94213d05063a6bf60c8e35e41c87f44008483086975f9ea6458c6a847a85e21a

Analysis

max time kernel
38s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/10/2022, 19:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

94213d05063a6bf60c8e35e41c87f44008483086975f9ea6458c6a847a85e21a.exe
Size

80KB
MD5

a217d4f3f593cf3c88fae15be6819570
SHA1

042678e98887244ad04ef0bc135c540b825a4898
SHA256

94213d05063a6bf60c8e35e41c87f44008483086975f9ea6458c6a847a85e21a
SHA512

7d71d6ed40d6cb43f21d428cdad11343b6c78324feb0e4dc5df89bf4663bde1f131fa5cb9f1791c4717fd0e257305743fbf94aa847d7eeaee73bd2f986c5f9e5
SSDEEP

1536:5lrsicagdzn8K2ariPOcjk+XQuPVN72NMSu7A0IYDDRw/z26/Htd:5JjcF8KfCOcjk+guPVjSWA0IYYzd

Score

8^/10

persistence upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1960-54-0x0000000000400000-0x0000000000467000-memory.dmp	upx
behavioral1/memory/1960-55-0x0000000000400000-0x0000000000467000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	94213d05063a6bf60c8e35e41c87f44008483086975f9ea6458c6a847a85e21a.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\Norton antivirus 2002.exe	94213d05063a6bf60c8e35e41c87f44008483086975f9ea6458c6a847a85e21a.exe
File created	C:\Windows\SysWOW64\macromd\brutal preteen porn xxx.exe	94213d05063a6bf60c8e35e41c87f44008483086975f9ea6458c6a847a85e21a.exe
File created	C:\Windows\SysWOW64\macromd\babes getting facials and riding cocks.mpg.pif	94213d05063a6bf60c8e35e41c87f44008483086975f9ea6458c6a847a85e21a.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	94213d05063a6bf60c8e35e41c87f44008483086975f9ea6458c6a847a85e21a.exe
File created	C:\Windows\SysWOW64\macromd\two teenie boppers learning to eat pussy.mpg.pif	94213d05063a6bf60c8e35e41c87f44008483086975f9ea6458c6a847a85e21a.exe
File created	C:\Windows\SysWOW64\macromd\honie playing in her cunt with newly bought toy.mpg.pif	94213d05063a6bf60c8e35e41c87f44008483086975f9ea6458c6a847a85e21a.exe
File created	C:\Windows\SysWOW64\macromd\pigtail black babe with pretty boy.mpg.pif	94213d05063a6bf60c8e35e41c87f44008483086975f9ea6458c6a847a85e21a.exe
File created	C:\Windows\SysWOW64\macromd\hot anita blonde doing lesbo.mpg.pif	94213d05063a6bf60c8e35e41c87f44008483086975f9ea6458c6a847a85e21a.exe
File created	C:\Windows\SysWOW64\macromd\hot girl on the beach sucking cock and fucking guy.mpg.exe	94213d05063a6bf60c8e35e41c87f44008483086975f9ea6458c6a847a85e21a.exe
File created	C:\Windows\SysWOW64\macromd\porn account cracker.exe	94213d05063a6bf60c8e35e41c87f44008483086975f9ea6458c6a847a85e21a.exe
File created	C:\Windows\SysWOW64\macromd\MSN.exe	94213d05063a6bf60c8e35e41c87f44008483086975f9ea6458c6a847a85e21a.exe
File created	C:\Windows\SysWOW64\macromd\dedicated honie giving dude a helping hand and head.mpg.pif	94213d05063a6bf60c8e35e41c87f44008483086975f9ea6458c6a847a85e21a.exe
File created	C:\Windows\SysWOW64\macromd\aunt and nephew doing the nasty.mpg.pif	94213d05063a6bf60c8e35e41c87f44008483086975f9ea6458c6a847a85e21a.exe
File created	C:\Windows\SysWOW64\macromd\amateur getting off in the mirror.mpg.pif	94213d05063a6bf60c8e35e41c87f44008483086975f9ea6458c6a847a85e21a.exe
File created	C:\Windows\SysWOW64\macromd\Nokia Unloker (most models).exe	94213d05063a6bf60c8e35e41c87f44008483086975f9ea6458c6a847a85e21a.exe
File created	C:\Windows\SysWOW64\macromd\horny ass licking lesbians.mpg.pif	94213d05063a6bf60c8e35e41c87f44008483086975f9ea6458c6a847a85e21a.exe
File created	C:\Windows\SysWOW64\macromd\babes getting their tender little asses corked.mpg.pif	94213d05063a6bf60c8e35e41c87f44008483086975f9ea6458c6a847a85e21a.exe
File created	C:\Windows\SysWOW64\macromd\sexy hot looking horny ebony teens.mpg.pif	94213d05063a6bf60c8e35e41c87f44008483086975f9ea6458c6a847a85e21a.exe
File created	C:\Windows\SysWOW64\macromd\spying on gals in toilet.mpg.pif	94213d05063a6bf60c8e35e41c87f44008483086975f9ea6458c6a847a85e21a.exe
File created	C:\Windows\SysWOW64\macromd\two dudes comparing dick sizes.mpg.pif	94213d05063a6bf60c8e35e41c87f44008483086975f9ea6458c6a847a85e21a.exe
File created	C:\Windows\SysWOW64\macromd\yahoo cracker.exe	94213d05063a6bf60c8e35e41c87f44008483086975f9ea6458c6a847a85e21a.exe
File created	C:\Windows\SysWOW64\macromd\siemens unlocker.exe	94213d05063a6bf60c8e35e41c87f44008483086975f9ea6458c6a847a85e21a.exe
File created	C:\Windows\SysWOW64\macromd\honie displaying raw pink ass.mpg.pif	94213d05063a6bf60c8e35e41c87f44008483086975f9ea6458c6a847a85e21a.exe
File created	C:\Windows\SysWOW64\macromd\hotmailhacker.exe	94213d05063a6bf60c8e35e41c87f44008483086975f9ea6458c6a847a85e21a.exe
File created	C:\Windows\SysWOW64\macromd\cutie nailed up the ass.mpg.pif	94213d05063a6bf60c8e35e41c87f44008483086975f9ea6458c6a847a85e21a.exe
File created	C:\Windows\SysWOW64\macromd\prego housewifes large hole .mpg.pif	94213d05063a6bf60c8e35e41c87f44008483086975f9ea6458c6a847a85e21a.exe
File created	C:\Windows\SysWOW64\macromd\Xbox Iso 2 Rom Converter.exe	94213d05063a6bf60c8e35e41c87f44008483086975f9ea6458c6a847a85e21a.exe
File created	C:\Windows\SysWOW64\macromd\hot hungry sluts sucking cum for a line of coke.mpg.pif	94213d05063a6bf60c8e35e41c87f44008483086975f9ea6458c6a847a85e21a.exe
File created	C:\Windows\SysWOW64\macromd\nice facial cumshot for slut.mpg.pif	94213d05063a6bf60c8e35e41c87f44008483086975f9ea6458c6a847a85e21a.exe
File created	C:\Windows\SysWOW64\macromd\little dicks on gay male tricks.mpg.pif	94213d05063a6bf60c8e35e41c87f44008483086975f9ea6458c6a847a85e21a.exe
File created	C:\Windows\SysWOW64\macromd\sexy pink pussy girl taking it off.mpg.pif	94213d05063a6bf60c8e35e41c87f44008483086975f9ea6458c6a847a85e21a.exe
File created	C:\Windows\SysWOW64\macromd\old man fucking young blonde teen.mpg.pif	94213d05063a6bf60c8e35e41c87f44008483086975f9ea6458c6a847a85e21a.exe
File created	C:\Windows\SysWOW64\macromd\lesbians lickin and toying.mpg.pif	94213d05063a6bf60c8e35e41c87f44008483086975f9ea6458c6a847a85e21a.exe

C:\Users\Admin\AppData\Local\Temp\94213d05063a6bf60c8e35e41c87f44008483086975f9ea6458c6a847a85e21a.exe
"C:\Users\Admin\AppData\Local\Temp\94213d05063a6bf60c8e35e41c87f44008483086975f9ea6458c6a847a85e21a.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:1960

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1960-54-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/1960-55-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download