32b2a6b400e3fc3b8a031cb1a7cdfc69be30997ae024bebf569977d914844cf0

Analysis

max time kernel
33s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/09/2022, 19:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

32b2a6b400e3fc3b8a031cb1a7cdfc69be30997ae024bebf569977d914844cf0.exe
Size

74KB
MD5

e3c295f61bac9939b34ddd3f8065829d
SHA1

990372d4269551a3bb1ca6429c7285056d3c1e37
SHA256

32b2a6b400e3fc3b8a031cb1a7cdfc69be30997ae024bebf569977d914844cf0
SHA512

f77256f1e936e6e187fa628238b2e413f1c85f1047312b232640b7ebc5174cf0fa57c72e45473506df66231973bea9ac8616f38f7cd5e82ba279e2f29d75308e
SSDEEP

1536:5lrsicagdzn8K2ariPOcjk+XQuPVN72NMSBeOAunSpdAV9:5JjcF8KfCOcjk+guPVjSBrA5yP

Score

8^/10

persistence upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/892-54-0x0000000000400000-0x0000000000467000-memory.dmp	upx
behavioral1/memory/892-55-0x0000000000400000-0x0000000000467000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	32b2a6b400e3fc3b8a031cb1a7cdfc69be30997ae024bebf569977d914844cf0.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\gettin it hard up the ass.mpg.pif	32b2a6b400e3fc3b8a031cb1a7cdfc69be30997ae024bebf569977d914844cf0.exe
File created	C:\Windows\SysWOW64\macromd\little brown cup-cake with plump boobs and sweet beaver.mpg.pif	32b2a6b400e3fc3b8a031cb1a7cdfc69be30997ae024bebf569977d914844cf0.exe
File created	C:\Windows\SysWOW64\macromd\redhead in red lingerie ready to fuck.mpg.pif	32b2a6b400e3fc3b8a031cb1a7cdfc69be30997ae024bebf569977d914844cf0.exe
File created	C:\Windows\SysWOW64\macromd\OfficeXP Keygen.exe	32b2a6b400e3fc3b8a031cb1a7cdfc69be30997ae024bebf569977d914844cf0.exe
File created	C:\Windows\SysWOW64\macromd\sunbathing beauties tanning tender pussy lips.mpg.pif	32b2a6b400e3fc3b8a031cb1a7cdfc69be30997ae024bebf569977d914844cf0.exe
File created	C:\Windows\SysWOW64\macromd\an older fat mom spreading wide.mpg.pif	32b2a6b400e3fc3b8a031cb1a7cdfc69be30997ae024bebf569977d914844cf0.exe
File created	C:\Windows\SysWOW64\macromd\busty asian with big lips.mpg.pif	32b2a6b400e3fc3b8a031cb1a7cdfc69be30997ae024bebf569977d914844cf0.exe
File created	C:\Windows\SysWOW64\macromd\siemens unlocker.exe	32b2a6b400e3fc3b8a031cb1a7cdfc69be30997ae024bebf569977d914844cf0.exe
File created	C:\Windows\SysWOW64\macromd\aimcracker.exe	32b2a6b400e3fc3b8a031cb1a7cdfc69be30997ae024bebf569977d914844cf0.exe
File created	C:\Windows\SysWOW64\macromd\nasty slut sucking huge cock.mpg.pif	32b2a6b400e3fc3b8a031cb1a7cdfc69be30997ae024bebf569977d914844cf0.exe
File created	C:\Windows\SysWOW64\macromd\ass ripping interracial fuckin.mpg.pif	32b2a6b400e3fc3b8a031cb1a7cdfc69be30997ae024bebf569977d914844cf0.exe
File created	C:\Windows\SysWOW64\macromd\supermodel nina brosh .mpg.pif	32b2a6b400e3fc3b8a031cb1a7cdfc69be30997ae024bebf569977d914844cf0.exe
File created	C:\Windows\SysWOW64\macromd\yahoo hacker.exe	32b2a6b400e3fc3b8a031cb1a7cdfc69be30997ae024bebf569977d914844cf0.exe
File created	C:\Windows\SysWOW64\macromd\young slut being pound in all her tight holes.mpg.pif	32b2a6b400e3fc3b8a031cb1a7cdfc69be30997ae024bebf569977d914844cf0.exe
File created	C:\Windows\SysWOW64\macromd\babes getting big cocks off with lips.mpg.pif	32b2a6b400e3fc3b8a031cb1a7cdfc69be30997ae024bebf569977d914844cf0.exe
File created	C:\Windows\SysWOW64\macromd\babe with dick stuck between her ass cheeks.mpg.pif	32b2a6b400e3fc3b8a031cb1a7cdfc69be30997ae024bebf569977d914844cf0.exe
File created	C:\Windows\SysWOW64\macromd\career girls playing with their snatch after work.mpg.pif	32b2a6b400e3fc3b8a031cb1a7cdfc69be30997ae024bebf569977d914844cf0.exe
File created	C:\Windows\SysWOW64\macromd\brunette fucking in bedroom with boyfriend.mpg.pif	32b2a6b400e3fc3b8a031cb1a7cdfc69be30997ae024bebf569977d914844cf0.exe
File created	C:\Windows\SysWOW64\macromd\Choke on cum (sodomy, rape).mpg.exe	32b2a6b400e3fc3b8a031cb1a7cdfc69be30997ae024bebf569977d914844cf0.exe
File created	C:\Windows\SysWOW64\macromd\sexy little blonde teasing.mpg.pif	32b2a6b400e3fc3b8a031cb1a7cdfc69be30997ae024bebf569977d914844cf0.exe
File created	C:\Windows\SysWOW64\macromd\asian slut with puffy exotic lips.mpg.pif	32b2a6b400e3fc3b8a031cb1a7cdfc69be30997ae024bebf569977d914844cf0.exe
File created	C:\Windows\SysWOW64\macromd\brazilian supermodel adriana lima.mpg.pif	32b2a6b400e3fc3b8a031cb1a7cdfc69be30997ae024bebf569977d914844cf0.exe
File created	C:\Windows\SysWOW64\macromd\sexy star kate hudson nude.mpg.pif	32b2a6b400e3fc3b8a031cb1a7cdfc69be30997ae024bebf569977d914844cf0.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	32b2a6b400e3fc3b8a031cb1a7cdfc69be30997ae024bebf569977d914844cf0.exe
File created	C:\Windows\SysWOW64\macromd\AIM Flooder.exe	32b2a6b400e3fc3b8a031cb1a7cdfc69be30997ae024bebf569977d914844cf0.exe
File created	C:\Windows\SysWOW64\macromd\teen spreading in the kitchen.mpg.pif	32b2a6b400e3fc3b8a031cb1a7cdfc69be30997ae024bebf569977d914844cf0.exe
File created	C:\Windows\SysWOW64\macromd\Lolita preteen sex.mpeg.pif	32b2a6b400e3fc3b8a031cb1a7cdfc69be30997ae024bebf569977d914844cf0.exe
File created	C:\Windows\SysWOW64\macromd\polish naturals with nice round titties.mpg.pif	32b2a6b400e3fc3b8a031cb1a7cdfc69be30997ae024bebf569977d914844cf0.exe
File created	C:\Windows\SysWOW64\macromd\Cable Modem Uncapper.exe	32b2a6b400e3fc3b8a031cb1a7cdfc69be30997ae024bebf569977d914844cf0.exe
File created	C:\Windows\SysWOW64\macromd\gangbang tryout with young slut and two studs.mpg.pif	32b2a6b400e3fc3b8a031cb1a7cdfc69be30997ae024bebf569977d914844cf0.exe
File created	C:\Windows\SysWOW64\macromd\nymph enjoys fisting all the way to the elbow.mpg.pif	32b2a6b400e3fc3b8a031cb1a7cdfc69be30997ae024bebf569977d914844cf0.exe
File created	C:\Windows\SysWOW64\macromd\Pamela Anderson.exe	32b2a6b400e3fc3b8a031cb1a7cdfc69be30997ae024bebf569977d914844cf0.exe
File created	C:\Windows\SysWOW64\macromd\girls gone wild.mpg.exe	32b2a6b400e3fc3b8a031cb1a7cdfc69be30997ae024bebf569977d914844cf0.exe

C:\Users\Admin\AppData\Local\Temp\32b2a6b400e3fc3b8a031cb1a7cdfc69be30997ae024bebf569977d914844cf0.exe
"C:\Users\Admin\AppData\Local\Temp\32b2a6b400e3fc3b8a031cb1a7cdfc69be30997ae024bebf569977d914844cf0.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:892

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/892-54-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/892-55-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download