515127d9f53fa203f3ba9cb7b7b4d1cda211294cd80254cb9954e3d7462d309f

General

Target

my_penis_is_hard.lol.exe
Size

903KB
MD5

2ddc3374433159b00c6a9e5f43e2cd82
SHA1

b712be05de623818c6ed708500dc35f225155e59
SHA256

515127d9f53fa203f3ba9cb7b7b4d1cda211294cd80254cb9954e3d7462d309f
SHA512

a7d9367e553476bfe9d43bb28add4f70d7e115f4575664f2d903a544c685b2c3a2d26d5279fdd873f71ccb81fcb7b6f39791216262d1326f1043ced49cd9da9c
SSDEEP

12288:JTUZ/Y95eo6L4ce7dG1lFlWcYT70pxnnaaoawalBa2Ley+trZNrI0AilFEvxHvB3:JqI4MROxnF7ay6rZlI0AilFEvxHiAl

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	C:\Windows\assembly\Desktop.ini	my_penis_is_hard.lol.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	my_penis_is_hard.lol.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\assembly\Desktop.ini	my_penis_is_hard.lol.exe
File opened for modification	C:\Windows\assembly	my_penis_is_hard.lol.exe
File created	C:\Windows\assembly\Desktop.ini	my_penis_is_hard.lol.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4024	my_penis_is_hard.lol.exe
Token: 33	4332	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4332	AUDIODG.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 4024 wrote to memory of 3604	4024	my_penis_is_hard.lol.exe	73
PID 4024 wrote to memory of 3604	4024	my_penis_is_hard.lol.exe	73
PID 3604 wrote to memory of 1064	3604	csc.exe	75
PID 3604 wrote to memory of 1064	3604	csc.exe	75

C:\Users\Admin\AppData\Local\Temp\my_penis_is_hard.lol.exe
"C:\Users\Admin\AppData\Local\Temp\my_penis_is_hard.lol.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4024
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\85zjhokf.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3604
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES60DE.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC60DD.tmp"
    3⤵
    PID:1064

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x410
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4332

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\85zjhokf.dll

Filesize
76KB

MD5
dd2955c94d6d6d9ee497c0c45cd99dc0

SHA1
25fc5765dff40e6b46626639ef35d8c5c72446fb

SHA256
2aefdc24ce357cdfe98d8cad4beff1f77d512adb96055c695a82737064041f35

SHA512
c16e68414bd296e0e3cf1596d871f358f066ad18f1fa9c8d52b3456739a7b181f9b7783b266498d572fa968e75bee8cc10976a73f820ffd70d974d7e3ef4c984

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES60DE.tmp

Filesize
1KB

MD5
f6e154e42ca2126552539a26d13cc768

SHA1
3a3e2e8f1f8e1adddf60da14db19e7e68bddb2d9

SHA256
fe7ae317949859d16d3dc4fb09b725dbbd9d3c026b57015b1532f0a123dbe78b

SHA512
75d9e1c46b32663408fbc23bf0f5d248de00c5a6a0aae90fa01dba18d88ee8ee9173b0102b690ddbd1909597365ce904fd5daff72641b5e7fcffa4830742a202

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\85zjhokf.0.cs

Filesize
208KB

MD5
726674f5b8f25dd6b8b529bb84907171

SHA1
05244fddd8749d7cf704867138babf4156bec6ec

SHA256
deefcf8b9f1668bfb2ab66983019ba672cb1f33b4bec1afd806bd8d0cb7d1abd

SHA512
3d20a78aee8f9cb2f3bc549ac32039b66f2af713b84eb334ff52301f34b16d8b91d30097ff9b8ccbb1dddde35522b3794b3176943fd70f529352491f958ee14b

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\85zjhokf.cmdline

Filesize
349B

MD5
0295dd51356bcf08a3872b54b5a710fe

SHA1
538cb49665cc22849e98f9db8f39856bd29db8b0

SHA256
2c32117443c1e42f0511455a275da81ea4cd9d01a8c3d4383e2a9d36007b48ad

SHA512
a3e9449ecaffa4e74215419dbd0054985cfcd0253a4816e6e96afc84779b70f7941c1760edc68d0d99daa83422de92df86d6558fad390afb5fbc0e9226542e86

