be5618e902ef9c41d612ef391a8f706f0d832d9628425e4d2edd59cb2c64001b

Analysis

max time kernel
27s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/10/2022, 21:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

be5618e902ef9c41d612ef391a8f706f0d832d9628425e4d2edd59cb2c64001b.exe
Size

89KB
MD5

a392a33d3d1129e8ac270e1ba2c99bf0
SHA1

5d0bcd8da582acf041210954f34da3d75e7bbdac
SHA256

be5618e902ef9c41d612ef391a8f706f0d832d9628425e4d2edd59cb2c64001b
SHA512

ea0fab96b0f8b60cbb8cf7004b8ae1d026485af5a1ba2a3f5fbd3dc0c1e44351670f9892da9c1863a0c875fbc3fe10d0b8e44deae68c0f3a992c25deea975b64
SSDEEP

1536:5lrsicagdzn8K2ariPOcjk+XQuPVN72NMS9kX+XiW25Cmt+gXQFGT0:5JjcF8KfCOcjk+guPVjSk+XiWhm4MQFh

Score

8^/10

persistence upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1776-54-0x0000000000400000-0x0000000000467000-memory.dmp	upx
behavioral1/memory/1776-55-0x0000000000400000-0x0000000000467000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	be5618e902ef9c41d612ef391a8f706f0d832d9628425e4d2edd59cb2c64001b.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\Play Games Online For FREE.exe	be5618e902ef9c41d612ef391a8f706f0d832d9628425e4d2edd59cb2c64001b.exe
File created	C:\Windows\SysWOW64\macromd\gorgious hotties who stimulated over worked rods.mpg.pif	be5618e902ef9c41d612ef391a8f706f0d832d9628425e4d2edd59cb2c64001b.exe
File created	C:\Windows\SysWOW64\macromd\hot mature blonde in stockings.mpg.pif	be5618e902ef9c41d612ef391a8f706f0d832d9628425e4d2edd59cb2c64001b.exe
File created	C:\Windows\SysWOW64\macromd\spying on gals in toilet.mpg.pif	be5618e902ef9c41d612ef391a8f706f0d832d9628425e4d2edd59cb2c64001b.exe
File created	C:\Windows\SysWOW64\macromd\blonde sucking and fucks outdoor.mpg.pif	be5618e902ef9c41d612ef391a8f706f0d832d9628425e4d2edd59cb2c64001b.exe
File created	C:\Windows\SysWOW64\macromd\AIM Account Stealer.exe	be5618e902ef9c41d612ef391a8f706f0d832d9628425e4d2edd59cb2c64001b.exe
File created	C:\Windows\SysWOW64\macromd\asian girls stuffed mouth shots.mpg.pif	be5618e902ef9c41d612ef391a8f706f0d832d9628425e4d2edd59cb2c64001b.exe
File created	C:\Windows\SysWOW64\macromd\gay guy with a screwing machine.mpg.pif	be5618e902ef9c41d612ef391a8f706f0d832d9628425e4d2edd59cb2c64001b.exe
File created	C:\Windows\SysWOW64\macromd\firm ass honie with thick lips made for sucking rods.mpg.pif	be5618e902ef9c41d612ef391a8f706f0d832d9628425e4d2edd59cb2c64001b.exe
File created	C:\Windows\SysWOW64\macromd\Norton antivirus 2002.exe	be5618e902ef9c41d612ef391a8f706f0d832d9628425e4d2edd59cb2c64001b.exe
File created	C:\Windows\SysWOW64\macromd\virtua girl - adriana.pif	be5618e902ef9c41d612ef391a8f706f0d832d9628425e4d2edd59cb2c64001b.exe
File created	C:\Windows\SysWOW64\macromd\Another bang bus victim forced rape sex cum.mpg.exe	be5618e902ef9c41d612ef391a8f706f0d832d9628425e4d2edd59cb2c64001b.exe
File created	C:\Windows\SysWOW64\macromd\icqcracker.exe	be5618e902ef9c41d612ef391a8f706f0d832d9628425e4d2edd59cb2c64001b.exe
File created	C:\Windows\SysWOW64\macromd\illegal porno - 15 year old raped by two men on boat.mpg.pif	be5618e902ef9c41d612ef391a8f706f0d832d9628425e4d2edd59cb2c64001b.exe
File created	C:\Windows\SysWOW64\macromd\hot babes having too much fun at nude beach party.mpg.pif	be5618e902ef9c41d612ef391a8f706f0d832d9628425e4d2edd59cb2c64001b.exe
