515127d9f53fa203f3ba9cb7b7b4d1cda211294cd80254cb9954e3d7462d309f

General

Target

my_penis_is_hard.lol(1).exe
Size

903KB
MD5

2ddc3374433159b00c6a9e5f43e2cd82
SHA1

b712be05de623818c6ed708500dc35f225155e59
SHA256

515127d9f53fa203f3ba9cb7b7b4d1cda211294cd80254cb9954e3d7462d309f
SHA512

a7d9367e553476bfe9d43bb28add4f70d7e115f4575664f2d903a544c685b2c3a2d26d5279fdd873f71ccb81fcb7b6f39791216262d1326f1043ced49cd9da9c
SSDEEP

12288:JTUZ/Y95eo6L4ce7dG1lFlWcYT70pxnnaaoawalBa2Ley+trZNrI0AilFEvxHvB3:JqI4MROxnF7ay6rZlI0AilFEvxHiAl

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	C:\Windows\assembly\Desktop.ini	my_penis_is_hard.lol(1).exe
File opened for modification	C:\Windows\assembly\Desktop.ini	my_penis_is_hard.lol(1).exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\assembly	my_penis_is_hard.lol(1).exe
File created	C:\Windows\assembly\Desktop.ini	my_penis_is_hard.lol(1).exe
File opened for modification	C:\Windows\assembly\Desktop.ini	my_penis_is_hard.lol(1).exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4508	my_penis_is_hard.lol(1).exe
Token: 33	672	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	672	AUDIODG.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 4508 wrote to memory of 1688	4508	my_penis_is_hard.lol(1).exe	80
PID 4508 wrote to memory of 1688	4508	my_penis_is_hard.lol(1).exe	80
PID 1688 wrote to memory of 2056	1688	csc.exe	82
PID 1688 wrote to memory of 2056	1688	csc.exe	82

C:\Users\Admin\AppData\Local\Temp\my_penis_is_hard.lol(1).exe
"C:\Users\Admin\AppData\Local\Temp\my_penis_is_hard.lol(1).exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4508
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\rvpus7mv.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1688
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES443E.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC443D.tmp"
    3⤵
    PID:2056

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2c8 0x150
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RES443E.tmp

Filesize
1KB

MD5
210a44758bc523c6154a0ec9a8196fcb

SHA1
c51b1ab8dccf19fa4d3bb6cbf4b95b7b4f712381

SHA256
59a59033f70a0f5290d643177d51640574cceab34bb6199d7de794ecc22508df

SHA512
f0cfde59bdf64043e65c8acb0b112162e5b51583b56c44f30088dbffba572f482d8569713b4faf8aeb86855775e77cb981a3daeb9bc3119ddc5f4756bdcdfc78

Download Submit
C:\Users\Admin\AppData\Local\Temp\rvpus7mv.dll

Filesize
76KB

MD5
2a822be3a1817446a45eb2fb0e705fee

SHA1
f9ea0f6b98865d690ec0c436a48893ca78d62fbc

SHA256
455950eda6810783dc5aeef3740cc198b98c3ab2fc22eef5381aaeaf1abd9623

SHA512
7073be0ae3d6dcd54ffacb4cd482e9f79309d10e6650a5312913f878c6e01c969d6e372efca136ed3fa855874d6cbc2a55b061b1a88d4e3b7831e51b7314350f

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC443D.tmp

Filesize
676B

MD5
1d28c47ff858fd654c784f3478087739

SHA1
5ec82c8bfbf314f4c5c7fc66c42cb5fdc111f64f

SHA256
e13dced37e4f2b935a729377dc124046dfefba8b263d32a34e3b509ad061a4c9

SHA512
47e3ee986f8351827e92b23989724a07e9fe89e80d9f450a24e470e10cd1942a6d59423340c97ed6c5a0115c6741f5bb2d3829c150528428e6fe265ca9a40693

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\rvpus7mv.0.cs

Filesize
208KB

MD5
a0d0e900084863f6b12984145088e73c

SHA1
980a7ad9a0680e5fedf90d1641ae2f2be0c8551f

SHA256
04c503e8aa6bb625790cc65b0544a9245f30d73ef8895147275adda5ee0aee3a

SHA512
aed3cc8b7479b89f75c2b6222772c5644d1d5dd00b1181b7c5ddf1ee78fd21f325599be2a38ef97f080bb8e74db5ecc5b81d960a64cc516a1351892d0ccbd069

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\rvpus7mv.cmdline

Filesize
349B

MD5
9260ae3eceb8e1f4a8030fdd4271a590

SHA1
33354302ee7fa7367fdfe8a2eea6f26ff854f6d7

SHA256
37b3122020b7490ffbd331a0fa3aba6a6c9377e0128a12aac720e850e2b33e96

SHA512
a0f55508525cc1b86b064984b87e454ff43e5374b154e0d5ce851b6660364b810e2393042b7e1ad0965eefa74cb51e9c8ffeb7545bd1c144dc2e2c617f5a99ef

Download Submit
memory/1688-21-0x00007FFC402F0000-0x00007FFC40C91000-memory.dmp

Filesize
9.6MB

Download
memory/1688-17-0x00007FFC402F0000-0x00007FFC40C91000-memory.dmp

Filesize
9.6MB

Download
memory/4508-26-0x000000001C480000-0x000000001C498000-memory.dmp

Filesize
96KB

Download
memory/4508-32-0x000000001E5B0000-0x000000001EB6A000-memory.dmp

Filesize
5.7MB

Download
memory/4508-7-0x000000001C3E0000-0x000000001C47C000-memory.dmp

Filesize
624KB

Download
memory/4508-6-0x000000001BF10000-0x000000001C3DE000-memory.dmp

Filesize
4.8MB

Download
memory/4508-5-0x000000001B800000-0x000000001B80E000-memory.dmp

Filesize
56KB

Download
memory/4508-2-0x000000001B710000-0x000000001B76C000-memory.dmp

Filesize
368KB

Download
memory/4508-23-0x000000001B9F0000-0x000000001BA06000-memory.dmp

Filesize
88KB

Download
memory/4508-1-0x00007FFC402F0000-0x00007FFC40C91000-memory.dmp

Filesize
9.6MB

Download
memory/4508-25-0x0000000001190000-0x00000000011A2000-memory.dmp

Filesize
72KB

Download
memory/4508-0-0x00007FFC405A5000-0x00007FFC405A6000-memory.dmp

Filesize
4KB

Download
memory/4508-27-0x0000000000FB0000-0x0000000000FC0000-memory.dmp

Filesize
64KB

Download
memory/4508-28-0x00000000011C0000-0x00000000011C8000-memory.dmp

Filesize
32KB

Download
memory/4508-31-0x000000001D6B0000-0x000000001D712000-memory.dmp

Filesize
392KB

Download
memory/4508-8-0x00007FFC402F0000-0x00007FFC40C91000-memory.dmp

Filesize
9.6MB

Download
memory/4508-33-0x000000001EB70000-0x000000001EC60000-memory.dmp

Filesize
960KB

Download
memory/4508-34-0x000000001DA10000-0x000000001DA2E000-memory.dmp

Filesize
120KB

Download
memory/4508-35-0x000000001DA30000-0x000000001DA79000-memory.dmp

Filesize
292KB

Download
memory/4508-36-0x000000001EC70000-0x000000001ECE0000-memory.dmp

Filesize
448KB

Download
memory/4508-37-0x00007FFC402F0000-0x00007FFC40C91000-memory.dmp

Filesize
9.6MB

Download
memory/4508-38-0x000000001F000000-0x000000001F13C000-memory.dmp

Filesize
1.2MB

Download
memory/4508-39-0x00007FFC402F0000-0x00007FFC40C91000-memory.dmp

Filesize
9.6MB

Download
memory/4508-40-0x00007FFC402F0000-0x00007FFC40C91000-memory.dmp

Filesize
9.6MB

Download
memory/4508-41-0x00007FFC405A5000-0x00007FFC405A6000-memory.dmp

Filesize
4KB

Download
memory/4508-42-0x00007FFC402F0000-0x00007FFC40C91000-memory.dmp

Filesize
9.6MB

Download
memory/4508-43-0x00007FFC402F0000-0x00007FFC40C91000-memory.dmp

Filesize
9.6MB

Download
memory/4508-47-0x000000001CB90000-0x000000001CD0A000-memory.dmp

Filesize
1.5MB

Download
memory/4508-48-0x00007FFC402F0000-0x00007FFC40C91000-memory.dmp

Filesize
9.6MB

Download
memory/4508-49-0x00007FFC402F0000-0x00007FFC40C91000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads