b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940

General

Target

b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
Size

3.9MB
MD5

02bc8f2347e2df6beed1b32d8e66ce55
SHA1

cd75697824ad8cc3adc51a7a6322ae2590f084c4
SHA256

b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940
SHA512

a98c075ab59cf2f018bac37644e606af4e72513297bec193def91fd7f10ea85e134b66f76628d17bf0032652c2cc02a6c959ca292b4d202524bdf3ee48e08380
SSDEEP

1536:OKD0A2T3vLbsih9e8bTTpb/IgQmP9zKcTDB4w/UjlQ/dpKRq:352T3siXei5bcmP9JfUjW

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\SvcHosts32 = "C:\\Windows\\system32\\svchosts.exe"	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe

Drops file in System32 directory 64 IoCs

Processes:

b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers32\Metal Gear Solid 3 Serial Generator.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File created	C:\Windows\SysWOW64\drivers32\Download Accelerator Plus 5.3 Serial Generator.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Soul Reaver III No-Cd Crack.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Unreal Tournament 2004 Serial Generator.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Easy CD-DA Extractor 5.x Serial Generator.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File created	C:\Windows\SysWOW64\drivers32\WinZip 9.x Serial Generator.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File created	C:\Windows\SysWOW64\drivers32\UT 2004 No-Cd Crack.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Lords of EverQuest No-Cd Crack.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File created	C:\Windows\SysWOW64\drivers32\DAP Plus 5.3 Crack.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File created	C:\Windows\SysWOW64\drivers32\WinAce 2.x Crack.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File created	C:\Windows\SysWOW64\drivers32\Kings of War Serial Generator.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File created	C:\Windows\SysWOW64\drivers32\ICUII 5.7 Serial Generator.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\NHL 2002 No-Cd Crack.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File created	C:\Windows\SysWOW64\drivers32\Max Payne 2 - The Fall of Max Payne No-Cd Crack.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File created	C:\Windows\SysWOW64\drivers32\Half-Life II Serial Generator.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File created	C:\Windows\SysWOW64\drivers32\Delta Force - Black Hawk Down Serial Generator.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File created	C:\Windows\SysWOW64\drivers32\IL-2 Sturmovik - Forgotten Battles Serial Generator.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Midtown Madness 2 No-Cd Crack.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Quake III No-Cd Crack.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\WinRAR 3.12 Crack.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Medal of Honor - Allied Assault Breakthrough Serial Generator.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\MechWarrior 4 Serial Generator.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File created	C:\Windows\SysWOW64\drivers32\FIFA Soccer 2004 No-Cd Crack.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File created	C:\Windows\SysWOW64\drivers32\ICUII 5.7 Crack.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File created	C:\Windows\SysWOW64\drivers32\GeoWhere 2.11 Crack.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File created	C:\Windows\SysWOW64\drivers32\Flight Simulator - Century of Flight Serial Generator.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File created	C:\Windows\SysWOW64\drivers32\MechWarrior III Serial Generator.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Splinter Cell Serial Generator.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Star Wars - Knights of the Old Republic Serial Generator.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\NHL 2003 Serial Generator.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\ZoneAlarm 3.7.143 Serial Generator.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File created	C:\Windows\SysWOW64\drivers32\Warcraft III - The Frozen Throne No-Cd Crack.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File created	C:\Windows\SysWOW64\drivers32\Ad-aware 6.0 Serial Generator.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Command & Conquer Generals No-Cd Crack.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\NCAA Football 2004 Serial Generator.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\ACDSee 2.4.x Serial Generator.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File created	C:\Windows\SysWOW64\drivers32\Easy CD-DA Extractor 5.x Serial Generator.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File created	C:\Windows\SysWOW64\drivers32\CloneCD 5.0 Serial Generator.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\UT 2004 No-Cd Crack.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Xenus No-Cd Crack.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\WindowBlinds 4.0 Crack.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\The Sims Superstar Serial Generator.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Thief II Serial Generator.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File created	C:\Windows\SysWOW64\drivers32\Tomb Raider - The Angel of Darkness No-Cd Crack.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File created	C:\Windows\SysWOW64\drivers32\Unreal Tournament 2003 No-Cd Crack.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File created	C:\Windows\SysWOW64\drivers32\Hitman II No-Cd Crack.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File created	C:\Windows\SysWOW64\drivers32\Railroad Tycoon III Serial Generator.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File created	C:\Windows\SysWOW64\drivers32\Quake 3 Serial Generator.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File created	C:\Windows\SysWOW64\drivers32\Winamp 2.91 Serial Generator.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File created	C:\Windows\SysWOW64\drivers32\LingoWare 3.0 Serial Generator.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Madden NFL 2004 No-Cd Crack.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Tony Hawks Pro Skater 4 Serial Generator.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Hitman 3 Serial Generator.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\NASCAR Thunder 2003 Serial Generator.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\KaZaA Speedup 3.03 Serial Generator.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File created	C:\Windows\SysWOW64\drivers32\Sniper Elite - Berlin 1943 No-Cd Crack.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File created	C:\Windows\SysWOW64\drivers32\Delta Force - Black Hawk Down No-Cd Crack.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\FlashGet 1.3 Serial Generator.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File created	C:\Windows\SysWOW64\drivers32\Battlefield 1942 - The Road to Rome Serial Generator.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Age of Mythology - The Titans Serial Generator.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File created	C:\Windows\SysWOW64\drivers32\WinZip 8.1 Serial Generator.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\FIFA Soccer 2003 No-Cd Crack.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Age of Wonders II - Shadow Magic No-Cd Crack.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\MVP Baseball 2003 No-Cd Crack.exe	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe

description	pid	process	target process
PID 4872 wrote to memory of 176	4872	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe	cmd.exe
PID 4872 wrote to memory of 176	4872	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe	cmd.exe
PID 4872 wrote to memory of 176	4872	b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe
"C:\Users\Admin\AppData\Local\Temp\b4c73878e145223dbc75f048676b48edf96ef5608ff3a491da34e55d621fa940.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4872

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c c:\$$$$$.bat
2⤵
PID:176

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\??\c:\$$$$$.bat
Filesize
264B

MD5
9bed26f74b7a65dc9939bb58aebd8819

SHA1
6d1a888165d5829c180133cb0556fd9f78a6a3d9

SHA256
6e13dc057c0d26552d0e56fde38c22dc3ed0c4581a1d64a72ba8674925e966db

SHA512
4ee745f54ebded515aa822fb2e03e85110fdb701c22d22843782e9a59e6d093e1a67fbd8129b3bbb24aff00fbc2e478380e0f665dae431c1d92a092a743b9cae

Download Submit
memory/176-134-0x0000000000000000-mapping.dmp

Download
memory/4872-132-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/4872-133-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/4872-135-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads