fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33

Analysis

max time kernel
151s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
07/11/2022, 01:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
Size

646KB
MD5

0eeecf147dcd7e90700fdd4c8636a1c6
SHA1

2d6e300de2cc9e911695e700b2636ca0a1a0812d
SHA256

fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33
SHA512

9107365dadec99319c13d50a36a8dda9df544da400674d54b069f93cc0da10e0a6aff3d27cd41ce29d73f7d6c85b65a9994be16e43d91c4a35c8535dadbf4e30
SSDEEP

3072:7+ZvkWp8qX96QfCDpMqrT4GmdVM3bXKCKk3T1a/PTYhA7Jf22QA6Ivv1tH/nSrNF:aZmqt6Qyiy3b6CR10TY8JOArF9S9

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RUN\SvcHosts32 = "C:\\Windows\\system32\\svchosts.exe"	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers32\GetRight 5.0 Crack.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File created	C:\Windows\SysWOW64\drivers32\Warlords IV - Heroes of Etheria Serial Generator.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File created	C:\Windows\SysWOW64\drivers32\Hitman 2 Serial Generator.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Madden NFL 2003 No-Cd Crack.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File created	C:\Windows\SysWOW64\drivers32\Soul Reaver 3 Serial Generator.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File created	C:\Windows\SysWOW64\drivers32\Commandos 3 - Destination Berlin Serial Generator.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File created	C:\Windows\SysWOW64\drivers32\Medal of Honor - Allied Assault Breakthrough Serial Generator.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File created	C:\Windows\SysWOW64\drivers32\Metal Gear Solid III Serial Generator.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File created	C:\Windows\SysWOW64\drivers32\PhotoShow 2.x Serial Generator.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File created	C:\Windows\SysWOW64\drivers32\Battlefield 1942 - The Road to Rome No-Cd Crack.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File created	C:\Windows\SysWOW64\drivers32\Lords of the Realm III Serial Generator.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File created	C:\Windows\SysWOW64\drivers32\MechWarrior III Serial Generator.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Train Simulator II No-Cd Crack.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Adobe Photoshop 8.x Crack.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File created	C:\Windows\SysWOW64\drivers32\Quake IV Serial Generator.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File created	C:\Windows\SysWOW64\drivers32\Nero Burning ROM 5.5.x Serial Generator.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Grand Theft Auto - Vice City No-Cd Crack.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File created	C:\Windows\SysWOW64\drivers32\Dark Age of Camelot - Trials of Atlantis Serial Generator.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File created	C:\Windows\SysWOW64\drivers32\Thief 2 Serial Generator.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File created	C:\Windows\SysWOW64\drivers32\Easy CD-DA Extractor 5.1 Serial Generator.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File created	C:\Windows\SysWOW64\drivers32\Macromedia Flash MX 6.x Serial Generator.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Madden NFL 2004 No-Cd Crack.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File created	C:\Windows\SysWOW64\drivers32\Half-Life No-Cd Crack.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File created	C:\Windows\SysWOW64\drivers32\Elder Scrolls III - Tribunal Serial Generator.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\The Sims Superstar No-Cd Crack.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Adobe Photoshop 7.x Crack.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Half-Life 2 No-Cd Crack.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File created	C:\Windows\SysWOW64\drivers32\Dark Age of Camelot - Trials of Atlantis No-Cd Crack.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File created	C:\Windows\SysWOW64\drivers32\Thief 3 No-Cd Crack.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File created	C:\Windows\SysWOW64\drivers32\NCAA Football 2003 No-Cd Crack.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File created	C:\Windows\SysWOW64\drivers32\Hitman III Serial Generator.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File created	C:\Windows\SysWOW64\drivers32\Shrek 2 Serial Generator.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File created	C:\Windows\SysWOW64\drivers32\ICUII 5.x.exe.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File created	C:\Windows\SysWOW64\drivers32\Raven Shield Serial Generator.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File created	C:\Windows\SysWOW64\drivers32\Winamp 2.91 Serial Generator.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\FIFA Soccer 2003 No-Cd Crack.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Delta Force - Black Hawk Down No-Cd Crack.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Conflict - Desert Storm II - Back to Baghdad No-Cd Crack.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\SolSuite 2003 Crack.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\KaZaA Speedup 3.03 Crack.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File created	C:\Windows\SysWOW64\drivers32\KaZaA Speedup 3.03 Crack.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File created	C:\Windows\SysWOW64\drivers32\Microangelo 5.58 Serial Generator.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\WinZip 8.1 Crack.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File created	C:\Windows\SysWOW64\drivers32\Age of Mythology - The Titans No-Cd Crack.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File created	C:\Windows\SysWOW64\drivers32\FIFA Soccer 2003 Serial Generator.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\FireStarter No-Cd Crack.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\GetRight 6.x Crack.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File created	C:\Windows\SysWOW64\drivers32\Neverwinter Nights - Shadows of Undrentide No-Cd Crack.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File created	C:\Windows\SysWOW64\drivers32\Quake III No-Cd Crack.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File created	C:\Windows\SysWOW64\drivers32\Silent Hill III Serial Generator.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File created	C:\Windows\SysWOW64\drivers32\Warlords 4 Serial Generator.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File created	C:\Windows\SysWOW64\drivers32\Trinity Serial Generator.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Quake IV No-Cd Crack.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\QuickTime 6.x Crack.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Warlords 4 No-Cd Crack.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File created	C:\Windows\SysWOW64\drivers32\SimCity 4 No-Cd Crack.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File created	C:\Windows\SysWOW64\drivers32\Internet Turbo 2003 5.x Crack.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File created	C:\Windows\SysWOW64\drivers32\FlashFXP 1.4 Crack.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File created	C:\Windows\SysWOW64\drivers32\Railroad Tycoon III Serial Generator.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File created	C:\Windows\SysWOW64\drivers32\PhotoShow 2.0 Serial Generator.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File created	C:\Windows\SysWOW64\drivers32\UltraEdit-32 10.x Serial Generator.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Knights of the Temple No-Cd Crack.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File created	C:\Windows\SysWOW64\drivers32\Half-Life Serial Generator.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Train Simulator 2 Serial Generator.exe	fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe

C:\Users\Admin\AppData\Local\Temp\fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe
"C:\Users\Admin\AppData\Local\Temp\fc2ceba7853ac449186891ce5cf8320106543e8e30ff0f2b9121877e6f447a33.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:848

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/848-54-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/848-55-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download