a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2

Analysis

max time kernel
151s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
25/11/2022, 19:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
Size

891KB
MD5

0863acc1fbebc7a896bf4c325d4842f0
SHA1

cbf348f6235149fed32c04dc4b7e16db6ac8f178
SHA256

a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2
SHA512

293be785945cfba190805b83ba5e6e2c117fa754063d0736480bba9d45210e853f759ac6594cdd2b02afdd703745a6ebabe835402629b10a4aadf13fabe65d5a
SSDEEP

1536:OKD0A2T3vLbsih9e8bTTpb/IgQmP9zKcTDB4w/UjlQ/dpKRqk:352T3siXei5bcmP9JfUjW

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RUN\SvcHosts32 = "C:\\Windows\\system32\\svchosts.exe"	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers32\Lords of EverQuest Serial Generator.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File created	C:\Windows\SysWOW64\drivers32\Raven Shield Serial Generator.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File created	C:\Windows\SysWOW64\drivers32\Hitman 2 Serial Generator.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File created	C:\Windows\SysWOW64\drivers32\Quake IV Serial Generator.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File created	C:\Windows\SysWOW64\drivers32\Metal Gear Solid 2 No-Cd Crack.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File created	C:\Windows\SysWOW64\drivers32\Star Trek - Elite Force II No-Cd Crack.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File created	C:\Windows\SysWOW64\drivers32\Ulead PhotoImpact 9.x Crack.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File created	C:\Windows\SysWOW64\drivers32\NetPumper 1.03 Crack.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File created	C:\Windows\SysWOW64\drivers32\IconPackager 2.x Crack.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File created	C:\Windows\SysWOW64\drivers32\Quake 3 Serial Generator.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File created	C:\Windows\SysWOW64\drivers32\WindowBlinds 4.x Serial Generator.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Quake 4 No-Cd Crack.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Lords of EverQuest No-Cd Crack.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File created	C:\Windows\SysWOW64\drivers32\Thief III No-Cd Crack.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\ZoneAlarm 3.8 Crack.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File created	C:\Windows\SysWOW64\drivers32\ZoneAlarm 3.7.143 Serial Generator.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File created	C:\Windows\SysWOW64\drivers32\Flight Simulator - Century of Flight Serial Generator.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File created	C:\Windows\SysWOW64\drivers32\Quake 4 Serial Generator.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File created	C:\Windows\SysWOW64\drivers32\Divx 5.x Serial Generator.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File created	C:\Windows\SysWOW64\drivers32\WindowBlinds 4.0 Serial Generator.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\MechWarrior V No-Cd Crack.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Ulead PhotoImpact 9.x Crack.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Half-Life II Serial Generator.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File created	C:\Windows\SysWOW64\drivers32\Max Payne 2 - The Fall of Max Payne No-Cd Crack.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File created	C:\Windows\SysWOW64\drivers32\WinAce 2.x Crack.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File created	C:\Windows\SysWOW64\drivers32\SolSuite 2003 Crack.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File created	C:\Windows\SysWOW64\drivers32\Easy CD-DA Extractor 5.1 Crack.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File created	C:\Windows\SysWOW64\drivers32\CloneCD 5.0 Crack.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File created	C:\Windows\SysWOW64\drivers32\Hitman III Serial Generator.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File created	C:\Windows\SysWOW64\drivers32\NHL 2002 Serial Generator.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File created	C:\Windows\SysWOW64\drivers32\WinAce 2.2 Serial Generator.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File created	C:\Windows\SysWOW64\drivers32\ICUII 5.x.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File created	C:\Windows\SysWOW64\drivers32\WS_FTP 5.x Crack.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Unreal Tournament 2004 Serial Generator.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File created	C:\Windows\SysWOW64\drivers32\Microangelo 6.x Serial Generator.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File created	C:\Windows\SysWOW64\drivers32\PhotoShow 2.x Serial Generator.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File created	C:\Windows\SysWOW64\drivers32\LingoWare 3.0 Serial Generator.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\SimCity 4 No-Cd Crack.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\QuickTime 6.x Crack.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File created	C:\Windows\SysWOW64\drivers32\Soul Reaver III Serial Generator.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File created	C:\Windows\SysWOW64\drivers32\Midtown Madness III Serial Generator.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Train Simulator 2 Serial Generator.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File created	C:\Windows\SysWOW64\drivers32\MechWarrior 4 Serial Generator.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File created	C:\Windows\SysWOW64\drivers32\Half-Life No-Cd Crack.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File created	C:\Windows\SysWOW64\drivers32\Warcraft III - The Frozen Throne Serial Generator.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File created	C:\Windows\SysWOW64\drivers32\Civilization III - Conquest Serial Generator.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File created	C:\Windows\SysWOW64\drivers32\MechWarrior V Serial Generator.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Star Trek - Elite Force II No-Cd Crack.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Metal Gear Solid III No-Cd Crack.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\FlashFXP 1.4 Crack.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File created	C:\Windows\SysWOW64\drivers32\FireStarter No-Cd Crack.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File created	C:\Windows\SysWOW64\drivers32\Silent Hill III No-Cd Crack.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\NHL 2003 No-Cd Crack.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\mIRC 6.03 Crack.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\CloneCD 5.0 Crack.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File created	C:\Windows\SysWOW64\drivers32\Lords of the Realm III No-Cd Crack.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\NCAA Football 2004 No-Cd Crack.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File created	C:\Windows\SysWOW64\drivers32\Lord of the Rings - The Two Towers No-Cd Crack.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File created	C:\Windows\SysWOW64\drivers32\Adobe Photoshop 8.x Crack.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File created	C:\Windows\SysWOW64\drivers32\GetRight 5.0 Crack.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File created	C:\Windows\SysWOW64\drivers32\Splinter Cell Serial Generator.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File created	C:\Windows\SysWOW64\drivers32\Return to Castle Wolfenstein Serial Generator.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File created	C:\Windows\SysWOW64\drivers32\Silent Hill III Serial Generator.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Silent Hill III No-Cd Crack.exe	a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe

C:\Users\Admin\AppData\Local\Temp\a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe
"C:\Users\Admin\AppData\Local\Temp\a6afcd3c326323fc0583e6c8865f9d7b89b9628cfa8a3ef7d219ed9e2b7681c2.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:1144

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1144-54-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/1144-55-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download