12d15034036531c547a3e1e399c6a59b18ee7c0173656f100363fa6ca53fed4a

Analysis

max time kernel
29s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/10/2022, 19:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

12d15034036531c547a3e1e399c6a59b18ee7c0173656f100363fa6ca53fed4a.exe
Size

87KB
MD5

a18015ec4255f648ac2a3bdce1aad1c0
SHA1

b147955c5942bc582792393863d25c32ac535cd8
SHA256

12d15034036531c547a3e1e399c6a59b18ee7c0173656f100363fa6ca53fed4a
SHA512

66c679d940098da64516d96ccd5ee5f7b2b84f79b9905731044011edbb209fab790e272c6cf75cc1dc43dacfde1aca0d273e86b18a4d45b44271e16e5ff67620
SSDEEP

1536:5lrsicagdzn8K2ariPOcjk+XQuPVN72NMS7ph1kF8hUvq6pEt:5JjcF8KfCOcjk+guPVjS7phWFYU4t

Score

8^/10

persistence upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1028-54-0x0000000000400000-0x0000000000467000-memory.dmp	upx
behavioral1/memory/1028-55-0x0000000000400000-0x0000000000467000-memory.dmp	upx
behavioral1/memory/1028-56-0x0000000000400000-0x0000000000467000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	12d15034036531c547a3e1e399c6a59b18ee7c0173656f100363fa6ca53fed4a.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\maid's vagina plowed by big cock.mpg.pif	12d15034036531c547a3e1e399c6a59b18ee7c0173656f100363fa6ca53fed4a.exe
File created	C:\Windows\SysWOW64\macromd\redhead in red lingerie ready to fuck.mpg.pif	12d15034036531c547a3e1e399c6a59b18ee7c0173656f100363fa6ca53fed4a.exe
File created	C:\Windows\SysWOW64\macromd\blonde showing her pussy to her neighbor.mpg.pif	12d15034036531c547a3e1e399c6a59b18ee7c0173656f100363fa6ca53fed4a.exe
File created	C:\Windows\SysWOW64\macromd\two interracial lesbians licking each other.mpg.pif	12d15034036531c547a3e1e399c6a59b18ee7c0173656f100363fa6ca53fed4a.exe
File created	C:\Windows\SysWOW64\macromd\cute teen fingering herself on the sofa.mpg.pif	12d15034036531c547a3e1e399c6a59b18ee7c0173656f100363fa6ca53fed4a.exe
File created	C:\Windows\SysWOW64\macromd\sexy hot teens gettin busy in shower.mpg.pif	12d15034036531c547a3e1e399c6a59b18ee7c0173656f100363fa6ca53fed4a.exe
File created	C:\Windows\SysWOW64\macromd\hot blonde teen sucking old dick.mpg.pif	12d15034036531c547a3e1e399c6a59b18ee7c0173656f100363fa6ca53fed4a.exe
File created	C:\Windows\SysWOW64\macromd\blonde on couch gettin tight anal fucking.mpg.pif	12d15034036531c547a3e1e399c6a59b18ee7c0173656f100363fa6ca53fed4a.exe
File created	C:\Windows\SysWOW64\macromd\Grand theft auto 3 CD1 crack.exe	12d15034036531c547a3e1e399c6a59b18ee7c0173656f100363fa6ca53fed4a.exe
File created	C:\Windows\SysWOW64\macromd\nice girl showing her tits for extra money.mpg.pif	12d15034036531c547a3e1e399c6a59b18ee7c0173656f100363fa6ca53fed4a.exe
File created	C:\Windows\SysWOW64\macromd\sexy blonde teasing pussy.mpg.pif	12d15034036531c547a3e1e399c6a59b18ee7c0173656f100363fa6ca53fed4a.exe
File created	C:\Windows\SysWOW64\macromd\AIM Flooder.exe	12d15034036531c547a3e1e399c6a59b18ee7c0173656f100363fa6ca53fed4a.exe
File created	C:\Windows\SysWOW64\macromd\movie of mom who whip hot ass on daughter's big cock lover.mpg.pif	12d15034036531c547a3e1e399c6a59b18ee7c0173656f100363fa6ca53fed4a.exe
File created	C:\Windows\SysWOW64\macromd\babe leading pussy-whipped stud around by her cunt.mpg.pif	12d15034036531c547a3e1e399c6a59b18ee7c0173656f100363fa6ca53fed4a.exe