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC60DD.tmp

Filesize
676B

MD5
a72895a288b8e1a2ad9d962b8cbcf71c

SHA1
5ede5cb88ca03ce9d00de3954e9e8d60ad2e12e8

SHA256
95eb685865e3bf6e5409175f20b2f79d1286e3a66a76ceef1364ac651d56c04a

SHA512
3e17359688d74d5bf3a830c98ea62fc74b99687cc54eda02c583cf4a9bbb759dd92e8f53b69411ae93a708b90cdabe616e6e522840dbaff320148013ccde6dc0

Download Submit
memory/3604-21-0x00007FFF34780000-0x00007FFF35120000-memory.dmp

Filesize
9.6MB

Download
memory/3604-16-0x00007FFF34780000-0x00007FFF35120000-memory.dmp

Filesize
9.6MB

Download
memory/4024-26-0x000000001CCB0000-0x000000001CCC8000-memory.dmp

Filesize
96KB

Download
memory/4024-32-0x000000001E700000-0x000000001ECBA000-memory.dmp

Filesize
5.7MB

Download
memory/4024-7-0x000000001C050000-0x000000001C51E000-memory.dmp

Filesize
4.8MB

Download
memory/4024-6-0x00007FFF34780000-0x00007FFF35120000-memory.dmp

Filesize
9.6MB

Download
memory/4024-5-0x000000001BB70000-0x000000001BB7E000-memory.dmp

Filesize
56KB

Download
memory/4024-2-0x000000001B9C0000-0x000000001BA1C000-memory.dmp

Filesize
368KB

Download
memory/4024-1-0x00007FFF34780000-0x00007FFF35120000-memory.dmp

Filesize
9.6MB

Download
memory/4024-23-0x000000001CC80000-0x000000001CC96000-memory.dmp

Filesize
88KB

Download
memory/4024-25-0x0000000002BE0000-0x0000000002BF2000-memory.dmp

Filesize
72KB

Download
memory/4024-0-0x00007FFF34A35000-0x00007FFF34A36000-memory.dmp

Filesize
4KB

Download
memory/4024-27-0x0000000002B60000-0x0000000002B70000-memory.dmp

Filesize
64KB

Download
memory/4024-28-0x0000000002C10000-0x0000000002C18000-memory.dmp

Filesize
32KB

Download
memory/4024-31-0x000000001DAB0000-0x000000001DB12000-memory.dmp

Filesize
392KB

Download
memory/4024-8-0x000000001C5C0000-0x000000001C65C000-memory.dmp

Filesize
624KB

Download
memory/4024-33-0x000000001DC10000-0x000000001DD00000-memory.dmp

Filesize
960KB

Download
memory/4024-34-0x000000001DD20000-0x000000001DD3E000-memory.dmp

Filesize
120KB

Download
memory/4024-35-0x000000001ECC0000-0x000000001ED09000-memory.dmp

Filesize
292KB

Download
memory/4024-36-0x000000001EDF0000-0x000000001EE60000-memory.dmp

Filesize
448KB

Download
memory/4024-37-0x00007FFF34780000-0x00007FFF35120000-memory.dmp

Filesize
9.6MB

Download
memory/4024-38-0x000000001F110000-0x000000001F24C000-memory.dmp

Filesize
1.2MB

Download
memory/4024-39-0x00007FFF34780000-0x00007FFF35120000-memory.dmp

Filesize
9.6MB

Download
memory/4024-40-0x00007FFF34A35000-0x00007FFF34A36000-memory.dmp

Filesize
4KB

Download
memory/4024-41-0x00007FFF34780000-0x00007FFF35120000-memory.dmp

Filesize
9.6MB

Download
memory/4024-42-0x00007FFF34780000-0x00007FFF35120000-memory.dmp

Filesize
9.6MB

Download
memory/4024-43-0x00007FFF34780000-0x00007FFF35120000-memory.dmp

Filesize
9.6MB

Download
memory/4024-44-0x00007FFF34780000-0x00007FFF35120000-memory.dmp

Filesize
9.6MB

Download
memory/4024-45-0x00007FFF34780000-0x00007FFF35120000-memory.dmp

Filesize
9.6MB

Download
memory/4024-49-0x000000001F850000-0x000000001F9CA000-memory.dmp

Filesize
1.5MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads