8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf

Analysis

max time kernel
157s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
27/11/2022, 22:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
Size

1.0MB
MD5

6f6a719c1a27a82e61776cdd5c030632
SHA1

7b5c13d2be3458fbec0eb79fc51dc450bff05715
SHA256

8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf
SHA512

d50b748b5c5e1d638191fdedf7035a039545ca23fd6c12d05d3c8f0660bbb2907ed007cc7bb5ed28f52814a78a0fee990ff8bd1acfddcddb6d192af78b1684a4
SSDEEP

1536:OKD0A2T3vLbsih9e8bTTpb/IgQmP9zKcTDB4w/UjlQ/dpKRq:352T3siXei5bcmP9JfUjW

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\SvcHosts32 = "C:\\Windows\\system32\\svchosts.exe"	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers32\Train Simulator II No-Cd Crack.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File created	C:\Windows\SysWOW64\drivers32\Madden NFL 2003 Serial Generator.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\WinRAR 3.12 Crack.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\NASCAR Racing 2003 Serial Generator.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Grand Theft Auto - Vice City Serial Generator.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File created	C:\Windows\SysWOW64\drivers32\IL-2 Sturmovik - Forgotten Battles No-Cd Crack.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File created	C:\Windows\SysWOW64\drivers32\Silent Hill 3 No-Cd Crack.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File created	C:\Windows\SysWOW64\drivers32\Thief III No-Cd Crack.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File created	C:\Windows\SysWOW64\drivers32\Quake III Serial Generator.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Midtown Madness II No-Cd Crack.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File created	C:\Windows\SysWOW64\drivers32\Age of Mythology - The Titans No-Cd Crack.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File created	C:\Windows\SysWOW64\drivers32\FIFA Soccer 2004 No-Cd Crack.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File created	C:\Windows\SysWOW64\drivers32\MechWarrior III Serial Generator.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Quake 4 Serial Generator.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File created	C:\Windows\SysWOW64\drivers32\MechWarrior 5 Serial Generator.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Medal of Honor - Allied Assault Breakthrough No-Cd Crack.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Quake III No-Cd Crack.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File created	C:\Windows\SysWOW64\drivers32\Hitman 3 No-Cd Crack.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File created	C:\Windows\SysWOW64\drivers32\RealOne Player 2.0 Serial Generator.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\WinZip 8.1 Crack.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Armor2net Personal Firewall 3.1 Crack.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File created	C:\Windows\SysWOW64\drivers32\Medal of Honor - Allied Assault Breakthrough Serial Generator.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File created	C:\Windows\SysWOW64\drivers32\Quake 4 Serial Generator.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Easy CD-DA Extractor 5.1 Crack.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\MechWarrior 3 Serial Generator.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\WinRAR 3.12 Serial Generator.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\NBA Live 2004 Serial Generator.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Flight Simulator - Century of Flight No-Cd Crack.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Midtown Madness 2 No-Cd Crack.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\mIRC 6.03 Crack.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Unreal Tournament 2004 Serial Generator.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File created	C:\Windows\SysWOW64\drivers32\Internet Download Manager 3.15 Serial Generator.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\EverQuest 2 Serial Generator.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Direct Connect 1.x Serial Generator.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File created	C:\Windows\SysWOW64\drivers32\Etherlords II No-Cd Crack.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File created	C:\Windows\SysWOW64\drivers32\Armor2net Personal Firewall 3.1 Crack.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File created	C:\Windows\SysWOW64\drivers32\FlashFXP 1.x Crack.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File created	C:\Windows\SysWOW64\drivers32\Star Wars Jedi Knight - Jedi Academy Serial Generator.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File created	C:\Windows\SysWOW64\drivers32\Metal Gear Solid 3 Serial Generator.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Quake IV No-Cd Crack.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\SWiSH 2.0 Crack.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Chrome Serial Generator.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Train Simulator 2 No-Cd Crack.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File created	C:\Windows\SysWOW64\drivers32\MechWarrior IV No-Cd Crack.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File created	C:\Windows\SysWOW64\drivers32\Shrek 2 Serial Generator.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File created	C:\Windows\SysWOW64\drivers32\Thief III Serial Generator.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Rainbow Six 3 - Raven Shield No-Cd Crack.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\MechWarrior 5 Serial Generator.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\MusicMatch Jukebox 8.0 Serial Generator.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\WinAce 2.x Serial Generator.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Counter-Strike - Condition Zero No-Cd Crack.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Xenus Serial Generator.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Warlords IV - Heroes of Etheria Serial Generator.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\SolSuite 2003 Serial Generator.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Warcraft 3 No-Cd Crack.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Shrek II No-Cd Crack.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Soul Reaver III Serial Generator.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File created	C:\Windows\SysWOW64\drivers32\Civilization III - Conquest No-Cd Crack.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File created	C:\Windows\SysWOW64\drivers32\Easy CD-DA Extractor 5.1 Crack.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File created	C:\Windows\SysWOW64\drivers32\FIFA Soccer 2004 Serial Generator.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File created	C:\Windows\SysWOW64\drivers32\QuickTime 6.x Serial Generator.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Delta Force - Black Hawk Down No-Cd Crack.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Madden NFL 2003 Serial Generator.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Network Cable e ADSL Speed 1.x Serial Generator.exe	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 640 wrote to memory of 1532	640	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe	87
PID 640 wrote to memory of 1532	640	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe	87
PID 640 wrote to memory of 1532	640	8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe	87

C:\Users\Admin\AppData\Local\Temp\8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe
"C:\Users\Admin\AppData\Local\Temp\8d10a0c23e7a0ac12c50d22a9e3f841f2260044d71b2ee7860ffafccb48cedaf.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:640
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c c:\$$$$$.bat
  2⤵
  PID:1532

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\??\c:\$$$$$.bat

Filesize
264B

MD5
bba3f6d8dcb83f5a90a0e28d13456719

SHA1
d9e44510c43545d3790cfdf0b7f7bf397fd5803e

SHA256
e42776fd5176943a99eb2fdcf88a401b8f50d7bc2548ca20b7e473bf52b5e2dc

SHA512
32c932e5689defdcfdc2960005305fa1dcc39c42fe68815566313b93b0809ef41297635c3b0885735ed6078460e67d7d3e839c9f11f095b1973cdd02b9921c35

Download Submit
memory/640-132-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/640-133-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/640-135-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download