515127d9f53fa203f3ba9cb7b7b4d1cda211294cd80254cb9954e3d7462d309f

General

Target

my_penis_is_hard.lol(1).exe
Size

903KB
MD5

2ddc3374433159b00c6a9e5f43e2cd82
SHA1

b712be05de623818c6ed708500dc35f225155e59
SHA256

515127d9f53fa203f3ba9cb7b7b4d1cda211294cd80254cb9954e3d7462d309f
SHA512

a7d9367e553476bfe9d43bb28add4f70d7e115f4575664f2d903a544c685b2c3a2d26d5279fdd873f71ccb81fcb7b6f39791216262d1326f1043ced49cd9da9c
SSDEEP

12288:JTUZ/Y95eo6L4ce7dG1lFlWcYT70pxnnaaoawalBa2Ley+trZNrI0AilFEvxHvB3:JqI4MROxnF7ay6rZlI0AilFEvxHiAl

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	C:\Windows\assembly\Desktop.ini	my_penis_is_hard.lol(1).exe
File opened for modification	C:\Windows\assembly\Desktop.ini	my_penis_is_hard.lol(1).exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\assembly	my_penis_is_hard.lol(1).exe
File created	C:\Windows\assembly\Desktop.ini	my_penis_is_hard.lol(1).exe
File opened for modification	C:\Windows\assembly\Desktop.ini	my_penis_is_hard.lol(1).exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	1572	my_penis_is_hard.lol(1).exe
Token: 33	2932	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2932	AUDIODG.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1572 wrote to memory of 2832	1572	my_penis_is_hard.lol(1).exe	91
PID 1572 wrote to memory of 2832	1572	my_penis_is_hard.lol(1).exe	91
PID 2832 wrote to memory of 3060	2832	csc.exe	93
PID 2832 wrote to memory of 3060	2832	csc.exe	93

C:\Users\Admin\AppData\Local\Temp\my_penis_is_hard.lol(1).exe
"C:\Users\Admin\AppData\Local\Temp\my_penis_is_hard.lol(1).exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1572
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\nl0f2wea.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2832
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC63F.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCC63E.tmp"
    3⤵
    PID:3060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3812 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
1⤵
PID:1736

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x328 0x500
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5044 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
1⤵
PID:1264

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RESC63F.tmp

Filesize
1KB

MD5
4da63fb6822741bfdb829e7aa91dd62b

SHA1
8ace2279d0baf2d4e3ca3422e0f2fc171f66250c

SHA256
202715211615788b7b0535d9961f3c321e15c7687448c2ef165a97c8cfa324fc

SHA512
cc5c83d786b61abfccdf790998cfe56536631c4140e54e176030d5046f0bdba2a6392562b25e10db81e55ee086846fbf3e86f02c136b1d632c436fff608e2932

Download Submit
C:\Users\Admin\AppData\Local\Temp\nl0f2wea.dll

Filesize
76KB

MD5
a2a4c3257d3b8ed38cc2e85dff69c2b7

SHA1
ad4ae3395e12cd71d0e9fd9edc78b13194dacc0c

SHA256
4fe99f26d1e4a2faf55c78a0cc0107d0fe4131b6665b11cdc4124e36961f1b9e

SHA512
8b809779f5e8e88dc02d44dc42d8ee7f20bc1c6167f645b94ebeb46c54f978f335bc566e15bbd4b0edf7b0d2c969c026e43ba45c3756b158a29ddda37e8495a1

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSCC63E.tmp

Filesize
676B

MD5
82aac654ea668158c05222ac62841d10

SHA1
c9d9f8703994231865ee505448e4fb42c05759b1

SHA256
353b48fb7637959a69f127c6bc9ff443900fd8ac049d970b4156f0adc46b8306

SHA512
cdf9c1ad6f61652947ebebc5bec701ee7b2e8ef49365c8449d8b2d29f24151dce958e243b88713fc63c82f7c97f514517d805a35bc0bcceb81078a7aafe5208a

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\nl0f2wea.0.cs

Filesize
208KB

MD5
c0aae5cbb0e9da4a9a317031bf9811d0

SHA1
4db2a949ede1ed512ac2ab3008771db4969dea55

SHA256
373c711c9f0e9bbfcbfc79ffd78f9ca38fe18116f9dfc736b5be1f5a7bb3a433

SHA512
73801ed686e7172b9ecc9dd4bb0d14010fd0231686af7f58c3677b475af7a85e4c56324f2b65ded0e7252c435510357ce7de3a1b760a509a4e36a16d2f3d95c7

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\nl0f2wea.cmdline

Filesize
349B

MD5
9d32efbc70ca9c321da65c9fe0a3845f

SHA1
65b640e1bbcdb93ef8d26afd3edb241b3c90f531

SHA256
b453a6fb626493fd4242cd32fb00904652974c83725b8f66967a24d1aa3e5a73

SHA512
50d060d68c4d8e3bde1378de978c4db7dd7f85aa1cd081ad052c337b9d9e3eda7df831324a5063c2fdafe66fee04c1c2e6464f207e7d65e7cdfe63b7b1aea38b

Download Submit
memory/1572-39-0x00007FFE94340000-0x00007FFE94CE1000-memory.dmp

Filesize
9.6MB

Download
memory/1572-30-0x00007FFE945F5000-0x00007FFE945F6000-memory.dmp

Filesize
4KB

Download
memory/1572-7-0x000000001C3C0000-0x000000001C88E000-memory.dmp

Filesize
4.8MB

Download
memory/1572-6-0x000000001BEE0000-0x000000001BEEE000-memory.dmp

Filesize
56KB

Download
memory/1572-50-0x00007FFE94340000-0x00007FFE94CE1000-memory.dmp

Filesize
9.6MB

Download
memory/1572-3-0x000000001BD20000-0x000000001BD7C000-memory.dmp

Filesize
368KB

Download
memory/1572-2-0x00007FFE94340000-0x00007FFE94CE1000-memory.dmp

Filesize
9.6MB

Download
memory/1572-49-0x0000000021550000-0x0000000021686000-memory.dmp

Filesize
1.2MB

Download
memory/1572-1-0x00007FFE94340000-0x00007FFE94CE1000-memory.dmp

Filesize
9.6MB

Download
memory/1572-23-0x000000001CFF0000-0x000000001D006000-memory.dmp

Filesize
88KB

Download
memory/1572-25-0x000000001BC40000-0x000000001BC52000-memory.dmp

Filesize
72KB

Download
memory/1572-26-0x000000001D020000-0x000000001D038000-memory.dmp

Filesize
96KB

Download
memory/1572-27-0x0000000001690000-0x00000000016A0000-memory.dmp

Filesize
64KB

Download
memory/1572-28-0x00000000016D0000-0x00000000016D8000-memory.dmp

Filesize
32KB

Download
memory/1572-29-0x00007FFE94340000-0x00007FFE94CE1000-memory.dmp

Filesize
9.6MB

Download
memory/1572-8-0x000000001C930000-0x000000001C9CC000-memory.dmp

Filesize
624KB

Download
memory/1572-31-0x00007FFE94340000-0x00007FFE94CE1000-memory.dmp

Filesize
9.6MB

Download
memory/1572-34-0x000000001DCC0000-0x000000001DD22000-memory.dmp

Filesize
392KB

Download
memory/1572-35-0x000000001E950000-0x000000001EF0A000-memory.dmp

Filesize
5.7MB

Download
memory/1572-36-0x000000001EF10000-0x000000001F000000-memory.dmp

Filesize
960KB

Download
memory/1572-37-0x000000001DDD0000-0x000000001DDEE000-memory.dmp

Filesize
120KB

Download
memory/1572-38-0x000000001DE00000-0x000000001DE49000-memory.dmp

Filesize
292KB

Download
memory/1572-0-0x00007FFE945F5000-0x00007FFE945F6000-memory.dmp

Filesize
4KB

Download
memory/1572-40-0x000000001F0B0000-0x000000001F120000-memory.dmp

Filesize
448KB

Download
memory/1572-41-0x00007FFE94340000-0x00007FFE94CE1000-memory.dmp

Filesize
9.6MB

Download
memory/1572-42-0x000000001F3D0000-0x000000001F50C000-memory.dmp

Filesize
1.2MB

Download
memory/1572-43-0x00007FFE94340000-0x00007FFE94CE1000-memory.dmp

Filesize
9.6MB

Download
memory/1572-46-0x00007FFE94340000-0x00007FFE94CE1000-memory.dmp

Filesize
9.6MB

Download
memory/1572-48-0x000000001F710000-0x000000001F88A000-memory.dmp

Filesize
1.5MB

Download
memory/2832-21-0x00007FFE94340000-0x00007FFE94CE1000-memory.dmp

Filesize
9.6MB

Download
memory/2832-14-0x00007FFE94340000-0x00007FFE94CE1000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads