32\Half-Life Serial Generator.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File created	C:\Windows\SysWOW64\drivers32\Madden NFL 2003 Serial Generator.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Chrome No-Cd Crack.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Metal Gear Solid 3 No-Cd Crack.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Half-Life 2 No-Cd Crack.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File created	C:\Windows\SysWOW64\drivers32\Adobe Acrobat 5.x Crack.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File created	C:\Windows\SysWOW64\drivers32\Tiger Woods PGA TOUR 2003 Serial Generator.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\NCAA Football 2003 No-Cd Crack.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File created	C:\Windows\SysWOW64\drivers32\Civilization III - Conquest No-Cd Crack.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File created	C:\Windows\SysWOW64\drivers32\Warcraft 3 Serial Generator.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File created	C:\Windows\SysWOW64\drivers32\SWiSH 2.0 Serial Generator.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Max Payne 2 - The Fall of Max Payne No-Cd Crack.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File created	C:\Windows\SysWOW64\drivers32\Divx 5.x Crack.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Flight Simulator - Century of Flight No-Cd Crack.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File created	C:\Windows\SysWOW64\drivers32\UT 2003 No-Cd Crack.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File created	C:\Windows\SysWOW64\drivers32\NASCAR Racing 2003 No-Cd Crack.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File created	C:\Windows\SysWOW64\drivers32\Lord of the Rings - The Two Towers Serial Generator.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Half-Life II No-Cd Crack.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\MechWarrior 3 No-Cd Crack.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Shrek II No-Cd Crack.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Macromedia Flash MX 6.x Crack.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File created	C:\Windows\SysWOW64\drivers32\Thief 3 No-Cd Crack.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File created	C:\Windows\SysWOW64\drivers32\mIRC 6.x Crack.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File created	C:\Windows\SysWOW64\drivers32\F1 2002 Serial Generator.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File created	C:\Windows\SysWOW64\drivers32\Paint Shop Pro 8.x Serial Generator.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Midtown Madness 2 No-Cd Crack.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File created	C:\Windows\SysWOW64\drivers32\Warcraft III - The Frozen Throne No-Cd Crack.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File created	C:\Windows\SysWOW64\drivers32\QuickTime 6.x Crack.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File created	C:\Windows\SysWOW64\drivers32\Ulead PhotoImpact 9.x Crack.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File created	C:\Windows\SysWOW64\drivers32\Command & Conquer Generals Serial Generator.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Splinter Cell No-Cd Crack.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File created	C:\Windows\SysWOW64\drivers32\Knights of the Temple No-Cd Crack.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File created	C:\Windows\SysWOW64\drivers32\Harry Potter - Quidditch World Cup No-Cd Crack.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File created	C:\Windows\SysWOW64\drivers32\PhotoShow 2.0 Crack.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File created	C:\Windows\SysWOW64\drivers32\WinRAR 3.11 Serial Generator.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\EverQuest 2 No-Cd Crack.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Soul Reaver 3 No-Cd Crack.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File created	C:\Windows\SysWOW64\drivers32\DOOM III Serial Generator.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File created	C:\Windows\SysWOW64\drivers32\Lord of the Rings - War of the Ring Serial Generator.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\SimCity 4 Rush Hour No-Cd Crack.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\MechWarrior III No-Cd Crack.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File created	C:\Windows\SysWOW64\drivers32\Half-Life No-Cd Crack.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File created	C:\Windows\SysWOW64\drivers32\Black & White 2 No-Cd Crack.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File created	C:\Windows\SysWOW64\drivers32\Counter-Strike - Condition Zero No-Cd Crack.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Train Simulator 2 No-Cd Crack.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File created	C:\Windows\SysWOW64\drivers32\Hitman 3 No-Cd Crack.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File created	C:\Windows\SysWOW64\drivers32\WindowBlinds 4.x Crack.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File created	C:\Windows\SysWOW64\drivers32\Thief III Serial Generator.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File created	C:\Windows\SysWOW64\drivers32\Lord of the Rings - War of the Ring No-Cd Crack.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File created	C:\Windows\SysWOW64\drivers32\IconPackager 2.x Crack.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File created	C:\Windows\SysWOW64\drivers32\Ulead PhotoImpact 8.x Serial Generator.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File created	C:\Windows\SysWOW64\drivers32\IL-2 Sturmovik - Forgotten Battles No-Cd Crack.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File created	C:\Windows\SysWOW64\drivers32\Medal of Honor - Allied Assault Breakthrough No-Cd Crack.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File created	C:\Windows\SysWOW64\drivers32\Star Wars - Knights of the Old Republic Serial Generator.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File created	C:\Windows\SysWOW64\drivers32\NASCAR Thunder 2003 Serial Generator.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\FIFA Soccer 2004 No-Cd Crack.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Railroad Tycoon III No-Cd Crack.exe	20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe

C:\Users\Admin\AppData\Local\Temp\20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe
"C:\Users\Admin\AppData\Local\Temp\20f6c33281890f39ba022bb1f775ef1ca6f906a8c254fe6ccade64e5c6f4cb4a.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:1200

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1200-54-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/1200-55-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download