b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66

Analysis

max time kernel
149s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2022, 16:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
Size

155KB
MD5

03cde9eba4591afb7e702f23038c6060
SHA1

e6d0650321440996f041e754c1aa9dbffd937956
SHA256

b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66
SHA512

c30eef59777db85693179eea4d05303d020cf0ce1470e73033dd871f0d7dfcedf43a791ee54c8517c9360cffe19ea71dfb86677e8bf25e0751c431729aeb06bc
SSDEEP

3072:jmVW8iTX/3RfldjjXq1+0cxxsWEL02fXcIp08Moe+2TCHaq:aM7jJlRexYTHYZMrg

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\nasty slut sucking huge cock.mpg.pif	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\Another bang bus victim forced rape sex cum.mpg.exe	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\honie playing in her cunt with newly bought toy.mpg.pif	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\asian studys how to strip.mpg.pif	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\fistfucking and how ide it goes.mpg.pif	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\Universal Game Crack.exe	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\preteen sucking huge cock illegal.mpg.exe	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\two busty sluts fucked in bathroom.mpg.pif	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\fine babe spreading sweet ass and luscious cunt.mpg.pif	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\siemens unlocker.exe	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\little chicken shy about exposing sweet cunt.mpg.pif	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\cock forced in some slut mouth.mpg.pif	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\some painfully deep fist insertions.mpg.pif	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\Flash Golf.exe	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\tiny little virgin showing off her cherry pussy.mpg.pif	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\sluts who are in control of their slaves.mpg.pif	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\Xbox Iso 2 Rom Converter.exe	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\invisible IP.exe	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\gorgious hotties who stimulated over worked rods.mpg.pif	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\busty ebony girl showing shaved pus.mpg.pif	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\supermodel nina brosh .mpg.pif	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\slut mouth open wide to take dick in.mpg.pif	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\AOL, MSN, Yahoo mail password stealer.exe	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\AIM Account Stealer.exe	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\hotties sucking boobs and eating snatch in large bed.mpg.pif	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\two studs fucking the hell out of a slut from behind.mpg.pif	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\brazilian supermodel adriana lima.mpg.pif	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\hot blonde fucking and sucking cum.mpg.pif	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\Digimon.exe	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\Two girls - Blonde and Brunette - Giving head.exe	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\closeups of horny slut serving up sweet hairy bush.mpg.pif	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\macromd\two large black bones in a small white box.mpg.pif	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe

C:\Users\Admin\AppData\Local\Temp\b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe
"C:\Users\Admin\AppData\Local\Temp\b9883a56c20cbe71d7c0519b9736fe6ae35dabd2c13ba33a9255f78f5a556f66.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:1304

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads