b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66

Analysis

max time kernel
35s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11/10/2022, 16:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
Size

155KB
MD5

03cde9eba4591afb7e702f23038c6060
SHA1

e6d0650321440996f041e754c1aa9dbffd937956
SHA256

b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66
SHA512

c30eef59777db85693179eea4d05303d020cf0ce1470e73033dd871f0d7dfcedf43a791ee54c8517c9360cffe19ea71dfb86677e8bf25e0751c431729aeb06bc
SSDEEP

3072:jmVW8iTX/3RfldjjXq1+0cxxsWEL02fXcIp08Moe+2TCHaq:aM7jJlRexYTHYZMrg

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\amateur slut with a huge gun.mpg.pif	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\aimhacker.exe	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\bad gal being tied and bound.mpg.pif	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\Counter Strike CD Keygen.exe	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\hotmail account sniffer.exe	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\twin sisters tag teaming neighbors cock.mpg.pif	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\wild stud eating and drilling small pussy freek.mpg.pif	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\AOL.exe	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\win2k serial.exe	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\cute honie spreading flawless ass and juicy twat.mpg.pif	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\both holes fucked by a massive fucking machin.mpg.pif	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\shanks who serve up smelly pootang.mpg.pif	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\twink stroking his butt plugger.mpg.pif	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\AOL, MSN, Yahoo mail password stealer.exe	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\msncracker.exe	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\uncle fred spanking his young nieces little ass.mpg.pif	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\cute teen with her hole spread wide open.mpg.pif	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\hot slut with a big dildo.mpg.pif	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\swimmingpool threesome fuck suck group sucking.mpg.pif	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\nude.exe	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\some hard sucking and fucking babes.mpg.pif	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\gorgious babe who quit school to model pretty pink.mpg.pif	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\drunk babes sharing a dick.mpg.pif	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\black girl gets dildo wet.mpg.pif	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\holes fisting to the breaking point.mpg.pif	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\illegal porno - 15 year old raped by two men on boat.mpg.pif	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\two teenie boppers learning to eat pussy.mpg.pif	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\virtua girl - bailey short skirt.pif	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\little brown cup-cake with plump boobs and sweet beaver.mpg.pif	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\jenna jameson - xxx nurse scene.mpg.pif	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\Harry Potter and the sorcerors stone.divx.exe	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\15 year old on beach.mpg.exe	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe

C:\Users\Admin\AppData\Local\Temp\b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
"C:\Users\Admin\AppData\Local\Temp\b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:1228

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads