fd7b4bd6e2e95630ea448de85997b7ce5a322118b41d008501c5de608d22f24d

Analysis

max time kernel
11s
platform
windows11-21h2_x64
resource
win11-20240704-en
resource tags

arch:x64arch:x86image:win11-20240704-enlocale:en-usos:windows11-21h2-x64system
submitted
08-07-2024 03:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Galaxy Swapper Keygen.exe
Size

2.0MB
MD5

b920b1b707d9887034e5f0b04c50ebe5
SHA1

a08de84deeca9b3ad88ae7e54f7bd934416bf0ba
SHA256

33e07e5231fcfe47bb9ff19cb178f2df60c255c7e9ac45f7f661e29509af4080
SHA512

9e5a438e57996b6638ca6ef0b4c1bbe61a50e186ec6e05c3f1d316ba1accf170f9019514e31fe24d4ceeae67debfe9ae22aa16d2c7b2b6cbb711a527921cea30
SSDEEP

49152:yCZvr4pItkzQqc5jlGYC+vdSKmlcs0YrWt0Mh/Qo16:BR1hqINC+vdsWtBD

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

Galaxy Swapper Keygen.exe

description	pid	process	target process
PID 1788 wrote to memory of 2148	1788	Galaxy Swapper Keygen.exe	cmd.exe
PID 1788 wrote to memory of 2148	1788	Galaxy Swapper Keygen.exe	cmd.exe
PID 1788 wrote to memory of 2148	1788	Galaxy Swapper Keygen.exe	cmd.exe
PID 1788 wrote to memory of 1648	1788	Galaxy Swapper Keygen.exe	Galaxy Swapper Keygen.exe
PID 1788 wrote to memory of 1648	1788	Galaxy Swapper Keygen.exe	Galaxy Swapper Keygen.exe
PID 1788 wrote to memory of 1648	1788	Galaxy Swapper Keygen.exe	Galaxy Swapper Keygen.exe

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1788

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
2⤵
PID:2148

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
2⤵
PID:1648

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
3⤵
PID:1332

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
3⤵
PID:4508

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
4⤵
PID:2660

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
4⤵
PID:3608

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
5⤵
PID:3512

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
5⤵
PID:2196

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
6⤵
PID:2912

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
6⤵
PID:2716

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
7⤵
PID:2020

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
7⤵
PID:4776

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
8⤵
PID:4316

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
8⤵
PID:1440

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
9⤵
PID:4620

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
9⤵
PID:3032

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
10⤵
PID:2104

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
10⤵
PID:476

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
11⤵
PID:4640

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
11⤵
PID:2280

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
12⤵
PID:1556

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
12⤵
PID:3200

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
13⤵
PID:1672

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
13⤵
PID:4912

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
14⤵
PID:1912

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
14⤵
PID:5032

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
15⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
15⤵
PID:1080

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
16⤵
PID:4880

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
16⤵
PID:4744

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
17⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
17⤵
PID:4524

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
18⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
18⤵
PID:4076

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
19⤵
PID:2032

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
19⤵
PID:3176

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
20⤵
PID:768

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
20⤵
PID:4272

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
21⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
21⤵
PID:5040

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
22⤵
PID:1936

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
22⤵
PID:392

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
23⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
23⤵
PID:4436

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
24⤵
PID:2112

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
24⤵
PID:4620

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
25⤵
PID:4156

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
25⤵
PID:3476

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
26⤵
PID:4980

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
26⤵
PID:3268

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
27⤵
PID:124

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
27⤵
PID:1240

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
28⤵
PID:952

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
28⤵
PID:4492

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
29⤵
PID:1352

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
29⤵
PID:1136

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
30⤵
PID:2912

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
30⤵
PID:4496

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
31⤵
PID:948

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
31⤵
PID:4868

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
32⤵
PID:2820

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
32⤵
PID:2100

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
33⤵
PID:4016

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
33⤵
PID:2964

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
34⤵
PID:3176

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
34⤵
PID:2080

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
35⤵
PID:240

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
35⤵
PID:3048

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
36⤵
PID:1120

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
36⤵
PID:1748

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
37⤵
PID:3256

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
37⤵
PID:2832

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
38⤵
PID:3728

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
38⤵
PID:2368

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
39⤵
PID:2652

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
39⤵
PID:2400

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
40⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
40⤵
PID:3828

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
41⤵
PID:2104

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
41⤵
PID:3748

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
42⤵
PID:1792

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
42⤵
PID:4700

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
43⤵
PID:2880

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
43⤵
PID:2444

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
44⤵
PID:4492

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
44⤵
PID:692

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
45⤵
PID:124

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
45⤵
PID:4480

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
46⤵
PID:2432

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
46⤵
PID:2052

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
47⤵
PID:2628

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
47⤵
PID:4824

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WizClient.bat" "
48⤵
PID:1996

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper Keygen.exe"
48⤵
PID:1652

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\WizClient.bat

Filesize
395KB

MD5
f648a3808707ec58ae00f082ac787b6b

SHA1
55ae98650074783346b5de7e9d069b191277a297

SHA256
a567eb6b80ef0dbeda64cfdc1ed0879f4367cfaca137b5cd66b173716282f2b1

SHA512
9fe7e9203532df159a23c06d71a9e95ec7a06102e266f355fed35fd8eea4caefd8ccd8d021495269df2801b020e1399bb8bf818d98f327d4527bc3d28c609e5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\WizClient.bat

Filesize
128KB

MD5
ca1fc405789825b5a8bf99c683e11819

SHA1
af8b7b6af71612b2a9f354322c6e462ce5c2d7b3

SHA256
faf68b352e623efc9a818e969e0c304a456185b73ed2e0071f027948300a138d

SHA512
9cf63cc1d7016f5c9ffbb8924373242b29a73dbd1042adb375f960bf04549a3ab5506f18c4e947d2a6a516e348fa4d90275603d5a38325825654dbfe1e4b486c

Download Submit