Analysis
-
max time kernel
28s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
19/10/2022, 18:58
Behavioral task
behavioral1
Sample
d9f739a6773dafb5f54ec4c74a26dbfc027b066a1009c591aad5e31c438d1c41.exe
Resource
win7-20220812-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
d9f739a6773dafb5f54ec4c74a26dbfc027b066a1009c591aad5e31c438d1c41.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
d9f739a6773dafb5f54ec4c74a26dbfc027b066a1009c591aad5e31c438d1c41.exe
-
Size
76KB
-
MD5
a0acc5a31a50d77838e3caaec324ee20
-
SHA1
41de0a3f53d90cce8b85540bcc02f1203e4f39ac
-
SHA256
d9f739a6773dafb5f54ec4c74a26dbfc027b066a1009c591aad5e31c438d1c41
-
SHA512
c1632fb697aa0b67abb576862315d7be983b8cea5767c7a16fe4622402cc5ef812e4bef9290e5f13eb1ef1d733b20eb56859cb0936765996df5669a6ddaa9784
-
SSDEEP
1536:5lrsicagdzn8K2ariPOcjk+XQuPVN72NMSgwUXvMdLk+s4Dx:5JjcF8KfCOcjk+guPVjSNpJDsM
Score
8/10
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/1016-54-0x0000000000400000-0x0000000000467000-memory.dmp upx behavioral1/memory/1016-55-0x0000000000400000-0x0000000000467000-memory.dmp upx behavioral1/memory/1016-56-0x0000000000400000-0x0000000000467000-memory.dmp upx -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe" d9f739a6773dafb5f54ec4c74a26dbfc027b066a1009c591aad5e31c438d1c41.exe -
Drops file in System32 directory 33 IoCs
description ioc Process File created C:\Windows\SysWOW64\macromd\jenna jameson sex scene huge dick blowjob.scr d9f739a6773dafb5f54ec4c74a26dbfc027b066a1009c591aad5e31c438d1c41.exe File created C:\Windows\SysWOW64\macromd\babes with great lips that knows how suck cock.mpg.pif d9f739a6773dafb5f54ec4c74a26dbfc027b066a1009c591aad5e31c438d1c41.exe File created C:\Windows\SysWOW64\macromd\wild ebony slut taking two cocks.mpg.pif d9f739a6773dafb5f54ec4c74a26dbfc027b066a1009c591aad5e31c438d1c41.exe File created C:\Windows\SysWOW64\macromd\crazy old man playing young teen.mpg.pif d9f739a6773dafb5f54ec4c74a26dbfc027b066a1009c591aad5e31c438d1c41.exe File created C:\Windows\SysWOW64\macromd\honie displaying raw pink ass.mpg.pif d9f739a6773dafb5f54ec4c74a26dbfc027b066a1009c591aad5e31c438d1c41.exe File created C:\Windows\SysWOW64\macromd\gay guy with a screwing machine.mpg.pif d9f739a6773dafb5f54ec4c74a26dbfc027b066a1009c591aad5e31c438d1c41.exe File created C:\Windows\SysWOW64\macromd\Kama Sutra Tetris.exe d9f739a6773dafb5f54ec4c74a26dbfc027b066a1009c591aad5e31c438d1c41.exe File created C:\Windows\SysWOW64\macromd\AIM Flooder.exe d9f739a6773dafb5f54ec4c74a26dbfc027b066a1009c591aad5e31c438d1c41.exe File created C:\Windows\SysWOW64\macromd\kill osama bin laden game.exe d9f739a6773dafb5f54ec4c74a26dbfc027b066a1009c591aad5e31c438d1c41.exe File created C:\Windows\SysWOW64\macromd\career girls playing with their snatch after work.mpg.pif d9f739a6773dafb5f54ec4c74a26dbfc027b066a1009c591aad5e31c438d1c41.exe File created C:\Windows\SysWOW64\macromd\her taking a dildo right in the ass.mpg.pif d9f739a6773dafb5f54ec4c74a26dbfc027b066a1009c591aad5e31c438d1c41.exe File created C:\Windows\SysWOW64\macromd\Counter Strike CD Keygen.exe d9f739a6773dafb5f54ec4c74a26dbfc027b066a1009c591aad5e31c438d1c41.exe File created C:\Windows\SysWOW64\macromd\Microsoft Office XP (english) key generator.exe d9f739a6773dafb5f54ec4c74a26dbfc027b066a1009c591aad5e31c438d1c41.exe File created C:\Windows\SysWOW64\macromd\Warcraft 3 battle.net serial generator.exe d9f739a6773dafb5f54ec4c74a26dbfc027b066a1009c591aad5e31c438d1c41.exe File created C:\Windows\SysWOW64\macromd\extremely fine hoine with incredible sweet twat.mpg.pif d9f739a6773dafb5f54ec4c74a26dbfc027b066a1009c591aad5e31c438d1c41.exe File created C:\Windows\SysWOW64\macromd\showing some hot girls share cock.mpg.pif d9f739a6773dafb5f54ec4c74a26dbfc027b066a1009c591aad5e31c438d1c41.exe File created C:\Windows\SysWOW64\winxcfg.exe d9f739a6773dafb5f54ec4c74a26dbfc027b066a1009c591aad5e31c438d1c41.exe File created C:\Windows\SysWOW64\macromd\hotmail account sniffer.exe d9f739a6773dafb5f54ec4c74a26dbfc027b066a1009c591aad5e31c438d1c41.exe File created C:\Windows\SysWOW64\macromd\Preteen Rape Sex Illegal - Jenny - 13 Years old.mpg.pif d9f739a6773dafb5f54ec4c74a26dbfc027b066a1009c591aad5e31c438d1c41.exe File created C:\Windows\SysWOW64\macromd\horny asian warming her finger in her gash.mpg.pif d9f739a6773dafb5f54ec4c74a26dbfc027b066a1009c591aad5e31c438d1c41.exe File created C:\Windows\SysWOW64\macromd\black girl gets dildo wet.mpg.pif d9f739a6773dafb5f54ec4c74a26dbfc027b066a1009c591aad5e31c438d1c41.exe File created C:\Windows\SysWOW64\macromd\pornstar aria giovanni .mpg.pif d9f739a6773dafb5f54ec4c74a26dbfc027b066a1009c591aad5e31c438d1c41.exe File created C:\Windows\SysWOW64\macromd\virtua girl - adriana.pif d9f739a6773dafb5f54ec4c74a26dbfc027b066a1009c591aad5e31c438d1c41.exe File created C:\Windows\SysWOW64\macromd\Britney spears nude.exe d9f739a6773dafb5f54ec4c74a26dbfc027b066a1009c591aad5e31c438d1c41.exe File created C:\Windows\SysWOW64\macromd\Norton antivirus 2002.exe d9f739a6773dafb5f54ec4c74a26dbfc027b066a1009c591aad5e31c438d1c41.exe File created C:\Windows\SysWOW64\macromd\old lady in bra and corset with dildo.mpg.pif d9f739a6773dafb5f54ec4c74a26dbfc027b066a1009c591aad5e31c438d1c41.exe File created C:\Windows\SysWOW64\macromd\sweet ass blonde teen with dripping wet pussy.mpg.pif d9f739a6773dafb5f54ec4c74a26dbfc027b066a1009c591aad5e31c438d1c41.exe File created C:\Windows\SysWOW64\macromd\kinky banana in pussy.mpg.pif d9f739a6773dafb5f54ec4c74a26dbfc027b066a1009c591aad5e31c438d1c41.exe File created C:\Windows\SysWOW64\macromd\Digimon.exe d9f739a6773dafb5f54ec4c74a26dbfc027b066a1009c591aad5e31c438d1c41.exe File created C:\Windows\SysWOW64\macromd\Two girls - Blonde and Brunette - Giving head.exe d9f739a6773dafb5f54ec4c74a26dbfc027b066a1009c591aad5e31c438d1c41.exe File created C:\Windows\SysWOW64\macromd\illegal preteen porn anal fisting.mpg.pif d9f739a6773dafb5f54ec4c74a26dbfc027b066a1009c591aad5e31c438d1c41.exe File created C:\Windows\SysWOW64\macromd\euro moma with big headlights and scrumptous ass.mpg.pif d9f739a6773dafb5f54ec4c74a26dbfc027b066a1009c591aad5e31c438d1c41.exe File created C:\Windows\SysWOW64\macromd\toying blonde with fucking machine.mpg.pif d9f739a6773dafb5f54ec4c74a26dbfc027b066a1009c591aad5e31c438d1c41.exe