81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603

Analysis

max time kernel
151s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
27-11-2022 07:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
Size

864KB
MD5

b7e3361c5d4727909567a4db6f649f80
SHA1

8a1f3e18d51ea4525831d0db4023b9e7a5ca3bdb
SHA256

81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603
SHA512

f4329a9a62d68db65b86384d7a452d6557c8a2c3179ba9d57394e74c2a7a320652c62fb1ba39967e33a714422ae9758a78b53069e95ca7f6d7e89450e926018e
SSDEEP

3072:352T3siXei5bcmP9JfUjWU7hr9wcPPMwcPQt1lhCRhr9wcP:34xu2bF+7hrDPuPOXhCRhrDP

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RUN\SvcHosts32 = "C:\\Windows\\system32\\svchosts.exe"	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers32\Metal Gear Solid 2 Serial Generator.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File created	C:\Windows\SysWOW64\drivers32\Winamp 2.91 Serial Generator.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Command & Conquer Generals No-Cd Crack.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File created	C:\Windows\SysWOW64\drivers32\Thief III No-Cd Crack.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File created	C:\Windows\SysWOW64\drivers32\Chrome Serial Generator.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File created	C:\Windows\SysWOW64\drivers32\Medal of Honor - Allied Assault Breakthrough Serial Generator.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Halo Serial Generator.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File created	C:\Windows\SysWOW64\drivers32\CloneCD 5.0 Crack.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File created	C:\Windows\SysWOW64\drivers32\WinRAR 3.11 Serial Generator.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File created	C:\Windows\SysWOW64\drivers32\Half-Life 2 Serial Generator.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Railroad Tycoon III No-Cd Crack.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Ulead GIF Animator 5.x Crack.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Quake 3 No-Cd Crack.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File created	C:\Windows\SysWOW64\drivers32\MechWarrior V No-Cd Crack.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File created	C:\Windows\SysWOW64\drivers32\Elder Scrolls III - Tribunal Serial Generator.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File created	C:\Windows\SysWOW64\drivers32\MusicMatch Jukebox 8.x Serial Generator.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File created	C:\Windows\SysWOW64\drivers32\Nero Burning ROM 5.5.x Serial Generator.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Star Wars Jedi Knight - Jedi Academy No-Cd Crack.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\IconPackager 2.12 Crack.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File created	C:\Windows\SysWOW64\drivers32\Etherlords II No-Cd Crack.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File created	C:\Windows\SysWOW64\drivers32\GeoWhere 2.x Crack.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File created	C:\Windows\SysWOW64\drivers32\Train Simulator II Serial Generator.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Midtown Madness II No-Cd Crack.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\CloneCD 4.x Crack.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File created	C:\Windows\SysWOW64\drivers32\IconPackager 2.x Crack.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File created	C:\Windows\SysWOW64\drivers32\NBA Live 2004 No-Cd Crack.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File created	C:\Windows\SysWOW64\drivers32\IL-2 Sturmovik - Forgotten Battles No-Cd Crack.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File created	C:\Windows\SysWOW64\drivers32\Battlefield 1942 - Secret Weapons of World War II No-Cd Crack.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File created	C:\Windows\SysWOW64\drivers32\UT 2004 Serial Generator.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File created	C:\Windows\SysWOW64\drivers32\Harry Potter - Quidditch World Cup Serial Generator.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Etherlords II No-Cd Crack.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Return to Castle Wolfenstein Enemy Territory No-Cd Crack.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\MVP Baseball 2003 No-Cd Crack.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File created	C:\Windows\SysWOW64\drivers32\WinZip 8.0 Crack.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File created	C:\Windows\SysWOW64\drivers32\Macromedia Flash MX 6.x Crack.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File created	C:\Windows\SysWOW64\drivers32\Nero Burning ROM 6.x Crack.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File created	C:\Windows\SysWOW64\drivers32\LingoWare 3.0 Crack.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File created	C:\Windows\SysWOW64\drivers32\NBA Live 2003 Serial Generator.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\GeoWhere 2.11 Crack.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File created	C:\Windows\SysWOW64\drivers32\FIFA Soccer 2003 Serial Generator.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File created	C:\Windows\SysWOW64\drivers32\Star Wars Jedi Knight - Jedi Academy Serial Generator.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File created	C:\Windows\SysWOW64\drivers32\Metal Gear Solid III Serial Generator.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File created	C:\Windows\SysWOW64\drivers32\Commandos 3 - Destination Berlin No-Cd Crack.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Train Simulator 2 No-Cd Crack.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File created	C:\Windows\SysWOW64\drivers32\Hitman II No-Cd Crack.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File created	C:\Windows\SysWOW64\drivers32\Adobe Photoshop 7.x Crack.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File created	C:\Windows\SysWOW64\drivers32\SnagIt 6.2.2 Crack.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File created	C:\Windows\SysWOW64\drivers32\FlashGet 1.x Serial Generator.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\UT 2003 Serial Generator.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File created	C:\Windows\SysWOW64\drivers32\Xenus No-Cd Crack.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Madden NFL 2004 No-Cd Crack.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\GeoWhere 2.x Crack.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File created	C:\Windows\SysWOW64\drivers32\Max Payne 2 - The Fall of Max Payne No-Cd Crack.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File created	C:\Windows\SysWOW64\drivers32\PhotoShow 2.0 Crack.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File created	C:\Windows\SysWOW64\drivers32\Battlefield 1942 - The Road to Rome Serial Generator.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File created	C:\Windows\SysWOW64\drivers32\Lord of the Rings - War of the Ring Serial Generator.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Metal Gear Solid III No-Cd Crack.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File created	C:\Windows\SysWOW64\drivers32\Direct Connect 1.x Serial Generator.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\SnagIt 6.2.2 Crack.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Chrome Serial Generator.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File created	C:\Windows\SysWOW64\drivers32\Railroad Tycoon III No-Cd Crack.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File created	C:\Windows\SysWOW64\drivers32\WindowBlinds 4.x Crack.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File created	C:\Windows\SysWOW64\drivers32\UT 2003 Serial Generator.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
File created	C:\Windows\SysWOW64\drivers32\Warlords 4 Serial Generator.exe	81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe

C:\Users\Admin\AppData\Local\Temp\81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe
"C:\Users\Admin\AppData\Local\Temp\81708bd2b6380d8b64d99b82b580034f3a27ea50941fa6194eeb4d368bb9e603.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:2024

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2024-54-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2024-55-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download