a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e

General

Target

a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
Size

1005KB
MD5

01e95edf0093464654ceca276faea1b0
SHA1

a29bf9cbc190dd8a10531952beb9c7ea06df07d6
SHA256

a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e
SHA512

3c6cc754c2830cde522a637efe886afb5e372ae86f60a6f38298ba45cbf9c204f8315e5f86acc5158373ac18275b88e8bd707ece0f41bf9a9aa0919c26152381
SSDEEP

1536:OKD0A2T3vLbsih9e8bTTpb/IgQmP9zKcTDB4w/UjlQ/dpKRqk:352T3siXei5bcmP9JfUjW

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\SvcHosts32 = "C:\\Windows\\system32\\svchosts.exe"	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe

Drops file in System32 directory 64 IoCs

Processes:

a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers32\Silent Hill 3 No-Cd Crack.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File created	C:\Windows\SysWOW64\drivers32\Hitman 2 Serial Generator.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File created	C:\Windows\SysWOW64\drivers32\WinZip 9.x Serial Generator.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Tony Hawks Pro Skater 4 No-Cd Crack.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File created	C:\Windows\SysWOW64\drivers32\Battlefield 1942 - Secret Weapons of World War II No-Cd Crack.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Shrek II No-Cd Crack.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Dark Age of Camelot - Trials of Atlantis Serial Generator.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Harry Potter - Quidditch World Cup Serial Generator.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\WinZip 9.x Serial Generator.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File created	C:\Windows\SysWOW64\drivers32\Network Cable e ADSL Speed 1.x Crack.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File created	C:\Windows\SysWOW64\drivers32\FlashFXP 1.x Crack.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Star Wars - Knights of the Old Republic No-Cd Crack.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\WinAce 2.2 Crack.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Elder Scrolls III - Tribunal Serial Generator.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\GetRight 5.x Serial Generator.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File created	C:\Windows\SysWOW64\drivers32\Hitman III No-Cd Crack.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File created	C:\Windows\SysWOW64\drivers32\Quake 3 No-Cd Crack.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Sniper Elite - Berlin 1943 Serial Generator.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Quake 3 Serial Generator.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File created	C:\Windows\SysWOW64\drivers32\NHL 2003 No-Cd Crack.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File created	C:\Windows\SysWOW64\drivers32\mIRC 6.03 Crack.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File created	C:\Windows\SysWOW64\drivers32\Adobe Photoshop 7.x Serial Generator.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Raven Shield No-Cd Crack.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Star Wars Jedi Knight - Jedi Academy No-Cd Crack.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Praetorians Serial Generator.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Age of Wonders II - Shadow Magic Serial Generator.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\WinZip 8.0 Serial Generator.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Armor2net Personal Firewall 3.1 Serial Generator.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File created	C:\Windows\SysWOW64\drivers32\Midtown Madness II No-Cd Crack.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File created	C:\Windows\SysWOW64\drivers32\QuickTime 6.x Serial Generator.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\NetPumper 1.03 Crack.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\The Sims Superstar Serial Generator.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Winamp 2.91 Serial Generator.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\FlashFXP 1.4 Serial Generator.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File created	C:\Windows\SysWOW64\drivers32\Need for Speed Underground No-Cd Crack.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File created	C:\Windows\SysWOW64\drivers32\Macromedia Flash MX 6.x Crack.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File created	C:\Windows\SysWOW64\drivers32\Soul Reaver III Serial Generator.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File created	C:\Windows\SysWOW64\drivers32\Quake IV Serial Generator.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File created	C:\Windows\SysWOW64\drivers32\FlashFXP 1.x Serial Generator.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Return to Castle Wolfenstein Enemy Territory No-Cd Crack.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Battlefield 1942 - The Road to Rome Serial Generator.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File created	C:\Windows\SysWOW64\drivers32\Age of Mythology - The Titans No-Cd Crack.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File created	C:\Windows\SysWOW64\drivers32\Ulead PhotoImpact 9.x Crack.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File created	C:\Windows\SysWOW64\drivers32\ZoneAlarm 3.7.143 Serial Generator.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\NCAA Football 2004 No-Cd Crack.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\ICUII 5.7 Crack.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Railroad Tycoon III Serial Generator.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\World War II - Frontline Command Serial Generator.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Adobe Photoshop 7.x Serial Generator.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File created	C:\Windows\SysWOW64\drivers32\Train Simulator 2 No-Cd Crack.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File created	C:\Windows\SysWOW64\drivers32\Internet Turbo 2003 5.4 Crack.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File created	C:\Windows\SysWOW64\drivers32\Hitman III Serial Generator.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File created	C:\Windows\SysWOW64\drivers32\ICUII 5.x.exe.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File created	C:\Windows\SysWOW64\drivers32\Hex Workshop Hex Editor 4.1 Serial Generator.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Commandos 3 - Destination Berlin No-Cd Crack.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\DOOM 3 No-Cd Crack.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File created	C:\Windows\SysWOW64\drivers32\Lords of EverQuest Serial Generator.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\FIFA Soccer 2004 No-Cd Crack.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\F1 2002 No-Cd Crack.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Network Cable e ADSL Speed 1.0.6 Crack.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Battlefield 1942 - Secret Weapons of World War II Serial Generator.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Need for Speed Underground Serial Generator.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Age of Mythology - The Titans No-Cd Crack.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
File created	C:\Windows\SysWOW64\drivers32\NCAA Football 2004 No-Cd Crack.exe	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe

description	pid	process	target process
PID 1316 wrote to memory of 4180	1316	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe	cmd.exe
PID 1316 wrote to memory of 4180	1316	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe	cmd.exe
PID 1316 wrote to memory of 4180	1316	a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe
"C:\Users\Admin\AppData\Local\Temp\a21da680f8dac0e06fb986573b97c67ace320192f75f393df17893ca68e8922e.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1316

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c c:\$$$$$.bat
2⤵
PID:4180

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\??\c:\$$$$$.bat
Filesize
264B

MD5
3a5d8c3a51af32555f55ec7f9cc4ff36

SHA1
f7df2edf654112d6a6cb3e239b3be18839263483

SHA256
0dc3b176ca8167848a64f825a425167b66c7ed8a8409dbebb0290d361aab9f64

SHA512
7a799574aaf66ff52b98043c75b1f9f32cb3a8d9fb35ce7d5265594747352f9051ef92351b028b0c149bfcd329217a595e5039a91a7c30913e3fdb94da6e38cc

Download Submit
memory/1316-132-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/1316-133-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/1316-135-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/4180-134-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads