515127d9f53fa203f3ba9cb7b7b4d1cda211294cd80254cb9954e3d7462d309f

General

Target

my_penis_is_hard.lol.exe
Size

903KB
MD5

2ddc3374433159b00c6a9e5f43e2cd82
SHA1

b712be05de623818c6ed708500dc35f225155e59
SHA256

515127d9f53fa203f3ba9cb7b7b4d1cda211294cd80254cb9954e3d7462d309f
SHA512

a7d9367e553476bfe9d43bb28add4f70d7e115f4575664f2d903a544c685b2c3a2d26d5279fdd873f71ccb81fcb7b6f39791216262d1326f1043ced49cd9da9c
SSDEEP

12288:JTUZ/Y95eo6L4ce7dG1lFlWcYT70pxnnaaoawalBa2Ley+trZNrI0AilFEvxHvB3:JqI4MROxnF7ay6rZlI0AilFEvxHiAl

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	C:\Windows\assembly\Desktop.ini	my_penis_is_hard.lol.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	my_penis_is_hard.lol.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\assembly\Desktop.ini	my_penis_is_hard.lol.exe
File opened for modification	C:\Windows\assembly	my_penis_is_hard.lol.exe
File created	C:\Windows\assembly\Desktop.ini	my_penis_is_hard.lol.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2544	my_penis_is_hard.lol.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2544 wrote to memory of 368	2544	my_penis_is_hard.lol.exe	73
PID 2544 wrote to memory of 368	2544	my_penis_is_hard.lol.exe	73
PID 368 wrote to memory of 4416	368	csc.exe	75
PID 368 wrote to memory of 4416	368	csc.exe	75

C:\Users\Admin\AppData\Local\Temp\my_penis_is_hard.lol.exe
"C:\Users\Admin\AppData\Local\Temp\my_penis_is_hard.lol.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2544
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\uvd7xqm-.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:368
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES61A9.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC61A8.tmp"
    3⤵
    PID:4416

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RES61A9.tmp

Filesize
1KB

MD5
0f3d630b75830719e40f6b0a1ce02da9

SHA1
9177ebb97a66b0713263bae58dc02c584615c38c

SHA256
602a69a84eedc64ea794b023792ad2e2c76772a3ca997c715d52ce377cd72056

SHA512
c76fad41383e5dfd96a31a3318086a465db5b4aeb340e9f76e1bf5d6294098d1b8669f0875bd0523422b717cd82d375c8eb653ba59affb5d804f8b36a2d6e6bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\uvd7xqm-.dll

Filesize
76KB

MD5
3b111b4771347f2eb0aaf46cfa324fe3

SHA1
2c77a6dfc13160515b9d42c2a67ce7196757f19f

SHA256
be1a5013fad3f1f4af26593bec8d93c97356d67e8f3f9914a0ae20e087c6c550

SHA512
d28a5794eeb44a7347dd6c1db3f592f4be0ad28c30291ad12ec8e9d0d0cb366425833ea045afa6b80812dd4f038b39619d14a38d062cde75d77be4fbcd497d01

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC61A8.tmp

Filesize
676B

MD5
eaaf9f1a6c1baa7f607f8889a3783fb4

SHA1
63a1e5c978c120b134b64ea3c74bbe27de107dc1

SHA256
9ebcaa768dcfb8748931c3aa7ca745ca6ba8f6e38d635bff1b756c3f2e24d962

SHA512
946ad453f5bc52b3d693341a8d1e79b76e40394f2a76d78e201f5397dd22983883fc4d495ec1a16feb31cd39f6251ed6b82e2a96a202d458c6c4046afe505422

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\uvd7xqm-.0.cs

Filesize
208KB

MD5
0e5adad55e259b2eddc78c2f1733d2c8

SHA1
b424ba969c18b025f8aa5d1f0e7e0d23339a4769

SHA256
7b341ae8eab996e4a1277f86d6c797dc10f4e7316db02f815a42e74a01af85bb

SHA512
e510ba4decdc18c5eca9f1894050283ab614b48e81a37064de5e2c424b6bcf2a397efcf54f48f4542891410b7376e2e275cc5dbb78044ec086d4e9625972849c

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\uvd7xqm-.cmdline

Filesize
349B

MD5
f1c67612ab1790434dd480632d89f9ff

SHA1
4d0295fd4fa22a0eb6ae2ca3b184175da1eee0c8

SHA256
f1bc5baa177bbaf71ba32c8c43ffee12b328208e11b71c6ba519802eefaee284

SHA512
35c71106cf08b262fa514fa88b67ec40e501bfe27598c973497f78d0386211fae3bb0f0815c9fa7f6142cf7cc69b81a87da92de2c326601fbc836ce1dc36c493

Download Submit
memory/368-18-0x00007FFE6C610000-0x00007FFE6CFB0000-memory.dmp

Filesize
9.6MB

Download
memory/368-21-0x00007FFE6C610000-0x00007FFE6CFB0000-memory.dmp

Filesize
9.6MB

Download
memory/2544-27-0x000000001C6D0000-0x000000001C6E0000-memory.dmp

Filesize
64KB

Download
memory/2544-40-0x000000001F0E0000-0x000000001F21C000-memory.dmp

Filesize
1.2MB

Download
memory/2544-5-0x000000001BA60000-0x000000001BA6E000-memory.dmp

Filesize
56KB

Download
memory/2544-0-0x00007FFE6C8C5000-0x00007FFE6C8C6000-memory.dmp

Filesize
4KB

Download
memory/2544-2-0x000000001B990000-0x000000001B9EC000-memory.dmp

Filesize
368KB

Download
memory/2544-8-0x000000001C600000-0x000000001C69C000-memory.dmp

Filesize
624KB

Download
memory/2544-23-0x000000001BB80000-0x000000001BB96000-memory.dmp

Filesize
88KB

Download
memory/2544-1-0x00007FFE6C610000-0x00007FFE6CFB0000-memory.dmp

Filesize
9.6MB

Download
memory/2544-25-0x0000000002D70000-0x0000000002D82000-memory.dmp

Filesize
72KB

Download
memory/2544-26-0x000000001C6A0000-0x000000001C6B8000-memory.dmp

Filesize
96KB

Download
memory/2544-42-0x00007FFE6C610000-0x00007FFE6CFB0000-memory.dmp

Filesize
9.6MB

Download
memory/2544-6-0x00007FFE6C610000-0x00007FFE6CFB0000-memory.dmp

Filesize
9.6MB

Download
memory/2544-33-0x00000000011F0000-0x0000000001252000-memory.dmp

Filesize
392KB

Download
memory/2544-30-0x00007FFE6C610000-0x00007FFE6CFB0000-memory.dmp

Filesize
9.6MB

Download
memory/2544-29-0x00007FFE6C8C5000-0x00007FFE6C8C6000-memory.dmp

Filesize
4KB

Download
memory/2544-34-0x000000001E6D0000-0x000000001EC8A000-memory.dmp

Filesize
5.7MB

Download
memory/2544-35-0x000000001EC90000-0x000000001ED80000-memory.dmp

Filesize
960KB

Download
memory/2544-36-0x000000001D100000-0x000000001D11E000-memory.dmp

Filesize
120KB

Download
memory/2544-37-0x000000001D120000-0x000000001D169000-memory.dmp

Filesize
292KB

Download
memory/2544-38-0x000000001EDF0000-0x000000001EE60000-memory.dmp

Filesize
448KB

Download
memory/2544-39-0x00007FFE6C610000-0x00007FFE6CFB0000-memory.dmp

Filesize
9.6MB

Download
memory/2544-28-0x000000001BA70000-0x000000001BA78000-memory.dmp

Filesize
32KB

Download
memory/2544-41-0x00007FFE6C610000-0x00007FFE6CFB0000-memory.dmp

Filesize
9.6MB

Download
memory/2544-7-0x000000001C090000-0x000000001C55E000-memory.dmp

Filesize
4.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads