d770f120e001963da99178a4a15de0a217369168da5da58b93e81a631b4721c3

Analysis

max time kernel
87s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2022, 00:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d770f120e001963da99178a4a15de0a217369168da5da58b93e81a631b4721c3.exe
Size

90KB
MD5

027e951ac08c096f5bf1090779d8ec10
SHA1

658253b47708fe1a5c198b171a2e05871b26eb37
SHA256

d770f120e001963da99178a4a15de0a217369168da5da58b93e81a631b4721c3
SHA512

0ca3f648429b79f103eec94dd54e1ec4fcf3d44543c171e61222ed1efc90fc94d4e98ec25ee02e88bdb3757c31e438e5e383d702a333575fb4a083c26fd083be
SSDEEP

1536:5lrsicagdzn8K2ariPOcjk+XQuPVN72NMS6KhyM1IzUOOGTJPiuiJ6JBN:5JjcF8KfCOcjk+guPVjS62yUIiGTJPim

Score

8^/10

persistence upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4976-132-0x0000000000400000-0x0000000000467000-memory.dmp	upx
behavioral2/memory/4976-133-0x0000000000400000-0x0000000000467000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	d770f120e001963da99178a4a15de0a217369168da5da58b93e81a631b4721c3.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\pigtail black babe with pretty boy.mpg.pif	d770f120e001963da99178a4a15de0a217369168da5da58b93e81a631b4721c3.exe
File created	C:\Windows\SysWOW64\macromd\aimcracker.exe	d770f120e001963da99178a4a15de0a217369168da5da58b93e81a631b4721c3.exe
File created	C:\Windows\SysWOW64\macromd\babe celebrating new years naked and spreading cunt.mpg.pif	d770f120e001963da99178a4a15de0a217369168da5da58b93e81a631b4721c3.exe
File created	C:\Windows\SysWOW64\macromd\nasty slut sucking huge cock.mpg.pif	d770f120e001963da99178a4a15de0a217369168da5da58b93e81a631b4721c3.exe
File created	C:\Windows\SysWOW64\macromd\babes getting big cocks off with lips.mpg.pif	d770f120e001963da99178a4a15de0a217369168da5da58b93e81a631b4721c3.exe
File created	C:\Windows\SysWOW64\macromd\chick weeing in her pants.mpg.pif	d770f120e001963da99178a4a15de0a217369168da5da58b93e81a631b4721c3.exe
File created	C:\Windows\SysWOW64\macromd\leggy babe posing in pink panties.mpg.pif	d770f120e001963da99178a4a15de0a217369168da5da58b93e81a631b4721c3.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	d770f120e001963da99178a4a15de0a217369168da5da58b93e81a631b4721c3.exe
File created	C:\Windows\SysWOW64\macromd\an older fat mom spreading wide.mpg.pif	d770f120e001963da99178a4a15de0a217369168da5da58b93e81a631b4721c3.exe
File created	C:\Windows\SysWOW64\macromd\nymph enjoys fisting all the way to the elbow.mpg.pif	d770f120e001963da99178a4a15de0a217369168da5da58b93e81a631b4721c3.exe
File created	C:\Windows\SysWOW64\macromd\trailor tramp pissing for you.mpg.pif	d770f120e001963da99178a4a15de0a217369168da5da58b93e81a631b4721c3.exe
File created	C:\Windows\SysWOW64\macromd\sexy ass black slut sucking huge cock.mpg.pif	d770f120e001963da99178a4a15de0a217369168da5da58b93e81a631b4721c3.exe
File created	C:\Windows\SysWOW64\macromd\old man fucking young blonde teen.mpg.pif	d770f120e001963da99178a4a15de0a217369168da5da58b93e81a631b4721c3.exe
File created	C:\Windows\SysWOW64\macromd\invisible IP.exe	d770f120e001963da99178a4a15de0a217369168da5da58b93e81a631b4721c3.exe
File created	C:\Windows\SysWOW64\macromd\Kama Sutra Tetris.exe	d770f120e001963da99178a4a15de0a217369168da5da58b93e81a631b4721c3.exe
File created	C:\Windows\SysWOW64\macromd\illegal porno - 15 year old raped by two men on boat.mpg.pif	d770f120e001963da99178a4a15de0a217369168da5da58b93e81a631b4721c3.exe
File created	C:\Windows\SysWOW64\macromd\tiny little virgin showing off her cherry pussy.mpg.pif	d770f120e001963da99178a4a15de0a217369168da5da58b93e81a631b4721c3.exe
File created	C:\Windows\SysWOW64\macromd\jenna jameson - xxx nurse scene.mpg.pif	d770f120e001963da99178a4a15de0a217369168da5da58b93e81a631b4721c3.exe
File created	C:\Windows\SysWOW64\macromd\older blonde showing she has the goods.mpg.pif	d770f120e001963da99178a4a15de0a217369168da5da58b93e81a631b4721c3.exe
File created	C:\Windows\SysWOW64\macromd\blowjob girl getting a sloppy facial.mpg.pif	d770f120e001963da99178a4a15de0a217369168da5da58b93e81a631b4721c3.exe
File created	C:\Windows\SysWOW64\macromd\play station emulator crack.exe	d770f120e001963da99178a4a15de0a217369168da5da58b93e81a631b4721c3.exe
File created	C:\Windows\SysWOW64\macromd\gay guy with a screwing machine.mpg.pif	d770f120e001963da99178a4a15de0a217369168da5da58b93e81a631b4721c3.exe
File created	C:\Windows\SysWOW64\macromd\some twink ass rippers.mpg.pif	d770f120e001963da99178a4a15de0a217369168da5da58b93e81a631b4721c3.exe
File created	C:\Windows\SysWOW64\macromd\tiny girl opening hole in crazy wish of cock.mpg.pif	d770f120e001963da99178a4a15de0a217369168da5da58b93e81a631b4721c3.exe
File created	C:\Windows\SysWOW64\macromd\Flash Golf.exe	d770f120e001963da99178a4a15de0a217369168da5da58b93e81a631b4721c3.exe
File created	C:\Windows\SysWOW64\macromd\honies letting dudes flush mouths full of hot cum.mpg.pif	d770f120e001963da99178a4a15de0a217369168da5da58b93e81a631b4721c3.exe
File created	C:\Windows\SysWOW64\macromd\dude getting off in lover's mouth at party.mpg.pif	d770f120e001963da99178a4a15de0a217369168da5da58b93e81a631b4721c3.exe
File created	C:\Windows\SysWOW64\macromd\sluts who are in control of their slaves.mpg.pif	d770f120e001963da99178a4a15de0a217369168da5da58b93e81a631b4721c3.exe
File created	C:\Windows\SysWOW64\macromd\maid's vagina plowed by big cock.mpg.pif	d770f120e001963da99178a4a15de0a217369168da5da58b93e81a631b4721c3.exe
File created	C:\Windows\SysWOW64\macromd\patricia arquette showing her tits.mpg.pif	d770f120e001963da99178a4a15de0a217369168da5da58b93e81a631b4721c3.exe
File created	C:\Windows\SysWOW64\macromd\hot teeny sucking cock.mpg.pif	d770f120e001963da99178a4a15de0a217369168da5da58b93e81a631b4721c3.exe
File created	C:\Windows\SysWOW64\macromd\Website Hacker.exe	d770f120e001963da99178a4a15de0a217369168da5da58b93e81a631b4721c3.exe
File created	C:\Windows\SysWOW64\macromd\lesbian strapon dildo entertainments.mpg.pif	d770f120e001963da99178a4a15de0a217369168da5da58b93e81a631b4721c3.exe

C:\Users\Admin\AppData\Local\Temp\d770f120e001963da99178a4a15de0a217369168da5da58b93e81a631b4721c3.exe
"C:\Users\Admin\AppData\Local\Temp\d770f120e001963da99178a4a15de0a217369168da5da58b93e81a631b4721c3.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:4976

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4976-132-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/4976-133-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download