83774db723e6f86c40cab8b24a0ab190b6a9a66944fd228d2f506ce322823d71

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
07/11/2023, 17:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.4d9a7ecb62498848ede283d5824386d0.exe
Size

459KB
MD5

4d9a7ecb62498848ede283d5824386d0
SHA1

79bae4fdcf6a81f728f8c87257cc267f5e11f451
SHA256

83774db723e6f86c40cab8b24a0ab190b6a9a66944fd228d2f506ce322823d71
SHA512

dc7ddd06187e33670fc7608ea10f01314744759ebd87691694c27af4a4191f55ef440d01510dbc60298877dd970a5359273ee5820faf5e23d267177768fd67b0
SSDEEP

1536:OKD0A2T3vLbsih9e8bTTpb/IgQmP9zKcTDB4w/UjlQ/dpKRq:352T3siXei5bcmP9JfUjW

Score

7^/10

aspackv2 persistence

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral1/files/0x00090000000161a5-6.dat	aspack_v212_v242

Deletes itself 1 IoCs

pid	Process
1968	cmd.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RUN\SvcHosts32 = "C:\\Windows\\system32\\svchosts.exe"	NEAS.4d9a7ecb62498848ede283d5824386d0.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers32\Harry Potter - Quidditch World Cup No-Cd Crack.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File created	C:\Windows\SysWOW64\drivers32\Paint Shop Pro 9.x Crack.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File created	C:\Windows\SysWOW64\drivers32\Network Cable e ADSL Speed 1.x Serial Generator.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File created	C:\Windows\SysWOW64\drivers32\Hitman 3 Serial Generator.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File created	C:\Windows\SysWOW64\drivers32\SnagIt 6.2.2 Serial Generator.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Ulead GIF Animator 5.x Serial Generator.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File created	C:\Windows\SysWOW64\drivers32\NASCAR Racing 2003 No-Cd Crack.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File created	C:\Windows\SysWOW64\drivers32\Madden NFL 2004 Serial Generator.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\ACDSee 2.4.x Serial Generator.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Shrek II Serial Generator.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File created	C:\Windows\SysWOW64\drivers32\WinZip 8.0 Serial Generator.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File created	C:\Windows\SysWOW64\drivers32\Easy CD-DA Extractor 5.x Serial Generator.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File created	C:\Windows\SysWOW64\drivers32\Paint Shop Pro 8.x Serial Generator.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Warcraft 3 No-Cd Crack.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Max Payne 2 - The Fall of Max Payne Serial Generator.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Internet Turbo 2003 5.x Crack.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File created	C:\Windows\SysWOW64\drivers32\MusicMatch Jukebox 8.x Crack.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\ICUII 5.7 Serial Generator.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\FlashGet 1.3 Serial Generator.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File created	C:\Windows\SysWOW64\drivers32\WinRAR 3.12 Serial Generator.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File created	C:\Windows\SysWOW64\drivers32\Winamp 2.91 Serial Generator.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File created	C:\Windows\SysWOW64\drivers32\SWiSH 2.0 Serial Generator.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File created	C:\Windows\SysWOW64\drivers32\Rainbow Six 3 - Raven Shield No-Cd Crack.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File created	C:\Windows\SysWOW64\drivers32\Thief II No-Cd Crack.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File created	C:\Windows\SysWOW64\drivers32\Internet Download Manager 3.x Serial Generator.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File created	C:\Windows\SysWOW64\drivers32\CloneCD 4.x Serial Generator.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\NBA Live 2004 No-Cd Crack.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File created	C:\Windows\SysWOW64\drivers32\Need for Speed Underground Serial Generator.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File created	C:\Windows\SysWOW64\drivers32\DAP Plus 5.3 Crack.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Quake 3 No-Cd Crack.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Quake 4 Serial Generator.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Kings of War No-Cd Crack.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File created	C:\Windows\SysWOW64\drivers32\Star Wars - Knights of the Old Republic Serial Generator.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Silent Hill 3 Serial Generator.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File created	C:\Windows\SysWOW64\drivers32\ICUII 5.x.exe.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Xenus Serial Generator.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Raven Shield Serial Generator.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Metal Gear Solid III Serial Generator.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Armor2net Personal Firewall 3.1 Serial Generator.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File created	C:\Windows\SysWOW64\drivers32\Unreal Tournament 2003 No-Cd Crack.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File created	C:\Windows\SysWOW64\drivers32\PhotoShow 2.0 Crack.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File created	C:\Windows\SysWOW64\drivers32\Star Trek - Elite Force II Serial Generator.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\NBA Live 2004 Serial Generator.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Ulead PhotoImpact 8.x Crack.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Half-Life 2 Serial Generator.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File created	C:\Windows\SysWOW64\drivers32\Age of Mythology - The Titans Serial Generator.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File created	C:\Windows\SysWOW64\drivers32\IconPackager 2.12 Serial Generator.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Microangelo 5.58 Crack.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Rainbow Six 3 - Raven Shield Serial Generator.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Ulead GIF Animator 6.x Serial Generator.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File created	C:\Windows\SysWOW64\drivers32\Internet Download Manager 3.15 Serial Generator.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\WinZip 8.0 Crack.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\ZoneAlarm 3.x Crack.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\IconPackager 2.12 Crack.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Tiger Woods PGA TOUR 2003 Serial Generator.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File created	C:\Windows\SysWOW64\drivers32\Warlords IV - Heroes of Etheria No-Cd Crack.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File created	C:\Windows\SysWOW64\drivers32\Grand Theft Auto - Vice City No-Cd Crack.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File created	C:\Windows\SysWOW64\drivers32\Grand Theft Auto - Vice City Serial Generator.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File created	C:\Windows\SysWOW64\drivers32\MechWarrior V Serial Generator.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File created	C:\Windows\SysWOW64\drivers32\Macromedia Flash MX 6.x Serial Generator.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File created	C:\Windows\SysWOW64\drivers32\Microangelo 6.x Serial Generator.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Network Cable e ADSL Speed 1.x Crack.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Chrome Serial Generator.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe
File created	C:\Windows\SysWOW64\drivers32\NBA Live 2003 No-Cd Crack.exe	NEAS.4d9a7ecb62498848ede283d5824386d0.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2396 wrote to memory of 1968	2396	NEAS.4d9a7ecb62498848ede283d5824386d0.exe	30
PID 2396 wrote to memory of 1968	2396	NEAS.4d9a7ecb62498848ede283d5824386d0.exe	30
PID 2396 wrote to memory of 1968	2396	NEAS.4d9a7ecb62498848ede283d5824386d0.exe	30
PID 2396 wrote to memory of 1968	2396	NEAS.4d9a7ecb62498848ede283d5824386d0.exe	30