File created	C:\Windows\SysWOW64\macromd\mature show older pussy and happy to do it.mpg.pif	12d15034036531c547a3e1e399c6a59b18ee7c0173656f100363fa6ca53fed4a.exe
File created	C:\Windows\SysWOW64\macromd\2 horny babes doing 1 lucky dude.mpg.pif	12d15034036531c547a3e1e399c6a59b18ee7c0173656f100363fa6ca53fed4a.exe
File created	C:\Windows\SysWOW64\macromd\AOL, MSN, Yahoo mail password stealer.exe	12d15034036531c547a3e1e399c6a59b18ee7c0173656f100363fa6ca53fed4a.exe
File created	C:\Windows\SysWOW64\macromd\gorgious hotties who stimulated over worked rods.mpg.pif	12d15034036531c547a3e1e399c6a59b18ee7c0173656f100363fa6ca53fed4a.exe
File created	C:\Windows\SysWOW64\macromd\aimcracker.exe	12d15034036531c547a3e1e399c6a59b18ee7c0173656f100363fa6ca53fed4a.exe
File created	C:\Windows\SysWOW64\macromd\cute petite amateur girl spreading her snatch.mpg.pif	12d15034036531c547a3e1e399c6a59b18ee7c0173656f100363fa6ca53fed4a.exe
File created	C:\Windows\SysWOW64\macromd\busty blondie with cool ass.mpg.pif	12d15034036531c547a3e1e399c6a59b18ee7c0173656f100363fa6ca53fed4a.exe
File created	C:\Windows\SysWOW64\macromd\sluty cock sucking chick.mpg.pif	12d15034036531c547a3e1e399c6a59b18ee7c0173656f100363fa6ca53fed4a.exe
File created	C:\Windows\SysWOW64\macromd\amateur slut with a huge gun.mpg.pif	12d15034036531c547a3e1e399c6a59b18ee7c0173656f100363fa6ca53fed4a.exe
File created	C:\Windows\SysWOW64\macromd\two kinky old lezbos snapping the whip.mpg.pif	12d15034036531c547a3e1e399c6a59b18ee7c0173656f100363fa6ca53fed4a.exe
File created	C:\Windows\SysWOW64\macromd\hairy lezzies torching it up with hot candles.mpg.pif	12d15034036531c547a3e1e399c6a59b18ee7c0173656f100363fa6ca53fed4a.exe
File created	C:\Windows\SysWOW64\macromd\two hot college girl fucking in class.mpg.pif	12d15034036531c547a3e1e399c6a59b18ee7c0173656f100363fa6ca53fed4a.exe
File created	C:\Windows\SysWOW64\macromd\pamela anderson nude.exe	12d15034036531c547a3e1e399c6a59b18ee7c0173656f100363fa6ca53fed4a.exe
File created	C:\Windows\SysWOW64\macromd\play station emulator crack.exe	12d15034036531c547a3e1e399c6a59b18ee7c0173656f100363fa6ca53fed4a.exe
File created	C:\Windows\SysWOW64\macromd\Windows 2000.exe	12d15034036531c547a3e1e399c6a59b18ee7c0173656f100363fa6ca53fed4a.exe
File created	C:\Windows\SysWOW64\macromd\Yahoo mail cracker.exe	12d15034036531c547a3e1e399c6a59b18ee7c0173656f100363fa6ca53fed4a.exe
File created	C:\Windows\SysWOW64\macromd\chicks working orgasm from dude's cock as a present.mpg.pif	12d15034036531c547a3e1e399c6a59b18ee7c0173656f100363fa6ca53fed4a.exe
File created	C:\Windows\SysWOW64\macromd\uptown girl with great ass that should be illegal.mpg.pif	12d15034036531c547a3e1e399c6a59b18ee7c0173656f100363fa6ca53fed4a.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	12d15034036531c547a3e1e399c6a59b18ee7c0173656f100363fa6ca53fed4a.exe

C:\Users\Admin\AppData\Local\Temp\12d15034036531c547a3e1e399c6a59b18ee7c0173656f100363fa6ca53fed4a.exe
"C:\Users\Admin\AppData\Local\Temp\12d15034036531c547a3e1e399c6a59b18ee7c0173656f100363fa6ca53fed4a.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:1028

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1028-54-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/1028-55-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/1028-56-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download