0827eca9be62e90069619a2468ab028beca780bdbc5686a12201ce5503b5c086

Analysis

max time kernel
801s
max time network
444s
platform
windows10-2004_x64
resource
win10v2004-20231020-es
resource tags

arch:x64arch:x86image:win10v2004-20231020-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
19-11-2023 11:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Spectrasonics_2048_KeyGen.exe
Size

1.1MB
MD5

58eea1e1181960442a0d9ce89fea5029
SHA1

9ead9d5a8468f3ff6f0a743d988c38e72d91d9d3
SHA256

0827eca9be62e90069619a2468ab028beca780bdbc5686a12201ce5503b5c086
SHA512

35d56af38bc22ad116470272d688a7b286a683db0d5cbadbb4e48f39b71f67ff716600971b1a0fc2815e81f727e1af2af7c07885a1ee6fdc879f48391628a156
SSDEEP

24576:UcLjDjIzZw8qP2veVuPlgBhMsUamL/d2O1kg:UActwh22kPl6nzmTIO11

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3388	keygen.exe

Loads dropped DLL 3 IoCs

pid	Process
3388	keygen.exe
3388	keygen.exe
3388	keygen.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	180	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	180	AUDIODG.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 464 wrote to memory of 3388	464	Spectrasonics_2048_KeyGen.exe	85
PID 464 wrote to memory of 3388	464	Spectrasonics_2048_KeyGen.exe	85
PID 464 wrote to memory of 3388	464	Spectrasonics_2048_KeyGen.exe	85

C:\Users\Admin\AppData\Local\Temp\Spectrasonics_2048_KeyGen.exe
"C:\Users\Admin\AppData\Local\Temp\Spectrasonics_2048_KeyGen.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:464
- C:\Users\Admin\AppData\Local\Temp\keygen.exe
  C:\Users\Admin\AppData\Local\Temp\keygen.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3388

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2c8 0x4dc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\BASSMOD.dll

Filesize
33KB

MD5
e4ec57e8508c5c4040383ebe6d367928

SHA1
b22bcce36d9fdeae8ab7a7ecc0b01c8176648d06

SHA256
8ad9e47693e292f381da42ddc13724a3063040e51c26f4ca8e1f8e2f1ddd547f

SHA512
77d5cf66caf06e192e668fae2b2594e60a498e8e0ccef5b09b9710721a4cdb0c852d00c446fd32c5b5c85e739de2e73cb1f1f6044879fe7d237341bbb6f27822

Download Submit
C:\Users\Admin\AppData\Local\Temp\BASSMOD.dll

Filesize
33KB

MD5
e4ec57e8508c5c4040383ebe6d367928

SHA1
b22bcce36d9fdeae8ab7a7ecc0b01c8176648d06

SHA256
8ad9e47693e292f381da42ddc13724a3063040e51c26f4ca8e1f8e2f1ddd547f

SHA512
77d5cf66caf06e192e668fae2b2594e60a498e8e0ccef5b09b9710721a4cdb0c852d00c446fd32c5b5c85e739de2e73cb1f1f6044879fe7d237341bbb6f27822

Download Submit
C:\Users\Admin\AppData\Local\Temp\R2RSS2048.dll

Filesize
82KB

MD5
5251061e35d93c31cbe099a44471d7e1

SHA1
caebcbdedc9471c148b9e96dc3de6d76f0048935

SHA256
7599b34cf950f73a13cd78c560d6bc80ed69a956e2128e2fef3abb43e5db0da4

SHA512
4c68f479257ba73c9851ef9bbed57a9d0db3c3ad3b34b107668595aa75994dddfb4a4d4c5804657d07ff4af928573b6d55c90b3c642f6763526ebb68a553c1ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\R2RSS2048.dll

Filesize
82KB

MD5
5251061e35d93c31cbe099a44471d7e1

SHA1
caebcbdedc9471c148b9e96dc3de6d76f0048935

SHA256
7599b34cf950f73a13cd78c560d6bc80ed69a956e2128e2fef3abb43e5db0da4

SHA512
4c68f479257ba73c9851ef9bbed57a9d0db3c3ad3b34b107668595aa75994dddfb4a4d4c5804657d07ff4af928573b6d55c90b3c642f6763526ebb68a553c1ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\R2RSS2048.dll

Filesize
82KB

MD5
5251061e35d93c31cbe099a44471d7e1

SHA1
caebcbdedc9471c148b9e96dc3de6d76f0048935

SHA256
7599b34cf950f73a13cd78c560d6bc80ed69a956e2128e2fef3abb43e5db0da4

SHA512
4c68f479257ba73c9851ef9bbed57a9d0db3c3ad3b34b107668595aa75994dddfb4a4d4c5804657d07ff4af928573b6d55c90b3c642f6763526ebb68a553c1ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\bgm.it

Filesize
587KB

MD5
31f24c0967530394a64cb82ac06a1e2f

SHA1
74a220d2659fa535e71d2f24d1300e7503bb0a2a

SHA256
e66acf2363dab9a21265651887799b00dc1413b2f70155b9b94a4bb9cff045bb

SHA512
8a0449902b55cd62cffa24a0b8c65f8e62c47d49b251ad5bf1d964a05f851dbb8b13291e272aa495feb72688ec51ad688ed7f3e320379426f01488b20a44d34d

Download Submit
C:\Users\Admin\AppData\Local\Temp\keygen.exe

Filesize
620KB

MD5
4715cffa565e67a3cf9f79bb1d148f54

SHA1
c0c9e493b6dae608b28509f9486ce21c0fedf95e

SHA256
a8d8ec3f3082ca04f5a7a551090001e8827e186779001338e32f2d7c8bb93388

SHA512
09755fdd672b51c3157c3c290c4a218953efaa335b3564faa1753a1ed5eeed711c324e2e1cabaf5005ad9f6bfa97ef181be209a5c47abbf6052f6bf3fcf7a657

Download Submit
C:\Users\Admin\AppData\Local\Temp\keygen.exe

Filesize
620KB

MD5
4715cffa565e67a3cf9f79bb1d148f54

SHA1
c0c9e493b6dae608b28509f9486ce21c0fedf95e

SHA256
a8d8ec3f3082ca04f5a7a551090001e8827e186779001338e32f2d7c8bb93388

SHA512
09755fdd672b51c3157c3c290c4a218953efaa335b3564faa1753a1ed5eeed711c324e2e1cabaf5005ad9f6bfa97ef181be209a5c47abbf6052f6bf3fcf7a657

Download Submit
memory/3388-42-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-73-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-14-0x00000000009F0000-0x0000000000A08000-memory.dmp

Filesize
96KB

Download
memory/3388-17-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-18-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-19-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-20-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-21-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-22-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-23-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-46-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-25-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-26-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-27-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-28-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-29-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-30-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-31-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-32-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-33-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-34-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-35-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-36-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-37-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-38-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-39-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-40-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-41-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-7-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3388-43-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-75-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-11-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-24-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-47-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-48-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-49-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-50-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-51-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-52-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-53-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-54-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-55-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-56-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-57-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-58-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-59-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-60-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-61-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-62-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-63-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-64-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-65-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-66-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-67-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-68-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-69-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-70-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-71-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-72-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-45-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-74-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-44-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-76-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3388-77-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download