C:\Users\Admin\AppData\Local\Temp\NEAS.4d9a7ecb62498848ede283d5824386d0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.4d9a7ecb62498848ede283d5824386d0.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2396
- C:\Windows\SysWOW64\cmd.exe
  cmd /c c:\$$$$$.bat
  2⤵
  - Deletes itself
  PID:1968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$$$$$.bat

Filesize
210B

MD5
dc9d5efa6945f7ee9eb44a81692bf02b

SHA1
8c4aa7abc833dbc860b74c508ea61ea32376dfe5

SHA256
bee992943daf59ce0d3d1e53e3fea227ba58391b2ad4ea2df0935de3ef5f3c69

SHA512
9592f97f3c12d7c693eec870674223ca08fa05029f9f23bfd8d3317956042792a0a6a28b109c188daec2995c827ea9c3fc43a8c45a87fe710150d4d793cb7fa6

Download Submit
C:\Windows\SysWOW64\drivers32\Tomb Raider - The Angel of Darkness No-Cd Crack.exe

Filesize
459KB

MD5
4d9a7ecb62498848ede283d5824386d0

SHA1
79bae4fdcf6a81f728f8c87257cc267f5e11f451

SHA256
83774db723e6f86c40cab8b24a0ab190b6a9a66944fd228d2f506ce322823d71

SHA512
dc7ddd06187e33670fc7608ea10f01314744759ebd87691694c27af4a4191f55ef440d01510dbc60298877dd970a5359273ee5820faf5e23d267177768fd67b0

Download Submit
\??\c:\$$$$$.bat

Filesize
210B

MD5
dc9d5efa6945f7ee9eb44a81692bf02b

SHA1
8c4aa7abc833dbc860b74c508ea61ea32376dfe5

SHA256
bee992943daf59ce0d3d1e53e3fea227ba58391b2ad4ea2df0935de3ef5f3c69

SHA512
9592f97f3c12d7c693eec870674223ca08fa05029f9f23bfd8d3317956042792a0a6a28b109c188daec2995c827ea9c3fc43a8c45a87fe710150d4d793cb7fa6

Download Submit
memory/2396-0-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2396-687-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2396-826-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads