515127d9f53fa203f3ba9cb7b7b4d1cda211294cd80254cb9954e3d7462d309f

General

Target

my_penis_is_hard.lol(1).exe
Size

903KB
MD5

2ddc3374433159b00c6a9e5f43e2cd82
SHA1

b712be05de623818c6ed708500dc35f225155e59
SHA256

515127d9f53fa203f3ba9cb7b7b4d1cda211294cd80254cb9954e3d7462d309f
SHA512

a7d9367e553476bfe9d43bb28add4f70d7e115f4575664f2d903a544c685b2c3a2d26d5279fdd873f71ccb81fcb7b6f39791216262d1326f1043ced49cd9da9c
SSDEEP

12288:JTUZ/Y95eo6L4ce7dG1lFlWcYT70pxnnaaoawalBa2Ley+trZNrI0AilFEvxHvB3:JqI4MROxnF7ay6rZlI0AilFEvxHiAl

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	C:\Windows\assembly\Desktop.ini	my_penis_is_hard.lol(1).exe
File opened for modification	C:\Windows\assembly\Desktop.ini	my_penis_is_hard.lol(1).exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\assembly	my_penis_is_hard.lol(1).exe
File created	C:\Windows\assembly\Desktop.ini	my_penis_is_hard.lol(1).exe
File opened for modification	C:\Windows\assembly\Desktop.ini	my_penis_is_hard.lol(1).exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	3968	my_penis_is_hard.lol(1).exe
Token: 33	4744	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4744	AUDIODG.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3968 wrote to memory of 2856	3968	my_penis_is_hard.lol(1).exe	72
PID 3968 wrote to memory of 2856	3968	my_penis_is_hard.lol(1).exe	72
PID 2856 wrote to memory of 2916	2856	csc.exe	74
PID 2856 wrote to memory of 2916	2856	csc.exe	74

C:\Users\Admin\AppData\Local\Temp\my_penis_is_hard.lol(1).exe
"C:\Users\Admin\AppData\Local\Temp\my_penis_is_hard.lol(1).exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3968
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ugzyguxc.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2856
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDD90.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCDD8F.tmp"
    3⤵
    PID:2916

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x340
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4744

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RESDD90.tmp

Filesize
1KB

MD5
3bc1e5b7f00ba19bbea7697df1c3a32d

SHA1
a8a01753168c2f497fb3029487a601c22f326f5a

SHA256
7fd20b2507bdbe466ace4e6a4171517681d31a6958d28289fd93aeb897e19aff

SHA512
9de22239bf15901faa4807bf9b79f62fd5b25836a2613c59c3152aca07079836f6fda3c96fb89c58f9b85fd603517ab8065158cc228729ab860c8d940f3df6b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\ugzyguxc.dll

Filesize
76KB

MD5
e9b7462ad354201e99f0f116896a3248

SHA1
1a5b6f2279f986e2db1ab123739c5f0e2e15a9d6

SHA256
29bceae71675ebd2b093661c122a8d4e9758af4dda3fd26b4997b21babb07526

SHA512
803a65b3aa852ee06d90206b944a05741c89db491d302fbc5a79378c4356262b5c5720f80c84ca922dc0ffb651527bffc5a2a7077b7d0e9f1e9bbb7ad70152de

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSCDD8F.tmp

Filesize
676B

MD5
eab6c1e9ff52abf6db632bbb4441ec12

SHA1
45259929feda489ea49b9b8629bfbdbae333e17a

SHA256
cd481fe09ed5ae34430b52ad38a7fdbe8c9bc3a545b8297568308c4c6a06aa7b

SHA512
f53050feccd11afdc8003b3fd03538831ea67d83ff014efde3ce35284808b6215b0be1d6642ead1eba079c6a7a3f0d7939c92ebe1583264eee558f32bda16640

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\ugzyguxc.0.cs

Filesize
208KB

MD5
56dc9dc34ae9a00faeae6dc62bdd0cb7

SHA1
bcf5e6d9d28105a656f41d00ef05ee2c389fe7a3

SHA256
3f6368a35155da5c68cc09f7bf8431f4060ab71d459a93e7997b678d3a18d198

SHA512
6ad11166b9e920d215477b0791d29fe02633a415753fff198330c141e33955549aa975c609f414bebfe9c5c15f691519f4cf2cd0c400ac1d4ae5e11444d26954

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\ugzyguxc.cmdline

Filesize
349B

MD5
2b97152a951e82be6cf0db5413b432ec

SHA1
fe721a6ff4c37773b1550939b4b89bdbe5cc72f9

SHA256
3323cf7838c230e6c76ee4b3ffa9a480d2584e9fbc3fc640c7c0442359e1f878

SHA512
6b10020a604809392d03b1ee6a00fb75e23a3a2348f6122b12da8dcc7fffb0596579c6c80bf600fcf1faf1a7dccf6f219c369f20856f06f7f7702591faa027b3

Download Submit
memory/2856-21-0x00007FF9927C0000-0x00007FF993160000-memory.dmp

Filesize
9.6MB

Download
memory/2856-20-0x00007FF9927C0000-0x00007FF993160000-memory.dmp

Filesize
9.6MB

Download
memory/3968-28-0x00000000012E0000-0x00000000012E8000-memory.dmp

Filesize
32KB

Download
memory/3968-34-0x000000001D4D0000-0x000000001D532000-memory.dmp

Filesize
392KB

Download
memory/3968-7-0x000000001BF40000-0x000000001C40E000-memory.dmp

Filesize
4.8MB

Download
memory/3968-6-0x00007FF9927C0000-0x00007FF993160000-memory.dmp

Filesize
9.6MB

Download
memory/3968-5-0x000000001BA20000-0x000000001BA2E000-memory.dmp

Filesize
56KB

Download
memory/3968-23-0x000000001C950000-0x000000001C966000-memory.dmp

Filesize
88KB

Download
memory/3968-2-0x000000001B8B0000-0x000000001B90C000-memory.dmp

Filesize
368KB

Download
memory/3968-1-0x00007FF9927C0000-0x00007FF993160000-memory.dmp

Filesize
9.6MB

Download
memory/3968-25-0x00000000012B0000-0x00000000012C2000-memory.dmp

Filesize
72KB

Download
memory/3968-26-0x000000001CB80000-0x000000001CB98000-memory.dmp

Filesize
96KB

Download
memory/3968-27-0x0000000001280000-0x0000000001290000-memory.dmp

Filesize
64KB

Download
memory/3968-0-0x00007FF992A75000-0x00007FF992A76000-memory.dmp

Filesize
4KB

Download
memory/3968-29-0x00007FF9927C0000-0x00007FF993160000-memory.dmp

Filesize
9.6MB

Download
memory/3968-30-0x00007FF992A75000-0x00007FF992A76000-memory.dmp

Filesize
4KB

Download
memory/3968-31-0x00007FF9927C0000-0x00007FF993160000-memory.dmp

Filesize
9.6MB

Download
memory/3968-8-0x000000001C4B0000-0x000000001C54C000-memory.dmp

Filesize
624KB

Download
memory/3968-35-0x000000001E7B0000-0x000000001ED6A000-memory.dmp

Filesize
5.7MB

Download
memory/3968-36-0x000000001EE60000-0x000000001EF50000-memory.dmp

Filesize
960KB

Download
memory/3968-37-0x000000001D5A0000-0x000000001D5BE000-memory.dmp

Filesize
120KB

Download
memory/3968-38-0x000000001DB30000-0x000000001DB79000-memory.dmp

Filesize
292KB

Download
memory/3968-39-0x000000001EF50000-0x000000001EFC0000-memory.dmp

Filesize
448KB

Download
memory/3968-40-0x00007FF9927C0000-0x00007FF993160000-memory.dmp

Filesize
9.6MB

Download
memory/3968-41-0x000000001F200000-0x000000001F33C000-memory.dmp

Filesize
1.2MB

Download
memory/3968-42-0x00007FF9927C0000-0x00007FF993160000-memory.dmp

Filesize
9.6MB

Download
memory/3968-43-0x00007FF9927C0000-0x00007FF993160000-memory.dmp

Filesize
9.6MB

Download
memory/3968-44-0x00007FF9927C0000-0x00007FF993160000-memory.dmp

Filesize
9.6MB

Download
memory/3968-48-0x0000000000F60000-0x00000000010DA000-memory.dmp

Filesize
1.5MB

Download
memory/3968-49-0x00007FF9927C0000-0x00007FF993160000-memory.dmp

Filesize
9.6MB

Download
memory/3968-52-0x00007FF9927C0000-0x00007FF993160000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads