c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060

Analysis

max time kernel
153s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 10:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
Size

448KB
MD5

560bd50c28eb9fa6a308cf0d82dead12
SHA1

c741686c304c67b56f8fde0252f517dd78b73d16
SHA256

c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060
SHA512

3b3eb339194732e6557c164fe6c0130c37a6bbd29e018be62e88f9e51b34d9bd830b0f8ffc44cbdf4bb530cb0b81aa7c89fb9755545479ba971fbdf4497ea83c
SSDEEP

3072:7+ZvkWp8qX96QfCDpMqrT4GmdVM3bXKCKk3T1a/PTYhA7Jf22QA6Ivv1tH/nSrNV:aZmqt6Qyiy3b6CR10TY8JOArF9S9x

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RUN\SvcHosts32 = "C:\\Windows\\system32\\svchosts.exe"	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers32\Need for Speed Underground No-Cd Crack.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File created	C:\Windows\SysWOW64\drivers32\Easy CD-DA Extractor 5.1 Serial Generator.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Tiger Woods PGA TOUR 2003 No-Cd Crack.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Splinter Cell No-Cd Crack.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Freedom - Soldiers of Liberty No-Cd Crack.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Tiger Woods PGA TOUR 2002 No-Cd Crack.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\SWiSH 2.x Crack.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\CloneCD 4.x Crack.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File created	C:\Windows\SysWOW64\drivers32\Winamp 2.91 Crack.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File created	C:\Windows\SysWOW64\drivers32\DOOM 3 Serial Generator.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File created	C:\Windows\SysWOW64\drivers32\MechWarrior 5 Serial Generator.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File created	C:\Windows\SysWOW64\drivers32\Adobe Photoshop 8.x Serial Generator.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\DOOM 3 No-Cd Crack.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Divx 5.x Crack.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\NBA Live 2003 No-Cd Crack.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File created	C:\Windows\SysWOW64\drivers32\LingoWare 3.0 Crack.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File created	C:\Windows\SysWOW64\drivers32\Warcraft III - The Frozen Throne Serial Generator.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File created	C:\Windows\SysWOW64\drivers32\ZoneAlarm 3.7.143 Serial Generator.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File created	C:\Windows\SysWOW64\drivers32\KaZaA Speedup 3.x Serial Generator.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File created	C:\Windows\SysWOW64\drivers32\Dark Age of Camelot - Trials of Atlantis No-Cd Crack.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File created	C:\Windows\SysWOW64\drivers32\Grand Theft Auto - Vice City No-Cd Crack.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File created	C:\Windows\SysWOW64\drivers32\Conflict - Desert Storm II - Back to Baghdad No-Cd Crack.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Trinity No-Cd Crack.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\ZoneAlarm 3.x Crack.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\WinAce 2.x Crack.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File created	C:\Windows\SysWOW64\drivers32\GeoWhere 2.11 Crack.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Praetorians No-Cd Crack.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File created	C:\Windows\SysWOW64\drivers32\World War II - Frontline Command Serial Generator.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File created	C:\Windows\SysWOW64\drivers32\Knights of the Temple No-Cd Crack.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File created	C:\Windows\SysWOW64\drivers32\Shrek II No-Cd Crack.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File created	C:\Windows\SysWOW64\drivers32\Black & White 2 Serial Generator.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File created	C:\Windows\SysWOW64\drivers32\ACDSee 2.4.x Crack.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File created	C:\Windows\SysWOW64\drivers32\Elder Scrolls III - Tribunal Serial Generator.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Battlefield 1942 - Secret Weapons of World War II No-Cd Crack.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Hitman III No-Cd Crack.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\IconPackager 2.12 Crack.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File created	C:\Windows\SysWOW64\drivers32\Star Trek - Elite Force II No-Cd Crack.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File created	C:\Windows\SysWOW64\drivers32\Hitman III No-Cd Crack.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File created	C:\Windows\SysWOW64\drivers32\MechWarrior 4 No-Cd Crack.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File created	C:\Windows\SysWOW64\drivers32\Quake III Serial Generator.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\The Sims Superstar No-Cd Crack.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Soul Reaver 3 No-Cd Crack.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File created	C:\Windows\SysWOW64\drivers32\Tony Hawks Pro Skater 4 No-Cd Crack.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File created	C:\Windows\SysWOW64\drivers32\Madden NFL 2003 No-Cd Crack.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File created	C:\Windows\SysWOW64\drivers32\Adobe Photoshop 8.x Crack.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File created	C:\Windows\SysWOW64\drivers32\SWiSH 2.x Serial Generator.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File created	C:\Windows\SysWOW64\drivers32\Half-Life 2 Serial Generator.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Halo No-Cd Crack.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\GeoWhere 2.11 Crack.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File created	C:\Windows\SysWOW64\drivers32\Metal Gear Solid 2 No-Cd Crack.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File created	C:\Windows\SysWOW64\drivers32\ICUII 5.x.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File created	C:\Windows\SysWOW64\drivers32\ZoneAlarm 3.x Serial Generator.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File created	C:\Windows\SysWOW64\drivers32\Quake 3 Serial Generator.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\DOOM III No-Cd Crack.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\NCAA Football 2004 No-Cd Crack.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File created	C:\Windows\SysWOW64\drivers32\Lord of the Rings - The Two Towers No-Cd Crack.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File created	C:\Windows\SysWOW64\drivers32\Nero Burning ROM 5.5.x Crack.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Lords of EverQuest Serial Generator.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Midtown Madness III No-Cd Crack.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File created	C:\Windows\SysWOW64\drivers32\Midtown Madness 3 No-Cd Crack.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File created	C:\Windows\SysWOW64\drivers32\Direct Connect 1.x Crack.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File created	C:\Windows\SysWOW64\drivers32\Microangelo 6.x Serial Generator.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File created	C:\Windows\SysWOW64\drivers32\RealOne Player 2.0 Serial Generator.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Half-Life Serial Generator.exe	c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe

C:\Users\Admin\AppData\Local\Temp\c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe
"C:\Users\Admin\AppData\Local\Temp\c7fc5f111a7217a11d1424037419bd87e5d6d6e60ff5d8a41db052ac90e7f060.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:1276

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1276-54-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/1276-55-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download