Analysis
-
max time kernel
151s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
21/11/2022, 15:02
Behavioral task
behavioral1
Sample
88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe
Resource
win7-20221111-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe
-
Size
648KB
-
MD5
2e60309b60585d6a5850052add156dd0
-
SHA1
bedbdef70830cefe45b113764a23675573802e8d
-
SHA256
88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d
-
SHA512
8232ec7169cfb53338215f4b3b457cd63c4a8168085f1cc7851d41e22ad27a3269c023375ca40f8df8bf55c84c3bd0ae212198d73b150820c3ba2793d1b9f588
-
SSDEEP
1536:OKD0A2T3vLbsih9e8bTTpb/IgQmP9zKcTDB4w/UjlQ/dpKRqff:352T3siXei5bcmP9JfUjW
Score
6/10
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\SvcHosts32 = "C:\\Windows\\system32\\svchosts.exe" 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers32\DOOM III No-Cd Crack.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File created C:\Windows\SysWOW64\drivers32\MechWarrior 4 No-Cd Crack.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File created C:\Windows\SysWOW64\drivers32\SWiSH 2.0 Crack.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File created C:\Windows\SysWOW64\drivers32\MechWarrior III Serial Generator.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File opened for modification C:\Windows\SysWOW64\drivers32\Lord of the Rings - The Two Towers No-Cd Crack.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File created C:\Windows\SysWOW64\drivers32\Armor2net Personal Firewall 3.1 Crack.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File opened for modification C:\Windows\SysWOW64\drivers32\MusicMatch Jukebox 8.x Crack.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File opened for modification C:\Windows\SysWOW64\drivers32\SimCity IV Serial Generator.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File opened for modification C:\Windows\SysWOW64\drivers32\Conflict - Desert Storm II - Back to Baghdad Serial Generator.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File opened for modification C:\Windows\SysWOW64\drivers32\MVP Baseball 2003 Serial Generator.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File opened for modification C:\Windows\SysWOW64\drivers32\F1 2002 Serial Generator.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File created C:\Windows\SysWOW64\drivers32\UT 2004 No-Cd Crack.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File created C:\Windows\SysWOW64\drivers32\NASCAR Thunder 2004 No-Cd Crack.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File created C:\Windows\SysWOW64\drivers32\WinZip 9.x Crack.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File created C:\Windows\SysWOW64\drivers32\FIFA Soccer 2003 Serial Generator.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File created C:\Windows\SysWOW64\drivers32\Lord of the Rings - The Two Towers Serial Generator.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File opened for modification C:\Windows\SysWOW64\drivers32\mIRC 6.x Crack.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File opened for modification C:\Windows\SysWOW64\drivers32\Hex Workshop Hex Editor 4.1 Crack.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File created C:\Windows\SysWOW64\drivers32\Soul Reaver III No-Cd Crack.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File created C:\Windows\SysWOW64\drivers32\MechWarrior IV Serial Generator.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File created C:\Windows\SysWOW64\drivers32\SolSuite 2003 Serial Generator.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File opened for modification C:\Windows\SysWOW64\drivers32\NASCAR Thunder 2003 No-Cd Crack.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File opened for modification C:\Windows\SysWOW64\drivers32\Easy CD-DA Extractor 5.x Crack.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File created C:\Windows\SysWOW64\drivers32\WinZip 9.x Serial Generator.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File created C:\Windows\SysWOW64\drivers32\FlashFXP 1.x Serial Generator.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File opened for modification C:\Windows\SysWOW64\drivers32\Hex Workshop Hex Editor 4.1 Serial Generator.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File created C:\Windows\SysWOW64\drivers32\Madden NFL 2003 No-Cd Crack.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File created C:\Windows\SysWOW64\drivers32\Divx 5.x Crack.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File created C:\Windows\SysWOW64\drivers32\Raven Shield Serial Generator.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File opened for modification C:\Windows\SysWOW64\drivers32\Black & White 2 Serial Generator.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File created C:\Windows\SysWOW64\drivers32\NCAA Football 2004 Serial Generator.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File opened for modification C:\Windows\SysWOW64\drivers32\Neverwinter Nights - Shadows of Undrentide No-Cd Crack.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File opened for modification C:\Windows\SysWOW64\drivers32\Trinity No-Cd Crack.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File opened for modification C:\Windows\SysWOW64\drivers32\Madden NFL 2003 No-Cd Crack.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File opened for modification C:\Windows\SysWOW64\drivers32\Age of Mythology - The Titans No-Cd Crack.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File created C:\Windows\SysWOW64\drivers32\Quake 3 No-Cd Crack.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File created C:\Windows\SysWOW64\drivers32\WinRAR 3.11 Crack.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File created C:\Windows\SysWOW64\drivers32\Trinity Serial Generator.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File opened for modification C:\Windows\SysWOW64\drivers32\Praetorians No-Cd Crack.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File opened for modification C:\Windows\SysWOW64\drivers32\UT 2004 Serial Generator.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File opened for modification C:\Windows\SysWOW64\drivers32\Warcraft III - The Frozen Throne Serial Generator.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File opened for modification C:\Windows\SysWOW64\drivers32\Madden NFL 2003 Serial Generator.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File opened for modification C:\Windows\SysWOW64\drivers32\WindowBlinds 4.0 Crack.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File created C:\Windows\SysWOW64\drivers32\NCAA Football 2003 No-Cd Crack.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File created C:\Windows\SysWOW64\drivers32\WinZip 8.1 Crack.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File created C:\Windows\SysWOW64\drivers32\ICUII 5.x.exe.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File opened for modification C:\Windows\SysWOW64\drivers32\NASCAR Racing 2003 No-Cd Crack.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File opened for modification C:\Windows\SysWOW64\drivers32\Return to Castle Wolfenstein No-Cd Crack.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File opened for modification C:\Windows\SysWOW64\drivers32\NetPumper 1.03 Serial Generator.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File opened for modification C:\Windows\SysWOW64\drivers32\GetRight 5.0 Serial Generator.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File opened for modification C:\Windows\SysWOW64\drivers32\GetRight 5.x Serial Generator.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File created C:\Windows\SysWOW64\drivers32\Macromedia Flash MX 6.x Serial Generator.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File opened for modification C:\Windows\SysWOW64\drivers32\Nero Burning ROM 6.x Crack.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File opened for modification C:\Windows\SysWOW64\drivers32\Dark Age of Camelot - Trials of Atlantis Serial Generator.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File opened for modification C:\Windows\SysWOW64\drivers32\Commandos 3 - Destination Berlin Serial Generator.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File opened for modification C:\Windows\SysWOW64\drivers32\Adobe Photoshop 8.x Serial Generator.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File opened for modification C:\Windows\SysWOW64\drivers32\Microangelo 5.58 Serial Generator.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File opened for modification C:\Windows\SysWOW64\drivers32\WinZip 8.1 Crack.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File created C:\Windows\SysWOW64\drivers32\Thief 2 No-Cd Crack.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File created C:\Windows\SysWOW64\drivers32\UltraEdit-32 10.x Crack.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File created C:\Windows\SysWOW64\drivers32\Xenus Serial Generator.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File created C:\Windows\SysWOW64\drivers32\PhotoShow 2.0 Serial Generator.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File opened for modification C:\Windows\SysWOW64\drivers32\Kings of War No-Cd Crack.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe File created C:\Windows\SysWOW64\drivers32\Soul Reaver 3 Serial Generator.exe 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3612 wrote to memory of 4996 3612 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe 80 PID 3612 wrote to memory of 4996 3612 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe 80 PID 3612 wrote to memory of 4996 3612 88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe 80
Processes
-
C:\Users\Admin\AppData\Local\Temp\88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe"C:\Users\Admin\AppData\Local\Temp\88d466dc4481254f978ba674820a1b4a2b071c0441e79795780ab882221d833d.exe"1⤵
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:3612 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c c:\$$$$$.bat2⤵PID:4996
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
264B
MD5bac71cb6e094e035b535987c9c8b4f4e
SHA18c78809d3291c94da0767dbfb791b98ac07c13f9
SHA256a066eb91f76565f8c071b58b74d73a6c89f8a157f94ee735c1085a6757381548
SHA512aa0a4dd62decb6922064512ebd130de4c7f08969f15739bb6710ec664072d0a18f78b7612b22ef9e192a8367371881eb119e5b1555b90729cae57a3fadd875f4