3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e

Analysis

max time kernel
91s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2022 19:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
Size

3.4MB
MD5

070738e2025890cfc8af2b46c53bb0b8
SHA1

f2d3d054fa4ceeb9b2a9302bc0b49e02c501805d
SHA256

3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e
SHA512

40f1b5d1536faba966d4b87cb377d6ac4a8fce0577e5ffe5f9530692ef068512cbab8b77dbd238383d88ec6d10a1d651a0d208bffbef06b934413abbf108fb95
SSDEEP

1536:OKD0A2T3vLbsih9e8bTTpb/IgQmP9zKcTDB4w/UjlQ/dpKRq:352T3siXei5bcmP9JfUjW

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\SvcHosts32 = "C:\\Windows\\system32\\svchosts.exe"	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers32\DOOM 3 No-Cd Crack.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File created	C:\Windows\SysWOW64\drivers32\Quake IV No-Cd Crack.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File created	C:\Windows\SysWOW64\drivers32\Medal of Honor - Allied Assault Breakthrough Serial Generator.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File created	C:\Windows\SysWOW64\drivers32\Warlords 4 Serial Generator.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File created	C:\Windows\SysWOW64\drivers32\MVP Baseball 2003 Serial Generator.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File created	C:\Windows\SysWOW64\drivers32\Tiger Woods PGA TOUR 2003 Serial Generator.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Download Accelerator Plus 5.3 Crack.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File created	C:\Windows\SysWOW64\drivers32\Neverwinter Nights - Shadows of Undrentide No-Cd Crack.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Half-Life 2 Serial Generator.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Return to Castle Wolfenstein Enemy Territory Serial Generator.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File created	C:\Windows\SysWOW64\drivers32\DAP Plus 5.3 Serial Generator.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Etherlords II No-Cd Crack.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File created	C:\Windows\SysWOW64\drivers32\Hitman III No-Cd Crack.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File created	C:\Windows\SysWOW64\drivers32\Direct Connect 1.x Crack.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File created	C:\Windows\SysWOW64\drivers32\FlashFXP 1.x Serial Generator.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Battlefield 1942 - The Road to Rome No-Cd Crack.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Grand Theft Auto - Vice City No-Cd Crack.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\UT 2003 Serial Generator.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Ulead GIF Animator 6.x Serial Generator.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File created	C:\Windows\SysWOW64\drivers32\Midtown Madness III No-Cd Crack.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Max Payne 2 - The Fall of Max Payne No-Cd Crack.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Easy CD-DA Extractor 5.x Serial Generator.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File created	C:\Windows\SysWOW64\drivers32\MusicMatch Jukebox 8.x Crack.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File created	C:\Windows\SysWOW64\drivers32\Star Wars - Knights of the Old Republic No-Cd Crack.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File created	C:\Windows\SysWOW64\drivers32\Lord of the Rings - The Two Towers Serial Generator.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File created	C:\Windows\SysWOW64\drivers32\Metal Gear Solid III Serial Generator.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\FireStarter Serial Generator.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Ulead PhotoImpact 8.x Serial Generator.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File created	C:\Windows\SysWOW64\drivers32\IL-2 Sturmovik - Forgotten Battles No-Cd Crack.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File created	C:\Windows\SysWOW64\drivers32\Internet Turbo 2003 5.x Serial Generator.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Thief III No-Cd Crack.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File created	C:\Windows\SysWOW64\drivers32\Hitman 3 No-Cd Crack.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File created	C:\Windows\SysWOW64\drivers32\ACDSee 2.4.x Crack.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File created	C:\Windows\SysWOW64\drivers32\Half-Life Serial Generator.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File created	C:\Windows\SysWOW64\drivers32\Dark Age of Camelot - Trials of Atlantis Serial Generator.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File created	C:\Windows\SysWOW64\drivers32\Network Cable e ADSL Speed 1.x Serial Generator.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Paint Shop Pro 8.x Serial Generator.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\GetRight 6.x Serial Generator.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File created	C:\Windows\SysWOW64\drivers32\Age of Wonders II - Shadow Magic No-Cd Crack.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File created	C:\Windows\SysWOW64\drivers32\Flight Simulator - Century of Flight Serial Generator.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File created	C:\Windows\SysWOW64\drivers32\SWiSH 2.x Serial Generator.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Counter-Strike - Condition Zero No-Cd Crack.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Metal Gear Solid 3 No-Cd Crack.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Ulead GIF Animator 5.x Serial Generator.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File created	C:\Windows\SysWOW64\drivers32\Warcraft III - The Frozen Throne No-Cd Crack.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File created	C:\Windows\SysWOW64\drivers32\Splinter Cell Serial Generator.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File created	C:\Windows\SysWOW64\drivers32\Lord of the Rings - War of the Ring Serial Generator.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\FIFA Soccer 2003 No-Cd Crack.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Freedom - Soldiers of Liberty No-Cd Crack.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Grand Theft Auto - Vice City Serial Generator.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Internet Turbo 2003 5.x Serial Generator.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\WindowBlinds 4.0 Serial Generator.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File created	C:\Windows\SysWOW64\drivers32\Tony Hawks Pro Skater 4 No-Cd Crack.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File created	C:\Windows\SysWOW64\drivers32\Microangelo 5.58 Serial Generator.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Need for Speed Underground No-Cd Crack.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Star Wars - Knights of the Old Republic No-Cd Crack.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Hitman 2 Serial Generator.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File created	C:\Windows\SysWOW64\drivers32\SimCity 4 Rush Hour Serial Generator.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Thief II Serial Generator.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\NCAA Football 2003 Serial Generator.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Internet Download Manager 3.x Serial Generator.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Metal Gear Solid III Serial Generator.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File created	C:\Windows\SysWOW64\drivers32\WS_FTP 5.x Crack.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
File created	C:\Windows\SysWOW64\drivers32\NASCAR Thunder 2004 Serial Generator.exe	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3852 wrote to memory of 1840	3852	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe	88
PID 3852 wrote to memory of 1840	3852	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe	88
PID 3852 wrote to memory of 1840	3852	3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe	88

C:\Users\Admin\AppData\Local\Temp\3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe
"C:\Users\Admin\AppData\Local\Temp\3b420dd042777af290b2f615d3b8cc11034a3a591f783d80cce63513dbbff02e.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:3852
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c c:\$$$$$.bat
  2⤵
  PID:1840

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\??\c:\$$$$$.bat

Filesize
264B

MD5
3e2e5a619592418f6f6f28771d9bebcc

SHA1
e60fb8d24adea7b581e85b9bf437010ebc349e0d

SHA256
854515681eb58baa1d37f11fc301341673539a536720c71b709eb8af440495b7

SHA512
b1116dccef106e483930139279ae3e795391861df37a1f3cea30e0423e5c0b2a8ae301167efa46817954ed672a30c9f38684f966996b759b7ae52a0bfff8cd00

Download Submit
memory/1840-134-0x0000000000000000-mapping.dmp

Download
memory/3852-132-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/3852-133-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/3852-135-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download