1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78

Analysis

max time kernel
255s
max time network
335s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 19:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
Size

568KB
MD5

53aa82eac338f576f8db3c9794ea95f6
SHA1

cda966a6812604545edb224bbf08cb6a26f1ec81
SHA256

1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78
SHA512

5c1e38ec618da6a641cf485bc9e9e804ab91ec2b8472ef03e9133877a77caaebe5363de6de445b8c54ee5f88df7db8bbf924d1ee2f081b5cd80fb443ce76873e
SSDEEP

3072:7+ZvkWp8qX96QfCDpMqrT4GmdVM3bXKCKk3T1a/PTYhA7Jf22QA6Ivv1tH/nSrNF:aZmqt6Qyiy3b6CR10TY8JOArF9S9

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RUN\SvcHosts32 = "C:\\Windows\\system32\\svchosts.exe"	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers32\Paint Shop Pro 9.x Crack.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\Unreal Tournament 2004 Serial Generator.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\UltraEdit-32 10.00b Serial Generator.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\WinAce 2.2 Serial Generator.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Dark Age of Camelot - Trials of Atlantis No-Cd Crack.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\Kings of War No-Cd Crack.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\FlashFXP 1.x Crack.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\Battlefield 1942 - Secret Weapons of World War II No-Cd Crack.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\MechWarrior 4 No-Cd Crack.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\MechWarrior V No-Cd Crack.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\Unreal Tournament 2003 Serial Generator.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\Praetorians Serial Generator.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\Shrek II Serial Generator.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\Microangelo 5.x Serial Generator.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\Railroad Tycoon III No-Cd Crack.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\Max Payne 2 - The Fall of Max Payne Serial Generator.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\The Sims Superstar No-Cd Crack.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\Hitman 3 No-Cd Crack.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\Ulead PhotoImpact 8.x Crack.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\Network Cable e ADSL Speed 1.x Crack.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\Macromedia Flash MX 6.x Serial Generator.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\FlashGet 1.3 Serial Generator.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Xenus No-Cd Crack.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\NHL 2002 No-Cd Crack.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\NASCAR Thunder 2003 No-Cd Crack.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\Easy CD-DA Extractor 5.1 Crack.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\SimCity 4 Serial Generator.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\Star Trek - Elite Force II Serial Generator.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\Direct Connect 1.x Serial Generator.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\Flight Simulator - Century of Flight No-Cd Crack.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\Delta Force - Black Hawk Down No-Cd Crack.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\Nero Burning ROM 6.x Crack.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\CloneCD 5.0 Crack.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\The Sims Superstar Serial Generator.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\EverQuest 2 Serial Generator.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\SWiSH 2.x Serial Generator.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\Civilization III - Conquest No-Cd Crack.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\Train Simulator 2 Serial Generator.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\FIFA Soccer 2004 No-Cd Crack.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\FireStarter Serial Generator.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\Warlords IV - Heroes of Etheria Serial Generator.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\NCAA Football 2004 Serial Generator.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\Black & White 2 Serial Generator.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\Hitman 2 Serial Generator.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\Ulead GIF Animator 5.x Serial Generator.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\GetRight 5.0 Serial Generator.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\Dark Age of Camelot - Trials of Atlantis No-Cd Crack.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\F1 2002 No-Cd Crack.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\ZoneAlarm 3.8 Crack.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Lords of the Realm III No-Cd Crack.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Lord of the Rings - The Two Towers No-Cd Crack.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\Metal Gear Solid 3 No-Cd Crack.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\Quake III No-Cd Crack.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\Sniper Elite - Berlin 1943 Serial Generator.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\FIFA Soccer 2004 Serial Generator.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\Command & Conquer Generals No-Cd Crack.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\Warcraft III No-Cd Crack.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\SimCity IV No-Cd Crack.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\MusicMatch Jukebox 8.x Crack.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\Alpha Communicator 5.0 Crack.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\PhotoShow 2.x Serial Generator.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\SWiSH 2.0 Serial Generator.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\UltraEdit-32 10.x Crack.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
File created	C:\Windows\SysWOW64\drivers32\IL-2 Sturmovik - Forgotten Battles Serial Generator.exe	1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe

C:\Users\Admin\AppData\Local\Temp\1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe
"C:\Users\Admin\AppData\Local\Temp\1635cbe033ae3f54429514512f5cb4a8f4e654523c415f2c8a0534de13c8be78.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:560

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/560-54-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/560-55-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download