b6c83dda5870f34fd5ee3be37a8e766cd8789294e5f9b803e915538be1acae89

Analysis

max time kernel
46s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
01/10/2022, 21:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b6c83dda5870f34fd5ee3be37a8e766cd8789294e5f9b803e915538be1acae89.exe
Size

88KB
MD5

6984ab01970f92c7eed566e85b7ee0c6
SHA1

e09eb8778fd50029338ef4663a5122edc7f16390
SHA256

b6c83dda5870f34fd5ee3be37a8e766cd8789294e5f9b803e915538be1acae89
SHA512

1f039519de3c3fd344db0787452271996f55d4fefd8e57f8d0e5ce38a806678adbd1b1407d2356eff335989f350b294a80b9d971c903dd9ee671df6a9d4c3e2d
SSDEEP

1536:5lrsicagdzn8K2ariPOcjk+XQuPVN72NMS2o/wYh7ZbCz1VLIh6khmQhxOb3dX:5JjcF8KfCOcjk+guPVjS2XkCz1VLIhvu

Score

8^/10

persistence upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1204-54-0x0000000000400000-0x0000000000467000-memory.dmp	upx
behavioral1/memory/1204-55-0x0000000000400000-0x0000000000467000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	b6c83dda5870f34fd5ee3be37a8e766cd8789294e5f9b803e915538be1acae89.exe

Drops file in System32 directory 32 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\16 year old webcam.mpg.exe	b6c83dda5870f34fd5ee3be37a8e766cd8789294e5f9b803e915538be1acae89.exe
File created	C:\Windows\SysWOW64\macromd\Pamela Anderson And Tommy Lee Home Video (Part 1).mpg.exe	b6c83dda5870f34fd5ee3be37a8e766cd8789294e5f9b803e915538be1acae89.exe
File created	C:\Windows\SysWOW64\macromd\amateur orgy at a swinger party.mpg.pif	b6c83dda5870f34fd5ee3be37a8e766cd8789294e5f9b803e915538be1acae89.exe
File created	C:\Windows\SysWOW64\macromd\bottle blonde tramp sucking a dick dry.mpg.pif	b6c83dda5870f34fd5ee3be37a8e766cd8789294e5f9b803e915538be1acae89.exe
File created	C:\Windows\SysWOW64\macromd\Windows 2000 win2k password stealer.exe	b6c83dda5870f34fd5ee3be37a8e766cd8789294e5f9b803e915538be1acae89.exe
File created	C:\Windows\SysWOW64\macromd\illegal preteen porn anal fisting.mpg.pif	b6c83dda5870f34fd5ee3be37a8e766cd8789294e5f9b803e915538be1acae89.exe
File created	C:\Windows\SysWOW64\macromd\busty asian babe with a hairy box.mpg.pif	b6c83dda5870f34fd5ee3be37a8e766cd8789294e5f9b803e915538be1acae89.exe
File created	C:\Windows\SysWOW64\macromd\keyhole unexpected pleasure.mpg.pif	b6c83dda5870f34fd5ee3be37a8e766cd8789294e5f9b803e915538be1acae89.exe
File created	C:\Windows\SysWOW64\macromd\AIM Account Stealer.exe	b6c83dda5870f34fd5ee3be37a8e766cd8789294e5f9b803e915538be1acae89.exe
File created	C:\Windows\SysWOW64\macromd\gorgious hotties who stimulated over worked rods.mpg.pif	b6c83dda5870f34fd5ee3be37a8e766cd8789294e5f9b803e915538be1acae89.exe
File created	C:\Windows\SysWOW64\macromd\sunbathing beauties tanning tender pussy lips.mpg.pif	b6c83dda5870f34fd5ee3be37a8e766cd8789294e5f9b803e915538be1acae89.exe
File created	C:\Windows\SysWOW64\macromd\gorgious babe who quit school to model pretty pink.mpg.pif	b6c83dda5870f34fd5ee3be37a8e766cd8789294e5f9b803e915538be1acae89.exe
File created	C:\Windows\SysWOW64\macromd\cute teen with her hole spread wide open.mpg.pif	b6c83dda5870f34fd5ee3be37a8e766cd8789294e5f9b803e915538be1acae89.exe
File created	C:\Windows\SysWOW64\macromd\girl and her new vibrator.mpg.pif	b6c83dda5870f34fd5ee3be37a8e766cd8789294e5f9b803e915538be1acae89.exe
File created	C:\Windows\SysWOW64\macromd\Teen Violent Forced Gangbang.exe	b6c83dda5870f34fd5ee3be37a8e766cd8789294e5f9b803e915538be1acae89.exe
File created	C:\Windows\SysWOW64\macromd\honie playing in her cunt with newly bought toy.mpg.pif	b6c83dda5870f34fd5ee3be37a8e766cd8789294e5f9b803e915538be1acae89.exe
File created	C:\Windows\SysWOW64\macromd\honie displaying raw pink ass.mpg.pif	b6c83dda5870f34fd5ee3be37a8e766cd8789294e5f9b803e915538be1acae89.exe
File created	C:\Windows\SysWOW64\macromd\hot actress heather graham naked.mpg.pif	b6c83dda5870f34fd5ee3be37a8e766cd8789294e5f9b803e915538be1acae89.exe
File created	C:\Windows\SysWOW64\macromd\MSN Password Hacker and Stealer.exe	b6c83dda5870f34fd5ee3be37a8e766cd8789294e5f9b803e915538be1acae89.exe
File created	C:\Windows\SysWOW64\macromd\super sexy blonde showing her pink.mpg.pif	b6c83dda5870f34fd5ee3be37a8e766cd8789294e5f9b803e915538be1acae89.exe
File created	C:\Windows\SysWOW64\macromd\cum hungry teen in action.mpg.pif	b6c83dda5870f34fd5ee3be37a8e766cd8789294e5f9b803e915538be1acae89.exe
File created	C:\Windows\SysWOW64\macromd\jenna jameson - xxx nurse scene.mpg.pif	b6c83dda5870f34fd5ee3be37a8e766cd8789294e5f9b803e915538be1acae89.exe
File created	C:\Windows\SysWOW64\macromd\porn account cracker.exe	b6c83dda5870f34fd5ee3be37a8e766cd8789294e5f9b803e915538be1acae89.exe
File created	C:\Windows\SysWOW64\macromd\hotmail account sniffer.exe	b6c83dda5870f34fd5ee3be37a8e766cd8789294e5f9b803e915538be1acae89.exe
File created	C:\Windows\SysWOW64\macromd\horny ass licking lesbians.mpg.pif	b6c83dda5870f34fd5ee3be37a8e766cd8789294e5f9b803e915538be1acae89.exe
File created	C:\Windows\SysWOW64\macromd\couple babes getting off with well hung dude.mpg.pif	b6c83dda5870f34fd5ee3be37a8e766cd8789294e5f9b803e915538be1acae89.exe
File created	C:\Windows\SysWOW64\macromd\Universal Game Crack.exe	b6c83dda5870f34fd5ee3be37a8e766cd8789294e5f9b803e915538be1acae89.exe
File created	C:\Windows\SysWOW64\macromd\hot mature blonde in stockings.mpg.pif	b6c83dda5870f34fd5ee3be37a8e766cd8789294e5f9b803e915538be1acae89.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	b6c83dda5870f34fd5ee3be37a8e766cd8789294e5f9b803e915538be1acae89.exe
File created	C:\Windows\SysWOW64\macromd\3 teen blonde babes chin deep in pussy sauce.mpg.pif	b6c83dda5870f34fd5ee3be37a8e766cd8789294e5f9b803e915538be1acae89.exe
File created	C:\Windows\SysWOW64\macromd\genuine indian slut posing.mpg.pif	b6c83dda5870f34fd5ee3be37a8e766cd8789294e5f9b803e915538be1acae89.exe
File created	C:\Windows\SysWOW64\macromd\fat grannies action.mpg.pif	b6c83dda5870f34fd5ee3be37a8e766cd8789294e5f9b803e915538be1acae89.exe

C:\Users\Admin\AppData\Local\Temp\b6c83dda5870f34fd5ee3be37a8e766cd8789294e5f9b803e915538be1acae89.exe
"C:\Users\Admin\AppData\Local\Temp\b6c83dda5870f34fd5ee3be37a8e766cd8789294e5f9b803e915538be1acae89.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:1204

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1204-54-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/1204-55-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download