7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702

Analysis

max time kernel
155s
max time network
173s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02-12-2022 22:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
Size

2.5MB
MD5

03b0899890febf06ad22fdd0b02fdb6c
SHA1

c41b91f4a8c4426c05de3fb431306cecd945a197
SHA256

7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702
SHA512

c24dc824eff1a8a4abb57facc400c0fc71d180d735db2bd784fa037eb89c7f2bf50005d0cf9dfd954c10ac3bfde2879bee4b775565e0b42fdcf2bf95de516739
SSDEEP

1536:OKD0A2T3vLbsih9e8bTTpb/IgQmP9zKcTDB4w/UjlQ/dpKRq:352T3siXei5bcmP9JfUjW

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\SvcHosts32 = "C:\\Windows\\system32\\svchosts.exe"	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\drivers32\Network Cable e ADSL Speed 1.0.6 Crack.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File created	C:\Windows\SysWOW64\drivers32\IconPackager 2.12 Crack.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File created	C:\Windows\SysWOW64\drivers32\DAP Plus 5.3 Serial Generator.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File created	C:\Windows\SysWOW64\drivers32\ICUII 5.x.exe.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Tony Hawks Pro Skater 4 No-Cd Crack.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Counter-Strike - Condition Zero No-Cd Crack.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Thief 3 No-Cd Crack.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File created	C:\Windows\SysWOW64\drivers32\NASCAR Racing 2003 No-Cd Crack.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Midtown Madness 3 Serial Generator.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File created	C:\Windows\SysWOW64\drivers32\MechWarrior 3 No-Cd Crack.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File created	C:\Windows\SysWOW64\drivers32\ZoneAlarm 3.x Crack.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File created	C:\Windows\SysWOW64\drivers32\Hitman 3 Serial Generator.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Flight Simulator - Century of Flight No-Cd Crack.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Star Wars - Knights of the Old Republic No-Cd Crack.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Metal Gear Solid III Serial Generator.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\SWiSH 2.0 Crack.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File created	C:\Windows\SysWOW64\drivers32\Tomb Raider - The Angel of Darkness No-Cd Crack.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File created	C:\Windows\SysWOW64\drivers32\Metal Gear Solid 3 No-Cd Crack.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File created	C:\Windows\SysWOW64\drivers32\NHL 2003 No-Cd Crack.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File created	C:\Windows\SysWOW64\drivers32\Unreal Tournament 2004 Serial Generator.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File created	C:\Windows\SysWOW64\drivers32\WinZip 8.0 Serial Generator.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File created	C:\Windows\SysWOW64\drivers32\Paint Shop Pro 9.x Serial Generator.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Hitman 2 No-Cd Crack.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\WindowBlinds 4.0 Serial Generator.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File created	C:\Windows\SysWOW64\drivers32\Dark Age of Camelot - Trials of Atlantis Serial Generator.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File created	C:\Windows\SysWOW64\drivers32\Hitman 2 Serial Generator.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File created	C:\Windows\SysWOW64\drivers32\Midtown Madness II Serial Generator.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File created	C:\Windows\SysWOW64\drivers32\Thief III Serial Generator.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File created	C:\Windows\SysWOW64\drivers32\Thief 3 Serial Generator.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File created	C:\Windows\SysWOW64\drivers32\WinAce 2.2 Serial Generator.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Train Simulator II Serial Generator.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Paint Shop Pro 9.x Serial Generator.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File created	C:\Windows\SysWOW64\drivers32\Sniper Elite - Berlin 1943 No-Cd Crack.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File created	C:\Windows\SysWOW64\drivers32\Internet Download Manager 3.x Crack.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File created	C:\Windows\SysWOW64\drivers32\ACDSee 2.4.x Crack.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File created	C:\Windows\SysWOW64\drivers32\Ulead GIF Animator 6.x Crack.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File created	C:\Windows\SysWOW64\drivers32\Adobe Photoshop 8.x Serial Generator.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\FIFA Soccer 2003 Serial Generator.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Internet Turbo 2003 5.4 Serial Generator.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\mIRC 6.x Serial Generator.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File created	C:\Windows\SysWOW64\drivers32\MechWarrior 4 Serial Generator.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File created	C:\Windows\SysWOW64\drivers32\Thief 2 Serial Generator.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Ulead GIF Animator 5.x Serial Generator.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File created	C:\Windows\SysWOW64\svchosts.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File created	C:\Windows\SysWOW64\drivers32\PhotoShow 2.0 Serial Generator.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Lord of the Rings - War of the Ring Serial Generator.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\KaZaA Speedup 3.x Serial Generator.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Return to Castle Wolfenstein No-Cd Crack.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Half-Life II Serial Generator.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File created	C:\Windows\SysWOW64\drivers32\Chrome No-Cd Crack.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File created	C:\Windows\SysWOW64\drivers32\Divx 5.x Crack.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File created	C:\Windows\SysWOW64\drivers32\GetRight 5.x Crack.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File created	C:\Windows\SysWOW64\drivers32\ICUII 5.7 Crack.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File created	C:\Windows\SysWOW64\drivers32\UltraEdit-32 10.00b Serial Generator.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File created	C:\Windows\SysWOW64\drivers32\WindowBlinds 4.x Serial Generator.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Tiger Woods PGA TOUR 2003 Serial Generator.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Soul Reaver 3 No-Cd Crack.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Ad-aware 6.0 Crack.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File created	C:\Windows\SysWOW64\drivers32\Train Simulator II No-Cd Crack.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File created	C:\Windows\SysWOW64\drivers32\Quake 3 No-Cd Crack.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File created	C:\Windows\SysWOW64\drivers32\Winamp 2.91 Crack.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File created	C:\Windows\SysWOW64\drivers32\Age of Mythology - The Titans Serial Generator.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File created	C:\Windows\SysWOW64\drivers32\MusicMatch Jukebox 8.x Serial Generator.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Kings of War No-Cd Crack.exe	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3604 wrote to memory of 4748	3604	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe	80
PID 3604 wrote to memory of 4748	3604	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe	80
PID 3604 wrote to memory of 4748	3604	7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe	80

C:\Users\Admin\AppData\Local\Temp\7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe
"C:\Users\Admin\AppData\Local\Temp\7b8c6ddde89e23ab59bbc216f3788d60b8d484df5b36b8ba0af3f7a6e5072702.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:3604
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c c:\$$$$$.bat
  2⤵
  PID:4748

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\??\c:\$$$$$.bat

Filesize
264B

MD5
f2c7840746e124604a29d091c457d405

SHA1
7345c48e048eb8fd084f13cbb3ae7ad4b3956100

SHA256
576c60af97610a543166b7a377384d1c56264724e2e5de4a6e687f5a697e406b

SHA512
1838e321486004bcb24e6abf433257ea74cd9213b56362a96b2865fb5c193e87248e841f036db60171a9c78855833de77895165392d6441f3ef8c87272024cc8

Download Submit
memory/3604-132-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/3604-133-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/3604-135-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/4748-134-0x0000000000000000-mapping.dmp

Download