1b8a7aa9d6ad2bf4f3e063bd4be538b57db98466b1132a08dda1bd2e92d36aef

Analysis

max time kernel
15s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/10/2022, 19:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1b8a7aa9d6ad2bf4f3e063bd4be538b57db98466b1132a08dda1bd2e92d36aef.exe
Size

70KB
MD5

a1a8c79727c1fc3c35068316c51d23d0
SHA1

652d82c3a88d876e50e3f1bca4e2850224a6a7cf
SHA256

1b8a7aa9d6ad2bf4f3e063bd4be538b57db98466b1132a08dda1bd2e92d36aef
SHA512

de9900ca1c4c3446ad2cb75f7e951478c8b77bb4ad00ec26a438204ae5f6526a39effa3ad3e5e1f0a2d8ea20b5190185303c5602180933538a1e1011172cd512
SSDEEP

1536:5lrsicagdzn8K2ariPOcjk+XQuPVN72NMSQj3q:5JjcF8KfCOcjk+guPVjSQja

Score

8^/10

persistence upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1900-54-0x0000000000400000-0x0000000000467000-memory.dmp	upx
behavioral1/memory/1900-55-0x0000000000400000-0x0000000000467000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	1b8a7aa9d6ad2bf4f3e063bd4be538b57db98466b1132a08dda1bd2e92d36aef.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\two interracial lesbians licking each other.mpg.pif	1b8a7aa9d6ad2bf4f3e063bd4be538b57db98466b1132a08dda1bd2e92d36aef.exe
File created	C:\Windows\SysWOW64\macromd\asian getting a taste of pork.mpg.pif	1b8a7aa9d6ad2bf4f3e063bd4be538b57db98466b1132a08dda1bd2e92d36aef.exe
File created	C:\Windows\SysWOW64\macromd\pretty babe sucking cock on bed.mpg.pif	1b8a7aa9d6ad2bf4f3e063bd4be538b57db98466b1132a08dda1bd2e92d36aef.exe
File created	C:\Windows\SysWOW64\macromd\gorgious hotties who stimulated over worked rods.mpg.pif	1b8a7aa9d6ad2bf4f3e063bd4be538b57db98466b1132a08dda1bd2e92d36aef.exe
File created	C:\Windows\SysWOW64\macromd\AIM Password Stealer.exe	1b8a7aa9d6ad2bf4f3e063bd4be538b57db98466b1132a08dda1bd2e92d36aef.exe
File created	C:\Windows\SysWOW64\macromd\candy stripper getting down on sick mans cock.mpg.pif	1b8a7aa9d6ad2bf4f3e063bd4be538b57db98466b1132a08dda1bd2e92d36aef.exe
File created	C:\Windows\SysWOW64\macromd\Website Hacker.exe	1b8a7aa9d6ad2bf4f3e063bd4be538b57db98466b1132a08dda1bd2e92d36aef.exe
File created	C:\Windows\SysWOW64\macromd\asian slut with puffy exotic lips.mpg.pif	1b8a7aa9d6ad2bf4f3e063bd4be538b57db98466b1132a08dda1bd2e92d36aef.exe
File created	C:\Windows\SysWOW64\macromd\fine babe spreading sweet ass and luscious cunt.mpg.pif	1b8a7aa9d6ad2bf4f3e063bd4be538b57db98466b1132a08dda1bd2e92d36aef.exe
File created	C:\Windows\SysWOW64\macromd\beautiful babes extending love and compassion.mpg.pif	1b8a7aa9d6ad2bf4f3e063bd4be538b57db98466b1132a08dda1bd2e92d36aef.exe
File created	C:\Windows\SysWOW64\macromd\two plain lonely looking lesbians.mpg.pif	1b8a7aa9d6ad2bf4f3e063bd4be538b57db98466b1132a08dda1bd2e92d36aef.exe
File created	C:\Windows\SysWOW64\macromd\hot girl on the beach sucking cock and fucking guy.mpg.exe	1b8a7aa9d6ad2bf4f3e063bd4be538b57db98466b1132a08dda1bd2e92d36aef.exe
File created	C:\Windows\SysWOW64\macromd\redhead getting a group facial at a wild party.mpg.pif	1b8a7aa9d6ad2bf4f3e063bd4be538b57db98466b1132a08dda1bd2e92d36aef.exe
File created	C:\Windows\SysWOW64\macromd\little dicks on gay male tricks.mpg.pif	1b8a7aa9d6ad2bf4f3e063bd4be538b57db98466b1132a08dda1bd2e92d36aef.exe
File created	C:\Windows\SysWOW64\macromd\wild hoe showing spreading the pink.mpg.pif	1b8a7aa9d6ad2bf4f3e063bd4be538b57db98466b1132a08dda1bd2e92d36aef.exe
File created	C:\Windows\SysWOW64\macromd\dude getting off in lover's mouth at party.mpg.pif	1b8a7aa9d6ad2bf4f3e063bd4be538b57db98466b1132a08dda1bd2e92d36aef.exe
File created	C:\Windows\SysWOW64\macromd\Britney spears nude.exe	1b8a7aa9d6ad2bf4f3e063bd4be538b57db98466b1132a08dda1bd2e92d36aef.exe
File created	C:\Windows\SysWOW64\macromd\pamela anderson nude.exe	1b8a7aa9d6ad2bf4f3e063bd4be538b57db98466b1132a08dda1bd2e92d36aef.exe
File created	C:\Windows\SysWOW64\macromd\hardcored blonde mature.mpg.pif	1b8a7aa9d6ad2bf4f3e063bd4be538b57db98466b1132a08dda1bd2e92d36aef.exe
File created	C:\Windows\SysWOW64\macromd\nurse in pink showing her healthy bone slot.mpg.pif	1b8a7aa9d6ad2bf4f3e063bd4be538b57db98466b1132a08dda1bd2e92d36aef.exe
File created	C:\Windows\SysWOW64\macromd\little chicken shy about exposing sweet cunt.mpg.pif	1b8a7aa9d6ad2bf4f3e063bd4be538b57db98466b1132a08dda1bd2e92d36aef.exe
File created	C:\Windows\SysWOW64\macromd\chick weeing in her pants.mpg.pif	1b8a7aa9d6ad2bf4f3e063bd4be538b57db98466b1132a08dda1bd2e92d36aef.exe
File created	C:\Windows\SysWOW64\macromd\sweet teen lesbians licking snatch.mpg.pif	1b8a7aa9d6ad2bf4f3e063bd4be538b57db98466b1132a08dda1bd2e92d36aef.exe
File created	C:\Windows\SysWOW64\macromd\Another bang bus victim forced rape sex cum.mpg.exe	1b8a7aa9d6ad2bf4f3e063bd4be538b57db98466b1132a08dda1bd2e92d36aef.exe
File created	C:\Windows\SysWOW64\macromd\jenna jameson - shower scene.exe	1b8a7aa9d6ad2bf4f3e063bd4be538b57db98466b1132a08dda1bd2e92d36aef.exe
File created	C:\Windows\SysWOW64\macromd\momma's juggs that make you scream for mercy.mpg.pif	1b8a7aa9d6ad2bf4f3e063bd4be538b57db98466b1132a08dda1bd2e92d36aef.exe
File created	C:\Windows\SysWOW64\macromd\fat grannies action.mpg.pif	1b8a7aa9d6ad2bf4f3e063bd4be538b57db98466b1132a08dda1bd2e92d36aef.exe
File created	C:\Windows\SysWOW64\macromd\an ebony shemale showing her hose.mpg.pif	1b8a7aa9d6ad2bf4f3e063bd4be538b57db98466b1132a08dda1bd2e92d36aef.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	1b8a7aa9d6ad2bf4f3e063bd4be538b57db98466b1132a08dda1bd2e92d36aef.exe
File created	C:\Windows\SysWOW64\macromd\nasty chick in hardcore fucking.mpg.pif	1b8a7aa9d6ad2bf4f3e063bd4be538b57db98466b1132a08dda1bd2e92d36aef.exe
File created	C:\Windows\SysWOW64\macromd\stud fucking his blonde french maid.mpg.pif	1b8a7aa9d6ad2bf4f3e063bd4be538b57db98466b1132a08dda1bd2e92d36aef.exe
File created	C:\Windows\SysWOW64\macromd\cute blonde chick riding cock.mpg.pif	1b8a7aa9d6ad2bf4f3e063bd4be538b57db98466b1132a08dda1bd2e92d36aef.exe
File created	C:\Windows\SysWOW64\macromd\babes with great lips that knows how suck cock.mpg.pif	1b8a7aa9d6ad2bf4f3e063bd4be538b57db98466b1132a08dda1bd2e92d36aef.exe

C:\Users\Admin\AppData\Local\Temp\1b8a7aa9d6ad2bf4f3e063bd4be538b57db98466b1132a08dda1bd2e92d36aef.exe
"C:\Users\Admin\AppData\Local\Temp\1b8a7aa9d6ad2bf4f3e063bd4be538b57db98466b1132a08dda1bd2e92d36aef.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:1900

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1900-54-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/1900-55-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download