82813f5653c422e047269ee893c9df756873dd8df5f2877c8dcf26fdda76e7c8

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/10/2022, 19:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

82813f5653c422e047269ee893c9df756873dd8df5f2877c8dcf26fdda76e7c8.exe
Size

71KB
MD5

a1536a0adb8c0c08610857e8ff67dba0
SHA1

87be985d23a81f8a0f62eec1006d0b3cf8368d0d
SHA256

82813f5653c422e047269ee893c9df756873dd8df5f2877c8dcf26fdda76e7c8
SHA512

02bb2e45187fb4ea3d2c395b2942ff2f9c7df9c803c40e4d980234461e135965c6dca4da484a5e697bf9dd1ddeb0f7262065e874743c0aa3be5caa78039a1708
SSDEEP

1536:5lrsicagdzn8K2ariPOcjk+XQuPVN72NMSoUhWqv3O:5JjcF8KfCOcjk+guPVjSoGve

Score

8^/10

persistence upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1676-54-0x0000000000400000-0x0000000000467000-memory.dmp	upx
behavioral1/memory/1676-55-0x0000000000400000-0x0000000000467000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	82813f5653c422e047269ee893c9df756873dd8df5f2877c8dcf26fdda76e7c8.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\sexy hot looking horny ebony teens.mpg.pif	82813f5653c422e047269ee893c9df756873dd8df5f2877c8dcf26fdda76e7c8.exe
File created	C:\Windows\SysWOW64\macromd\cute young tart on a lucky dudes cum shooter.mpg.pif	82813f5653c422e047269ee893c9df756873dd8df5f2877c8dcf26fdda76e7c8.exe
File created	C:\Windows\SysWOW64\macromd\sexy babe drinking hot jizz load.mpg.pif	82813f5653c422e047269ee893c9df756873dd8df5f2877c8dcf26fdda76e7c8.exe
File created	C:\Windows\SysWOW64\macromd\Harry Potter and the sorcerors stone.divx.exe	82813f5653c422e047269ee893c9df756873dd8df5f2877c8dcf26fdda76e7c8.exe
File created	C:\Windows\SysWOW64\macromd\MSN Flooder.exe	82813f5653c422e047269ee893c9df756873dd8df5f2877c8dcf26fdda76e7c8.exe
File created	C:\Windows\SysWOW64\macromd\hotmail account sniffer.exe	82813f5653c422e047269ee893c9df756873dd8df5f2877c8dcf26fdda76e7c8.exe
File created	C:\Windows\SysWOW64\macromd\closeups of horny slut serving up sweet hairy bush.mpg.pif	82813f5653c422e047269ee893c9df756873dd8df5f2877c8dcf26fdda76e7c8.exe
File created	C:\Windows\SysWOW64\macromd\strange asian ass odyssey.mpg.pif	82813f5653c422e047269ee893c9df756873dd8df5f2877c8dcf26fdda76e7c8.exe
File created	C:\Windows\SysWOW64\macromd\Grand theft auto 3 CD1 crack.exe	82813f5653c422e047269ee893c9df756873dd8df5f2877c8dcf26fdda76e7c8.exe
File created	C:\Windows\SysWOW64\macromd\aimcracker.exe	82813f5653c422e047269ee893c9df756873dd8df5f2877c8dcf26fdda76e7c8.exe
File created	C:\Windows\SysWOW64\macromd\gorgious hotties who stimulated over worked rods.mpg.pif	82813f5653c422e047269ee893c9df756873dd8df5f2877c8dcf26fdda76e7c8.exe
File created	C:\Windows\SysWOW64\macromd\Microsoft Office XP (english) key generator.exe	82813f5653c422e047269ee893c9df756873dd8df5f2877c8dcf26fdda76e7c8.exe
File created	C:\Windows\SysWOW64\macromd\pornstar aria giovanni .mpg.pif	82813f5653c422e047269ee893c9df756873dd8df5f2877c8dcf26fdda76e7c8.exe
File created	C:\Windows\SysWOW64\macromd\hot blonde fucking and sucking cum.mpg.pif	82813f5653c422e047269ee893c9df756873dd8df5f2877c8dcf26fdda76e7c8.exe
File created	C:\Windows\SysWOW64\macromd\babes with an assortment of delicious big juggs.mpg.pif	82813f5653c422e047269ee893c9df756873dd8df5f2877c8dcf26fdda76e7c8.exe
File created	C:\Windows\SysWOW64\macromd\stud fucking his blonde french maid.mpg.pif	82813f5653c422e047269ee893c9df756873dd8df5f2877c8dcf26fdda76e7c8.exe
File created	C:\Windows\SysWOW64\macromd\CKY3 - Bam Margera World Industries Alien Workshop.exe	82813f5653c422e047269ee893c9df756873dd8df5f2877c8dcf26fdda76e7c8.exe
File created	C:\Windows\SysWOW64\macromd\AIM Password Stealer.exe	82813f5653c422e047269ee893c9df756873dd8df5f2877c8dcf26fdda76e7c8.exe
File created	C:\Windows\SysWOW64\macromd\Preteen Rape Sex Illegal - Jenny - 13 Years old.mpg.pif	82813f5653c422e047269ee893c9df756873dd8df5f2877c8dcf26fdda76e7c8.exe
File created	C:\Windows\SysWOW64\macromd\babe with dick stuck between her ass cheeks.mpg.pif	82813f5653c422e047269ee893c9df756873dd8df5f2877c8dcf26fdda76e7c8.exe
File created	C:\Windows\SysWOW64\macromd\candy stripper getting down on sick mans cock.mpg.pif	82813f5653c422e047269ee893c9df756873dd8df5f2877c8dcf26fdda76e7c8.exe
File created	C:\Windows\SysWOW64\macromd\sluts who are in control of their slaves.mpg.pif	82813f5653c422e047269ee893c9df756873dd8df5f2877c8dcf26fdda76e7c8.exe
File created	C:\Windows\SysWOW64\macromd\hot babe showing her pussy and wanting a stiff cock.mpg.pif	82813f5653c422e047269ee893c9df756873dd8df5f2877c8dcf26fdda76e7c8.exe
File created	C:\Windows\SysWOW64\macromd\uncle fred spanking his young nieces little ass.mpg.pif	82813f5653c422e047269ee893c9df756873dd8df5f2877c8dcf26fdda76e7c8.exe
File created	C:\Windows\SysWOW64\macromd\babes getting big cocks off with lips.mpg.pif	82813f5653c422e047269ee893c9df756873dd8df5f2877c8dcf26fdda76e7c8.exe
File created	C:\Windows\SysWOW64\macromd\amateur babe showing pink.mpg.pif	82813f5653c422e047269ee893c9df756873dd8df5f2877c8dcf26fdda76e7c8.exe
File created	C:\Windows\SysWOW64\macromd\hot actress heather graham naked.mpg.pif	82813f5653c422e047269ee893c9df756873dd8df5f2877c8dcf26fdda76e7c8.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	82813f5653c422e047269ee893c9df756873dd8df5f2877c8dcf26fdda76e7c8.exe
File created	C:\Windows\SysWOW64\macromd\fetish bondage preteen porno.mpg.pif	82813f5653c422e047269ee893c9df756873dd8df5f2877c8dcf26fdda76e7c8.exe
File created	C:\Windows\SysWOW64\macromd\blonde showing her pussy to her neighbor.mpg.pif	82813f5653c422e047269ee893c9df756873dd8df5f2877c8dcf26fdda76e7c8.exe
File created	C:\Windows\SysWOW64\macromd\amateur getting off in the mirror.mpg.pif	82813f5653c422e047269ee893c9df756873dd8df5f2877c8dcf26fdda76e7c8.exe
File created	C:\Windows\SysWOW64\macromd\toying blonde with fucking machine.mpg.pif	82813f5653c422e047269ee893c9df756873dd8df5f2877c8dcf26fdda76e7c8.exe
File created	C:\Windows\SysWOW64\macromd\blowjob girl getting a sloppy facial.mpg.pif	82813f5653c422e047269ee893c9df756873dd8df5f2877c8dcf26fdda76e7c8.exe

C:\Users\Admin\AppData\Local\Temp\82813f5653c422e047269ee893c9df756873dd8df5f2877c8dcf26fdda76e7c8.exe
"C:\Users\Admin\AppData\Local\Temp\82813f5653c422e047269ee893c9df756873dd8df5f2877c8dcf26fdda76e7c8.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:1676

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1676-54-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/1676-55-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download