Analysis
-
max time kernel
75s -
max time network
134s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
20-10-2022 18:14
Behavioral task
behavioral1
Sample
8d32c82a8cf6f40db056ab3ce893fb6d14e47f76f7cbce7dfd84397b3378dc2a.exe
Resource
win7-20220812-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
8d32c82a8cf6f40db056ab3ce893fb6d14e47f76f7cbce7dfd84397b3378dc2a.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
8d32c82a8cf6f40db056ab3ce893fb6d14e47f76f7cbce7dfd84397b3378dc2a.exe
-
Size
70KB
-
MD5
a01a20bfeccd12bf2e257d2930ebb6c0
-
SHA1
d48e3ce6e0cbd253873d7b287e5f705d663d3b8e
-
SHA256
8d32c82a8cf6f40db056ab3ce893fb6d14e47f76f7cbce7dfd84397b3378dc2a
-
SHA512
df2337d2f55a78f673ab5881dc1ecc02371056c24416c7678c33b6f164d534ecaeae6ba40e15f9ed2aa43b316fae2941732a467a865d15f32be57cb89536e34b
-
SSDEEP
1536:5lrsicagdzn8K2ariPOcjk+XQuPVN72NMSQ3+Q3:5JjcF8KfCOcjk+guPVjSQ3+Q3
Score
8/10
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/4796-132-0x0000000000400000-0x0000000000467000-memory.dmp upx behavioral2/memory/4796-133-0x0000000000400000-0x0000000000467000-memory.dmp upx behavioral2/memory/4796-134-0x0000000000400000-0x0000000000467000-memory.dmp upx -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe" 8d32c82a8cf6f40db056ab3ce893fb6d14e47f76f7cbce7dfd84397b3378dc2a.exe -
Drops file in System32 directory 33 IoCs
description ioc Process File created C:\Windows\SysWOW64\macromd\young slut being pound in all her tight holes.mpg.pif 8d32c82a8cf6f40db056ab3ce893fb6d14e47f76f7cbce7dfd84397b3378dc2a.exe File created C:\Windows\SysWOW64\macromd\gangbang tryout with young slut and two studs.mpg.pif 8d32c82a8cf6f40db056ab3ce893fb6d14e47f76f7cbce7dfd84397b3378dc2a.exe File created C:\Windows\SysWOW64\macromd\slutty cum babes sharing a dick.mpg.pif 8d32c82a8cf6f40db056ab3ce893fb6d14e47f76f7cbce7dfd84397b3378dc2a.exe File created C:\Windows\SysWOW64\macromd\charlize theron naked.mpg.pif 8d32c82a8cf6f40db056ab3ce893fb6d14e47f76f7cbce7dfd84397b3378dc2a.exe File created C:\Windows\SysWOW64\winxcfg.exe 8d32c82a8cf6f40db056ab3ce893fb6d14e47f76f7cbce7dfd84397b3378dc2a.exe File created C:\Windows\SysWOW64\macromd\nasty slut sucking huge cock.mpg.pif 8d32c82a8cf6f40db056ab3ce893fb6d14e47f76f7cbce7dfd84397b3378dc2a.exe File created C:\Windows\SysWOW64\macromd\happy babe who got 12 inches last night.mpg.pif 8d32c82a8cf6f40db056ab3ce893fb6d14e47f76f7cbce7dfd84397b3378dc2a.exe File created C:\Windows\SysWOW64\macromd\two interracial lesbians licking each other.mpg.pif 8d32c82a8cf6f40db056ab3ce893fb6d14e47f76f7cbce7dfd84397b3378dc2a.exe File created C:\Windows\SysWOW64\macromd\toying blonde with fucking machine.mpg.pif 8d32c82a8cf6f40db056ab3ce893fb6d14e47f76f7cbce7dfd84397b3378dc2a.exe File created C:\Windows\SysWOW64\macromd\cute girl giving head.exe 8d32c82a8cf6f40db056ab3ce893fb6d14e47f76f7cbce7dfd84397b3378dc2a.exe File created C:\Windows\SysWOW64\macromd\AIM Password Stealer.exe 8d32c82a8cf6f40db056ab3ce893fb6d14e47f76f7cbce7dfd84397b3378dc2a.exe File created C:\Windows\SysWOW64\macromd\warcraft 3 crack.exe 8d32c82a8cf6f40db056ab3ce893fb6d14e47f76f7cbce7dfd84397b3378dc2a.exe File created C:\Windows\SysWOW64\macromd\Nokia Unloker (most models).exe 8d32c82a8cf6f40db056ab3ce893fb6d14e47f76f7cbce7dfd84397b3378dc2a.exe File created C:\Windows\SysWOW64\macromd\girls with cock in hand and mouths fill with cum .mpg.pif 8d32c82a8cf6f40db056ab3ce893fb6d14e47f76f7cbce7dfd84397b3378dc2a.exe File created C:\Windows\SysWOW64\macromd\nice facial cumshot for slut.mpg.pif 8d32c82a8cf6f40db056ab3ce893fb6d14e47f76f7cbce7dfd84397b3378dc2a.exe File created C:\Windows\SysWOW64\macromd\msncracker.exe 8d32c82a8cf6f40db056ab3ce893fb6d14e47f76f7cbce7dfd84397b3378dc2a.exe File created C:\Windows\SysWOW64\macromd\divx pro.exe 8d32c82a8cf6f40db056ab3ce893fb6d14e47f76f7cbce7dfd84397b3378dc2a.exe File created C:\Windows\SysWOW64\macromd\nice girl showing her tits for extra money.mpg.pif 8d32c82a8cf6f40db056ab3ce893fb6d14e47f76f7cbce7dfd84397b3378dc2a.exe File created C:\Windows\SysWOW64\macromd\asian studys how to strip.mpg.pif 8d32c82a8cf6f40db056ab3ce893fb6d14e47f76f7cbce7dfd84397b3378dc2a.exe File created C:\Windows\SysWOW64\macromd\sexy beautiful soon to be pornstar.mpg.pif 8d32c82a8cf6f40db056ab3ce893fb6d14e47f76f7cbce7dfd84397b3378dc2a.exe File created C:\Windows\SysWOW64\macromd\two sexy blondes share a cock.mpg.pif 8d32c82a8cf6f40db056ab3ce893fb6d14e47f76f7cbce7dfd84397b3378dc2a.exe File created C:\Windows\SysWOW64\macromd\babes getting facials and riding cocks.mpg.pif 8d32c82a8cf6f40db056ab3ce893fb6d14e47f76f7cbce7dfd84397b3378dc2a.exe File created C:\Windows\SysWOW64\macromd\wild stud eating and drilling small pussy freek.mpg.pif 8d32c82a8cf6f40db056ab3ce893fb6d14e47f76f7cbce7dfd84397b3378dc2a.exe File created C:\Windows\SysWOW64\macromd\krystal steal getting her bald clam filled.mpg.pif 8d32c82a8cf6f40db056ab3ce893fb6d14e47f76f7cbce7dfd84397b3378dc2a.exe File created C:\Windows\SysWOW64\macromd\hot slut with a big dildo.mpg.pif 8d32c82a8cf6f40db056ab3ce893fb6d14e47f76f7cbce7dfd84397b3378dc2a.exe File created C:\Windows\SysWOW64\macromd\her taking a dildo right in the ass.mpg.pif 8d32c82a8cf6f40db056ab3ce893fb6d14e47f76f7cbce7dfd84397b3378dc2a.exe File created C:\Windows\SysWOW64\macromd\two hot college girl fucking in class.mpg.pif 8d32c82a8cf6f40db056ab3ce893fb6d14e47f76f7cbce7dfd84397b3378dc2a.exe File created C:\Windows\SysWOW64\macromd\drunk babes sharing a dick.mpg.pif 8d32c82a8cf6f40db056ab3ce893fb6d14e47f76f7cbce7dfd84397b3378dc2a.exe File created C:\Windows\SysWOW64\macromd\tiny little virgin showing off her cherry pussy.mpg.pif 8d32c82a8cf6f40db056ab3ce893fb6d14e47f76f7cbce7dfd84397b3378dc2a.exe File created C:\Windows\SysWOW64\macromd\sweet ass blonde teen with dripping wet pussy.mpg.pif 8d32c82a8cf6f40db056ab3ce893fb6d14e47f76f7cbce7dfd84397b3378dc2a.exe File created C:\Windows\SysWOW64\macromd\busty asian babe with a hairy box.mpg.pif 8d32c82a8cf6f40db056ab3ce893fb6d14e47f76f7cbce7dfd84397b3378dc2a.exe File created C:\Windows\SysWOW64\macromd\wild ebony slut taking two cocks.mpg.pif 8d32c82a8cf6f40db056ab3ce893fb6d14e47f76f7cbce7dfd84397b3378dc2a.exe File created C:\Windows\SysWOW64\macromd\this really wild insane groupsex.mpg.pif 8d32c82a8cf6f40db056ab3ce893fb6d14e47f76f7cbce7dfd84397b3378dc2a.exe