File created	C:\Windows\SysWOW64\macromd\sluts who are in control of their slaves.mpg.pif	be5618e902ef9c41d612ef391a8f706f0d832d9628425e4d2edd59cb2c64001b.exe
File created	C:\Windows\SysWOW64\macromd\hairy lezzies torching it up with hot candles.mpg.pif	be5618e902ef9c41d612ef391a8f706f0d832d9628425e4d2edd59cb2c64001b.exe
File created	C:\Windows\SysWOW64\macromd\lusty teen peeing in backyard.mpg.pif	be5618e902ef9c41d612ef391a8f706f0d832d9628425e4d2edd59cb2c64001b.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	be5618e902ef9c41d612ef391a8f706f0d832d9628425e4d2edd59cb2c64001b.exe
File created	C:\Windows\SysWOW64\macromd\nurse in pink showing her healthy bone slot.mpg.pif	be5618e902ef9c41d612ef391a8f706f0d832d9628425e4d2edd59cb2c64001b.exe
File created	C:\Windows\SysWOW64\macromd\Xbox Iso 2 Rom Converter.exe	be5618e902ef9c41d612ef391a8f706f0d832d9628425e4d2edd59cb2c64001b.exe
File created	C:\Windows\SysWOW64\macromd\hot blonde fucking and sucking cum.mpg.pif	be5618e902ef9c41d612ef391a8f706f0d832d9628425e4d2edd59cb2c64001b.exe
File created	C:\Windows\SysWOW64\macromd\trio having hardcore fucking fun.mpg.pif	be5618e902ef9c41d612ef391a8f706f0d832d9628425e4d2edd59cb2c64001b.exe
File created	C:\Windows\SysWOW64\macromd\old man fucking young blonde teen.mpg.pif	be5618e902ef9c41d612ef391a8f706f0d832d9628425e4d2edd59cb2c64001b.exe
File created	C:\Windows\SysWOW64\macromd\hot anal sex for the first time ever.mpg.pif	be5618e902ef9c41d612ef391a8f706f0d832d9628425e4d2edd59cb2c64001b.exe
File created	C:\Windows\SysWOW64\macromd\two dudes comparing dick sizes.mpg.pif	be5618e902ef9c41d612ef391a8f706f0d832d9628425e4d2edd59cb2c64001b.exe
File created	C:\Windows\SysWOW64\macromd\nasty naked hentai hoes teasing.mpg.pif	be5618e902ef9c41d612ef391a8f706f0d832d9628425e4d2edd59cb2c64001b.exe
File created	C:\Windows\SysWOW64\macromd\babe locking lips around her man's rod in backyard.mpg.pif	be5618e902ef9c41d612ef391a8f706f0d832d9628425e4d2edd59cb2c64001b.exe
File created	C:\Windows\SysWOW64\macromd\hot girls who like cock but eat lots of pussy.mpg.pif	be5618e902ef9c41d612ef391a8f706f0d832d9628425e4d2edd59cb2c64001b.exe
File created	C:\Windows\SysWOW64\macromd\sexy pink pussy girl taking it off.mpg.pif	be5618e902ef9c41d612ef391a8f706f0d832d9628425e4d2edd59cb2c64001b.exe
File created	C:\Windows\SysWOW64\macromd\redhead getting a group facial at a wild party.mpg.pif	be5618e902ef9c41d612ef391a8f706f0d832d9628425e4d2edd59cb2c64001b.exe
File created	C:\Windows\SysWOW64\macromd\sexy amatures sucking whole bag.mpg.pif	be5618e902ef9c41d612ef391a8f706f0d832d9628425e4d2edd59cb2c64001b.exe
File created	C:\Windows\SysWOW64\macromd\honie with a ka-boom hot ass and delicious cunt.mpg.pif	be5618e902ef9c41d612ef391a8f706f0d832d9628425e4d2edd59cb2c64001b.exe

C:\Users\Admin\AppData\Local\Temp\be5618e902ef9c41d612ef391a8f706f0d832d9628425e4d2edd59cb2c64001b.exe
"C:\Users\Admin\AppData\Local\Temp\be5618e902ef9c41d612ef391a8f706f0d832d9628425e4d2edd59cb2c64001b.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:1776

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1776-54-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/1776-55-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download