90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798

Analysis

max time kernel
91s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 22:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
Size

454KB
MD5

34ac900b30398907222718a80294aafd
SHA1

a72a66977fe30f62f32f2665d3fffddb2343f40a
SHA256

90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798
SHA512

4c0e9506e313364a6ee63d831089251109becb37dde802fb94be4ab34ae0e12431e9b9ffcc96150bbbf97db759778ada15e0fc09d1edf3380b401419c5fdfe66
SSDEEP

3072:7+ZvkWp8qX96QfCDpMqrT4GmdVM3bXKCKk3T1a/PTYhA7Jf22QA6Ivv1tH/nSrNV:aZmqt6Qyiy3b6CR10TY8JOArF9S9x

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\SvcHosts32 = "C:\\Windows\\system32\\svchosts.exe"	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers32\NCAA Football 2003 No-Cd Crack.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File created	C:\Windows\SysWOW64\drivers32\KaZaA Speedup 3.03 Serial Generator.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Macromedia Flash MX 6.x Crack.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\QuickTime 6.x Serial Generator.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File created	C:\Windows\SysWOW64\drivers32\Kings of War Serial Generator.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File created	C:\Windows\SysWOW64\drivers32\Conflict - Desert Storm II - Back to Baghdad Serial Generator.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\FIFA Soccer 2003 Serial Generator.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Battlefield 1942 - Secret Weapons of World War II Serial Generator.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\FlashGet 1.3 Serial Generator.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File created	C:\Windows\SysWOW64\drivers32\UT 2003 No-Cd Crack.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File created	C:\Windows\SysWOW64\drivers32\WinAce 2.x Crack.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File created	C:\Windows\SysWOW64\drivers32\Warcraft III Serial Generator.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File created	C:\Windows\SysWOW64\drivers32\Network Cable e ADSL Speed 1.x Serial Generator.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File created	C:\Windows\SysWOW64\drivers32\Winamp 2.91 Serial Generator.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Ulead PhotoImpact 8.x Crack.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Half-Life 2 No-Cd Crack.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File created	C:\Windows\SysWOW64\drivers32\mIRC 6.x Crack.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File created	C:\Windows\SysWOW64\drivers32\WinAce 2.2 Crack.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File created	C:\Windows\SysWOW64\drivers32\Need for Speed Underground Serial Generator.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Silent Hill III No-Cd Crack.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Train Simulator II No-Cd Crack.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File created	C:\Windows\SysWOW64\drivers32\Chrome No-Cd Crack.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File created	C:\Windows\SysWOW64\drivers32\Return to Castle Wolfenstein No-Cd Crack.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File created	C:\Windows\SysWOW64\drivers32\Half-Life Serial Generator.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File created	C:\Windows\SysWOW64\drivers32\Battlefield 1942 - The Road to Rome Serial Generator.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\F1 2002 No-Cd Crack.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\WinAce 2.2 Serial Generator.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File created	C:\Windows\SysWOW64\drivers32\WinZip 9.x Serial Generator.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File created	C:\Windows\SysWOW64\drivers32\Direct Connect 1.x Serial Generator.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\FIFA Soccer 2004 No-Cd Crack.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Delta Force - Black Hawk Down No-Cd Crack.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File created	C:\Windows\SysWOW64\drivers32\Star Trek - Elite Force II Serial Generator.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File created	C:\Windows\SysWOW64\drivers32\Age of Wonders II - Shadow Magic Serial Generator.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Unreal Tournament 2004 No-Cd Crack.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Soul Reaver III Serial Generator.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File created	C:\Windows\SysWOW64\drivers32\ICUII 5.x.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File created	C:\Windows\SysWOW64\drivers32\NBA Live 2004 Serial Generator.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File created	C:\Windows\SysWOW64\drivers32\Ulead GIF Animator 6.x Serial Generator.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Quake IV No-Cd Crack.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Madden NFL 2003 No-Cd Crack.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\ZoneAlarm 3.x Crack.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File created	C:\Windows\SysWOW64\drivers32\WinRAR 3.11 Crack.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File created	C:\Windows\SysWOW64\drivers32\The Sims Superstar Serial Generator.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File created	C:\Windows\SysWOW64\drivers32\CloneCD 4.x Serial Generator.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Half-Life No-Cd Crack.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File created	C:\Windows\SysWOW64\drivers32\Half-Life 2 Serial Generator.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\ICUII 5.7 Serial Generator.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File created	C:\Windows\SysWOW64\drivers32\Divx 5.x Crack.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File created	C:\Windows\SysWOW64\drivers32\Microangelo 5.58 Crack.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File created	C:\Windows\SysWOW64\drivers32\SimCity 4 Rush Hour Serial Generator.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File created	C:\Windows\SysWOW64\drivers32\WinZip 8.1 Serial Generator.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\ICUII 5.x.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\DOOM 3 No-Cd Crack.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\DAP Plus 5.3 Serial Generator.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File created	C:\Windows\SysWOW64\drivers32\WinZip 8.0 Crack.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File created	C:\Windows\SysWOW64\drivers32\Hitman III Serial Generator.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File created	C:\Windows\SysWOW64\drivers32\Ulead GIF Animator 5.x Serial Generator.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Dark Age of Camelot - Trials of Atlantis No-Cd Crack.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\MVP Baseball 2003 No-Cd Crack.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\UT 2003 Serial Generator.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Direct Connect 1.x Serial Generator.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\SnagIt 6.2.2 Serial Generator.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File created	C:\Windows\SysWOW64\drivers32\NASCAR Thunder 2003 No-Cd Crack.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
File created	C:\Windows\SysWOW64\drivers32\GeoWhere 2.11 Crack.exe	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2736 wrote to memory of 4856	2736	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe	80
PID 2736 wrote to memory of 4856	2736	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe	80
PID 2736 wrote to memory of 4856	2736	90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe	80

C:\Users\Admin\AppData\Local\Temp\90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe
"C:\Users\Admin\AppData\Local\Temp\90219c69b173fbeff9e7097b40d188e39759a50b90c6fba09b2e735c2de4f798.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2736
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c c:\$$$$$.bat
  2⤵
  PID:4856

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\??\c:\$$$$$.bat

Filesize
264B

MD5
30c75e6a30841342dbb29adf02130d19

SHA1
647fd2d32a54b0e40eab4efb38e91e3155fc1caa

SHA256
a28bfb1d3b58fa5e1fec7b61f47d9da3329b08c2cab59f070863a810bb739abd

SHA512
c6b9950df4cf9e39ad6d000bd3e5e7f17948e363c4c09a1617c8f716ec2989adabc1d43ea469fba948f0a2e03237c102f09c9e8c42dd351f8acef102142c829d

Download Submit
memory/2736-132-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2736-133-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2736-135-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download