623501f90c136570e1ba535752f4175be32ac3ddb35cef3995d492594aefe5fe

Analysis

max time kernel
31s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 18:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

623501f90c136570e1ba535752f4175be32ac3ddb35cef3995d492594aefe5fe.exe
Size

74KB
MD5

a0206ce06c7e5fc0cd7a4cb82331ad80
SHA1

022f7155cd1d09d2c383efd8f0c0b869c7789ca4
SHA256

623501f90c136570e1ba535752f4175be32ac3ddb35cef3995d492594aefe5fe
SHA512

cbe84820bf17f6e086571797a17a3e443e0b16fc68e986902f271065645201fa0c6593bd35a9385119ea6cdec63674ca2e1ce5663dcf05ed2b9b0b4470d3466b
SSDEEP

1536:5lrsicagdzn8K2ariPOcjk+XQuPVN72NMSTm7xSwA:5JjcF8KfCOcjk+guPVjSTbwA

Score

8^/10

persistence upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1200-54-0x0000000000400000-0x0000000000467000-memory.dmp	upx
behavioral1/memory/1200-55-0x0000000000400000-0x0000000000467000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	623501f90c136570e1ba535752f4175be32ac3ddb35cef3995d492594aefe5fe.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\babes getting facials and riding cocks.mpg.pif	623501f90c136570e1ba535752f4175be32ac3ddb35cef3995d492594aefe5fe.exe
File created	C:\Windows\SysWOW64\macromd\nice facial cumshot for slut.mpg.pif	623501f90c136570e1ba535752f4175be32ac3ddb35cef3995d492594aefe5fe.exe
File created	C:\Windows\SysWOW64\macromd\blonde babe handfucking herself.mpg.pif	623501f90c136570e1ba535752f4175be32ac3ddb35cef3995d492594aefe5fe.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	623501f90c136570e1ba535752f4175be32ac3ddb35cef3995d492594aefe5fe.exe
File created	C:\Windows\SysWOW64\macromd\porn account cracker.exe	623501f90c136570e1ba535752f4175be32ac3ddb35cef3995d492594aefe5fe.exe
File created	C:\Windows\SysWOW64\macromd\yummy lesbos licking.mpg.pif	623501f90c136570e1ba535752f4175be32ac3ddb35cef3995d492594aefe5fe.exe
File created	C:\Windows\SysWOW64\macromd\neighbor boy fucking grandma after mowing her grass.mpg.pif	623501f90c136570e1ba535752f4175be32ac3ddb35cef3995d492594aefe5fe.exe
File created	C:\Windows\SysWOW64\macromd\hairy lezzies torching it up with hot candles.mpg.pif	623501f90c136570e1ba535752f4175be32ac3ddb35cef3995d492594aefe5fe.exe
File created	C:\Windows\SysWOW64\macromd\Britney Spears Dance Beat.exe	623501f90c136570e1ba535752f4175be32ac3ddb35cef3995d492594aefe5fe.exe
File created	C:\Windows\SysWOW64\macromd\Harry Potter and the sorcerors stone.divx.exe	623501f90c136570e1ba535752f4175be32ac3ddb35cef3995d492594aefe5fe.exe
File created	C:\Windows\SysWOW64\macromd\invisible IP.exe	623501f90c136570e1ba535752f4175be32ac3ddb35cef3995d492594aefe5fe.exe
File created	C:\Windows\SysWOW64\macromd\nasty teen posing in panties.mpg.pif	623501f90c136570e1ba535752f4175be32ac3ddb35cef3995d492594aefe5fe.exe
File created	C:\Windows\SysWOW64\macromd\kitty-cat with horny beaver that needs licking.mpg.pif	623501f90c136570e1ba535752f4175be32ac3ddb35cef3995d492594aefe5fe.exe
File created	C:\Windows\SysWOW64\macromd\maid's vagina plowed by big cock.mpg.pif	623501f90c136570e1ba535752f4175be32ac3ddb35cef3995d492594aefe5fe.exe
File created	C:\Windows\SysWOW64\macromd\leggy babe posing in pink panties.mpg.pif	623501f90c136570e1ba535752f4175be32ac3ddb35cef3995d492594aefe5fe.exe
