b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450

General

Target

b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
Size

4.0MB
MD5

011a29c4558f6df920a57cff5f6fb384
SHA1

bc5a0ef6632616148ba37408f751b984baa8bb37
SHA256

b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450
SHA512

d05d3e1a760b16fe76326840d865e14904916568ddd1257f207edf7766f595b92dc7db29febd49e09cdb33a5bc6b94ff89e464ae5ebf0a88cd9fde022247afd1
SSDEEP

1536:OKD0A2T3vLbsih9e8bTTpb/IgQmP9zKcTDB4w/UjlQ/dpKRq:352T3siXei5bcmP9JfUjW

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\SvcHosts32 = "C:\\Windows\\system32\\svchosts.exe"	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe

Drops file in System32 directory 64 IoCs

Processes:

b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\drivers32\Metal Gear Solid 2 Serial Generator.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File created	C:\Windows\SysWOW64\drivers32\Metal Gear Solid III No-Cd Crack.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File created	C:\Windows\SysWOW64\drivers32\Hex Workshop Hex Editor 4.1 Crack.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File created	C:\Windows\SysWOW64\drivers32\FIFA Soccer 2003 Serial Generator.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Civilization III - Conquest No-Cd Crack.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Tiger Woods PGA TOUR 2003 No-Cd Crack.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Internet Download Manager 3.x Crack.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\QuickTime 6.x Crack.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Lords of the Realm III Serial Generator.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File created	C:\Windows\SysWOW64\drivers32\RealOne Player 2.0 Crack.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File created	C:\Windows\SysWOW64\drivers32\Winamp 2.91 Crack.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File created	C:\Windows\SysWOW64\drivers32\GetRight 5.0 Crack.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File created	C:\Windows\SysWOW64\drivers32\CloneCD 5.0 Crack.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File created	C:\Windows\SysWOW64\drivers32\IconPackager 2.x Crack.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\The Sims Superstar No-Cd Crack.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Midtown Madness III Serial Generator.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Adobe Acrobat 5.x Serial Generator.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\QuickTime 6.x Serial Generator.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File created	C:\Windows\SysWOW64\drivers32\Hitman 3 No-Cd Crack.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File created	C:\Windows\SysWOW64\drivers32\NASCAR Thunder 2003 No-Cd Crack.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File created	C:\Windows\SysWOW64\drivers32\WindowBlinds 4.0 Crack.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File created	C:\Windows\SysWOW64\drivers32\Microangelo 5.x Serial Generator.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\WinZip 9.x Crack.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File created	C:\Windows\SysWOW64\drivers32\WinZip 8.1 Crack.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File created	C:\Windows\SysWOW64\drivers32\Internet Turbo 2003 5.4 Crack.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File created	C:\Windows\SysWOW64\drivers32\Train Simulator II Serial Generator.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File created	C:\Windows\SysWOW64\drivers32\Adobe Photoshop 7.x Serial Generator.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Chrome No-Cd Crack.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Battlefield 1942 - The Road to Rome No-Cd Crack.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Network Cable e ADSL Speed 1.x Crack.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Hitman II Serial Generator.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File created	C:\Windows\SysWOW64\drivers32\DOOM 3 No-Cd Crack.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File created	C:\Windows\SysWOW64\drivers32\Command & Conquer Generals Serial Generator.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File created	C:\Windows\SysWOW64\drivers32\NCAA Football 2003 Serial Generator.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File created	C:\Windows\SysWOW64\drivers32\FlashFXP 1.x Serial Generator.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Flight Simulator - Century of Flight No-Cd Crack.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Counter-Strike - Condition Zero No-Cd Crack.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\KaZaA Speedup 3.x Serial Generator.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File created	C:\Windows\SysWOW64\drivers32\Return to Castle Wolfenstein No-Cd Crack.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File created	C:\Windows\SysWOW64\drivers32\MusicMatch Jukebox 8.x Serial Generator.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Star Trek - Elite Force II No-Cd Crack.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\NASCAR Thunder 2004 No-Cd Crack.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Harry Potter - Quidditch World Cup No-Cd Crack.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Grand Theft Auto - Vice City Serial Generator.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Star Wars - Knights of the Old Republic No-Cd Crack.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\FIFA Soccer 2003 Serial Generator.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Easy CD-DA Extractor 5.1 Serial Generator.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File created	C:\Windows\SysWOW64\drivers32\Unreal Tournament 2003 No-Cd Crack.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File created	C:\Windows\SysWOW64\drivers32\Network Cable e ADSL Speed 1.0.6 Crack.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File created	C:\Windows\SysWOW64\drivers32\Return to Castle Wolfenstein Enemy Territory Serial Generator.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File created	C:\Windows\SysWOW64\drivers32\ACDSee 2.4.x Serial Generator.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Knights of the Temple No-Cd Crack.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Metal Gear Solid No-Cd Crack.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File created	C:\Windows\SysWOW64\drivers32\IconPackager 2.12 Serial Generator.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Half-Life No-Cd Crack.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Nero Burning ROM 5.5.x Serial Generator.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File created	C:\Windows\SysWOW64\drivers32\MechWarrior 4 Serial Generator.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Midtown Madness II No-Cd Crack.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Madden NFL 2004 No-Cd Crack.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\DAP Plus 5.3 Crack.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\ICUII 5.7 Crack.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Download Accelerator Plus 5.3 Serial Generator.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Armor2net Personal Firewall 3.1 Serial Generator.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
File created	C:\Windows\SysWOW64\drivers32\Chrome No-Cd Crack.exe	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe

description	pid	process	target process
PID 1992 wrote to memory of 312	1992	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe	cmd.exe
PID 1992 wrote to memory of 312	1992	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe	cmd.exe
PID 1992 wrote to memory of 312	1992	b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe
"C:\Users\Admin\AppData\Local\Temp\b479ffac4ede98ae89e47d358b2ca077aa92c69ed16f87c6fc8c64ee3ce56450.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1992

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c c:\$$$$$.bat
2⤵
PID:312

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\??\c:\$$$$$.bat
Filesize
264B

MD5
56a8e49ec42fa7e955945e5ff83c3771

SHA1
cabad277a485da20e67ca4af3ea1338f3c66df1e

SHA256
eca30597b20ffac91f242bb19588742a1a806db21ae1284f2b9b9698b1b409b4

SHA512
68cbcd4963fbaaf04d5a5cbcb0588d8cc7ddd7d04832282348132e0de20b1edcb021fb4e4ba91b5f3434ee08563928ef18e6fb5d36938f2e622d9657f1ae1f23

Download Submit
memory/312-134-0x0000000000000000-mapping.dmp

Download
memory/1992-132-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/1992-133-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/1992-135-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads