6085d76d6630b2a10e234914c570312d576e77cab13b843b2282a520ec465a61

Analysis

max time kernel
40s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/10/2022, 19:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6085d76d6630b2a10e234914c570312d576e77cab13b843b2282a520ec465a61.exe
Size

71KB
MD5

a16d8ef88c8b659d4fc6e58c433f46c0
SHA1

6bc23f05d46ee388d2f3860612d7f6fa7f2fa496
SHA256

6085d76d6630b2a10e234914c570312d576e77cab13b843b2282a520ec465a61
SHA512

d1e47e03fc187e274b9932e368e63a1159d823cc56b32640f2dce8a462e290d82c36c82a7136f95ceb50c80497c56399174016766f852eecf2c4ba01ae7bed2b
SSDEEP

1536:5lrsicagdzn8K2ariPOcjk+XQuPVN72NMSSbTvlsGZ:5JjcF8KfCOcjk+guPVjSSHRZ

Score

8^/10

persistence upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1792-54-0x0000000000400000-0x0000000000467000-memory.dmp	upx
behavioral1/memory/1792-55-0x0000000000400000-0x0000000000467000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	6085d76d6630b2a10e234914c570312d576e77cab13b843b2282a520ec465a61.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\Two girls - Blonde and Brunette - Giving head.exe	6085d76d6630b2a10e234914c570312d576e77cab13b843b2282a520ec465a61.exe
File created	C:\Windows\SysWOW64\macromd\cute blonde cheerleader dancing.mpg.pif	6085d76d6630b2a10e234914c570312d576e77cab13b843b2282a520ec465a61.exe
File created	C:\Windows\SysWOW64\macromd\babe leading pussy-whipped stud around by her cunt.mpg.pif	6085d76d6630b2a10e234914c570312d576e77cab13b843b2282a520ec465a61.exe
File created	C:\Windows\SysWOW64\macromd\AOL, MSN, Yahoo mail password stealer.exe	6085d76d6630b2a10e234914c570312d576e77cab13b843b2282a520ec465a61.exe
File created	C:\Windows\SysWOW64\macromd\Teen Violent Forced Gangbang.exe	6085d76d6630b2a10e234914c570312d576e77cab13b843b2282a520ec465a61.exe
File created	C:\Windows\SysWOW64\macromd\Winzip.exe	6085d76d6630b2a10e234914c570312d576e77cab13b843b2282a520ec465a61.exe
File created	C:\Windows\SysWOW64\macromd\career girls playing with their snatch after work.mpg.pif	6085d76d6630b2a10e234914c570312d576e77cab13b843b2282a520ec465a61.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	6085d76d6630b2a10e234914c570312d576e77cab13b843b2282a520ec465a61.exe
File created	C:\Windows\SysWOW64\macromd\Kama Sutra Tetris.exe	6085d76d6630b2a10e234914c570312d576e77cab13b843b2282a520ec465a61.exe
File created	C:\Windows\SysWOW64\macromd\hotties sucking boobs and eating snatch in large bed.mpg.pif	6085d76d6630b2a10e234914c570312d576e77cab13b843b2282a520ec465a61.exe
File created	C:\Windows\SysWOW64\macromd\cute honie spreading flawless ass and juicy twat.mpg.pif	6085d76d6630b2a10e234914c570312d576e77cab13b843b2282a520ec465a61.exe
File created	C:\Windows\SysWOW64\macromd\two large black bones in a small white box.mpg.pif	6085d76d6630b2a10e234914c570312d576e77cab13b843b2282a520ec465a61.exe
File created	C:\Windows\SysWOW64\macromd\babe locking lips around her man's rod in backyard.mpg.pif	6085d76d6630b2a10e234914c570312d576e77cab13b843b2282a520ec465a61.exe
File created	C:\Windows\SysWOW64\macromd\hot girl on the beach sucking cock and fucking guy.mpg.exe	6085d76d6630b2a10e234914c570312d576e77cab13b843b2282a520ec465a61.exe
File created	C:\Windows\SysWOW64\macromd\aol password cracker.exe	6085d76d6630b2a10e234914c570312d576e77cab13b843b2282a520ec465a61.exe
File created	C:\Windows\SysWOW64\macromd\two teenie boppers learning to eat pussy.mpg.pif	6085d76d6630b2a10e234914c570312d576e77cab13b843b2282a520ec465a61.exe
File created	C:\Windows\SysWOW64\macromd\young slut being pound in all her tight holes.mpg.pif	6085d76d6630b2a10e234914c570312d576e77cab13b843b2282a520ec465a61.exe
File created	C:\Windows\SysWOW64\macromd\Blonde and Japanese girl bukkake.mpg.exe	6085d76d6630b2a10e234914c570312d576e77cab13b843b2282a520ec465a61.exe
File created	C:\Windows\SysWOW64\macromd\preteen snuff sex rape with a stick hardcore.mpg.pif	6085d76d6630b2a10e234914c570312d576e77cab13b843b2282a520ec465a61.exe
File created	C:\Windows\SysWOW64\macromd\Harry Potter and the sorcerors stone.divx.exe	6085d76d6630b2a10e234914c570312d576e77cab13b843b2282a520ec465a61.exe
File created	C:\Windows\SysWOW64\macromd\hot babes having too much fun at nude beach party.mpg.pif	6085d76d6630b2a10e234914c570312d576e77cab13b843b2282a520ec465a61.exe
File created	C:\Windows\SysWOW64\macromd\neighbor boy fucking grandma after mowing her grass.mpg.pif	6085d76d6630b2a10e234914c570312d576e77cab13b843b2282a520ec465a61.exe
File created	C:\Windows\SysWOW64\macromd\uncle fred spanking his young nieces little ass.mpg.pif	6085d76d6630b2a10e234914c570312d576e77cab13b843b2282a520ec465a61.exe
File created	C:\Windows\SysWOW64\macromd\nurse in pink showing her healthy bone slot.mpg.pif	6085d76d6630b2a10e234914c570312d576e77cab13b843b2282a520ec465a61.exe
File created	C:\Windows\SysWOW64\macromd\Britney spears nude.exe	6085d76d6630b2a10e234914c570312d576e77cab13b843b2282a520ec465a61.exe
File created	C:\Windows\SysWOW64\macromd\Norton antivirus 2002.exe	6085d76d6630b2a10e234914c570312d576e77cab13b843b2282a520ec465a61.exe
File created	C:\Windows\SysWOW64\macromd\young teen slut with a huge cock in her mouth.mpg.pif	6085d76d6630b2a10e234914c570312d576e77cab13b843b2282a520ec465a61.exe
File created	C:\Windows\SysWOW64\macromd\Universal Game Crack.exe	6085d76d6630b2a10e234914c570312d576e77cab13b843b2282a520ec465a61.exe
File created	C:\Windows\SysWOW64\macromd\sexy pink pussy girl taking it off.mpg.pif	6085d76d6630b2a10e234914c570312d576e77cab13b843b2282a520ec465a61.exe
File created	C:\Windows\SysWOW64\macromd\some fine amateur pussy shots from behind.mpg.pif	6085d76d6630b2a10e234914c570312d576e77cab13b843b2282a520ec465a61.exe
File created	C:\Windows\SysWOW64\macromd\Counter Strike CD Keygen.exe	6085d76d6630b2a10e234914c570312d576e77cab13b843b2282a520ec465a61.exe
File created	C:\Windows\SysWOW64\macromd\Napster Clone.exe	6085d76d6630b2a10e234914c570312d576e77cab13b843b2282a520ec465a61.exe
File created	C:\Windows\SysWOW64\macromd\nasty slut sucking huge cock.mpg.pif	6085d76d6630b2a10e234914c570312d576e77cab13b843b2282a520ec465a61.exe

C:\Users\Admin\AppData\Local\Temp\6085d76d6630b2a10e234914c570312d576e77cab13b843b2282a520ec465a61.exe
"C:\Users\Admin\AppData\Local\Temp\6085d76d6630b2a10e234914c570312d576e77cab13b843b2282a520ec465a61.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:1792

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1792-54-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/1792-55-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download