File created	C:\Windows\SysWOW64\macromd\Choke on cum (sodomy, rape).mpg.exe	623501f90c136570e1ba535752f4175be32ac3ddb35cef3995d492594aefe5fe.exe
File created	C:\Windows\SysWOW64\macromd\Free Porn.exe	623501f90c136570e1ba535752f4175be32ac3ddb35cef3995d492594aefe5fe.exe
File created	C:\Windows\SysWOW64\macromd\amateur slut fingering herself threw her wet panties.mpg.pif	623501f90c136570e1ba535752f4175be32ac3ddb35cef3995d492594aefe5fe.exe
File created	C:\Windows\SysWOW64\macromd\chicks working orgasm from dude's cock as a present.mpg.pif	623501f90c136570e1ba535752f4175be32ac3ddb35cef3995d492594aefe5fe.exe
File created	C:\Windows\SysWOW64\macromd\fun slut who let dude eat her off in jacuzzi.mpg.pif	623501f90c136570e1ba535752f4175be32ac3ddb35cef3995d492594aefe5fe.exe
File created	C:\Windows\SysWOW64\macromd\amateur swinger babe sucking on a couple of cocks.mpg.pif	623501f90c136570e1ba535752f4175be32ac3ddb35cef3995d492594aefe5fe.exe
File created	C:\Windows\SysWOW64\macromd\gangbang tryout with young slut and two studs.mpg.pif	623501f90c136570e1ba535752f4175be32ac3ddb35cef3995d492594aefe5fe.exe
File created	C:\Windows\SysWOW64\macromd\hotmail account sniffer.exe	623501f90c136570e1ba535752f4175be32ac3ddb35cef3995d492594aefe5fe.exe
File created	C:\Windows\SysWOW64\macromd\redhead getting a group facial at a wild party.mpg.pif	623501f90c136570e1ba535752f4175be32ac3ddb35cef3995d492594aefe5fe.exe
File created	C:\Windows\SysWOW64\macromd\senior blonde fucking and suckin like a teen.mpg.pif	623501f90c136570e1ba535752f4175be32ac3ddb35cef3995d492594aefe5fe.exe
File created	C:\Windows\SysWOW64\macromd\gettin it hard up the ass.mpg.pif	623501f90c136570e1ba535752f4175be32ac3ddb35cef3995d492594aefe5fe.exe
File created	C:\Windows\SysWOW64\macromd\slutty japanese babe giving blowjob.mpg.pif	623501f90c136570e1ba535752f4175be32ac3ddb35cef3995d492594aefe5fe.exe
File created	C:\Windows\SysWOW64\macromd\slut mouth open wide to take dick in.mpg.pif	623501f90c136570e1ba535752f4175be32ac3ddb35cef3995d492594aefe5fe.exe
File created	C:\Windows\SysWOW64\macromd\16 year old webcam.mpg.exe	623501f90c136570e1ba535752f4175be32ac3ddb35cef3995d492594aefe5fe.exe
File created	C:\Windows\SysWOW64\macromd\shy teen draining the juice from 2 cocks.mpg.pif	623501f90c136570e1ba535752f4175be32ac3ddb35cef3995d492594aefe5fe.exe
File created	C:\Windows\SysWOW64\macromd\hot slut with a big dildo.mpg.pif	623501f90c136570e1ba535752f4175be32ac3ddb35cef3995d492594aefe5fe.exe
File created	C:\Windows\SysWOW64\macromd\gay guy with a screwing machine.mpg.pif	623501f90c136570e1ba535752f4175be32ac3ddb35cef3995d492594aefe5fe.exe
File created	C:\Windows\SysWOW64\macromd\hot actress heather graham naked.mpg.pif	623501f90c136570e1ba535752f4175be32ac3ddb35cef3995d492594aefe5fe.exe

C:\Users\Admin\AppData\Local\Temp\623501f90c136570e1ba535752f4175be32ac3ddb35cef3995d492594aefe5fe.exe
"C:\Users\Admin\AppData\Local\Temp\623501f90c136570e1ba535752f4175be32ac3ddb35cef3995d492594aefe5fe.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:1200

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1200-54-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/1200-55-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download