abac9b724c6d13aa90b5484b7c424c1505f9f7d58504954bb3ed9b718a448991

Analysis

max time kernel
30s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
submitted
07-07-2022 09:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

trojan/4.exe
Size

89KB
MD5

ff0378ea8f209c085c4ff00b67ef23fa
SHA1

187fc7cc78740db57c1dc0bd9a2fa017c9160f1f
SHA256

885b63ca1d23550c56d34a5a5195bba4cc21c59f7161d38781eb2cd85aee0bbb
SHA512

f819e0f1b01232de9ba773a308aba2791ad75033122b1866bff94357c05f55bacaae17c15f607218ffeba8ab77c23faef92061d076fe6cfbf4def251bfd2d184

Score

8^/10

persistence upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral9/memory/552-54-0x0000000000400000-0x0000000000464000-memory.dmp	upx
behavioral9/memory/552-55-0x0000000000400000-0x0000000000464000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

4.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	4.exe

Drops file in System32 directory 27 IoCs

Processes:

4.exe

description	ioc	process
File created	C:\Windows\SysWOW64\macromd\fetish bondage preteen porno.mpg.pif	4.exe
File created	C:\Windows\SysWOW64\macromd\chubby girl fucked from all angles xxx.exe	4.exe
File created	C:\Windows\SysWOW64\macromd\Britney Spears Dance Beat.exe	4.exe
File created	C:\Windows\SysWOW64\macromd\AIM Password Stealer.exe	4.exe
File created	C:\Windows\SysWOW64\macromd\AOL.exe	4.exe
File created	C:\Windows\SysWOW64\macromd\14 year old on beach.mpg.exe	4.exe
File created	C:\Windows\SysWOW64\macromd\Lolita preteen sex.mpeg.pif	4.exe
File created	C:\Windows\SysWOW64\macromd\Another bang bus victim forced rape sex cum.mpg.exe	4.exe
File created	C:\Windows\SysWOW64\macromd\Flash Golf.exe	4.exe
File created	C:\Windows\SysWOW64\macromd\12 year old forced rape cum.exe	4.exe
File created	C:\Windows\SysWOW64\macromd\Windows 2000.exe	4.exe
File created	C:\Windows\SysWOW64\macromd\Britney spears nude.exe	4.exe
File created	C:\Windows\SysWOW64\macromd\preteen sucking huge cock illegal.mpg.exe	4.exe
File created	C:\Windows\SysWOW64\macromd\Free Porn.exe	4.exe
File created	C:\Windows\SysWOW64\macromd\AOL, MSN, Yahoo mail password stealer.exe	4.exe
File created	C:\Windows\SysWOW64\macromd\cute girl giving head.exe	4.exe
File created	C:\Windows\SysWOW64\macromd\teen tied up and raped.exe	4.exe
File created	C:\Windows\SysWOW64\macromd\Bondage Fetish Foot Cum.exe	4.exe
File created	C:\Windows\SysWOW64\macromd\Want to see a massive horse cock in a tight little teen's pussy.mpg.pif	4.exe
File created	C:\Windows\SysWOW64\macromd\OfficeXP Keygen.exe	4.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	4.exe
File created	C:\Windows\SysWOW64\macromd\invisible IP.exe	4.exe
File created	C:\Windows\SysWOW64\macromd\Xbox Iso 2 Rom Converter.exe	4.exe
File created	C:\Windows\SysWOW64\macromd\GTA 3 Crack.exe	4.exe
File created	C:\Windows\SysWOW64\macromd\Yahoo mail cracker.exe	4.exe
File created	C:\Windows\SysWOW64\macromd\Jenna Jameson Nude Gang Bang Forced Cum Blowjob.mpg.pif	4.exe
File created	C:\Windows\SysWOW64\macromd\CKY3 - Bam Margera World Industries Alien Workshop.exe	4.exe

C:\Users\Admin\AppData\Local\Temp\trojan\4.exe
"C:\Users\Admin\AppData\Local\Temp\trojan\4.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:552

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/552-54-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/552-55-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads