65fc0c61929ef23ac46b491309535010020b7103e096a08350ef3ceb9682bfa4

Analysis

max time kernel
143s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2022, 10:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

65fc0c61929ef23ac46b491309535010020b7103e096a08350ef3ceb9682bfa4.exe
Size

94KB
MD5

a32a4fa6a940ca29dfe7e299045c22b0
SHA1

98a86b9777be40ac614d2dd963a2288db8646c44
SHA256

65fc0c61929ef23ac46b491309535010020b7103e096a08350ef3ceb9682bfa4
SHA512

8a5e12656632fbb7c56649c37067fe0213f91b34fc77074f842570ac776fba1b1aa747f6978638ed43cb2dc6fbf6f7829557f136a3391e204892541548bd652a
SSDEEP

1536:5lrsicagdzn8K2ariPOcjk+XQuPVN72NMSttfQoxshireSXhV8XqjqMivekh4P:5JjcF8KfCOcjk+guPVjSzQox8bS1qNm3

Score

8^/10

persistence upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4936-135-0x0000000000400000-0x0000000000467000-memory.dmp	upx
behavioral2/memory/4936-136-0x0000000000400000-0x0000000000467000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	65fc0c61929ef23ac46b491309535010020b7103e096a08350ef3ceb9682bfa4.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\teen spreading in the kitchen.mpg.pif	65fc0c61929ef23ac46b491309535010020b7103e096a08350ef3ceb9682bfa4.exe
File created	C:\Windows\SysWOW64\macromd\cutie nailed up the ass.mpg.pif	65fc0c61929ef23ac46b491309535010020b7103e096a08350ef3ceb9682bfa4.exe
File created	C:\Windows\SysWOW64\macromd\little dicks on gay male tricks.mpg.pif	65fc0c61929ef23ac46b491309535010020b7103e096a08350ef3ceb9682bfa4.exe
File created	C:\Windows\SysWOW64\macromd\Kama Sutra Tetris.exe	65fc0c61929ef23ac46b491309535010020b7103e096a08350ef3ceb9682bfa4.exe
File created	C:\Windows\SysWOW64\macromd\hotmail account sniffer.exe	65fc0c61929ef23ac46b491309535010020b7103e096a08350ef3ceb9682bfa4.exe
File created	C:\Windows\SysWOW64\macromd\sexy brunette showing her bod outside the house.mpg.pif	65fc0c61929ef23ac46b491309535010020b7103e096a08350ef3ceb9682bfa4.exe
File created	C:\Windows\SysWOW64\macromd\cock forced in some slut mouth.mpg.pif	65fc0c61929ef23ac46b491309535010020b7103e096a08350ef3ceb9682bfa4.exe
File created	C:\Windows\SysWOW64\macromd\slut mouth open wide to take dick in.mpg.pif	65fc0c61929ef23ac46b491309535010020b7103e096a08350ef3ceb9682bfa4.exe
File created	C:\Windows\SysWOW64\macromd\babe enjoys juicy cumshot.mpg.pif	65fc0c61929ef23ac46b491309535010020b7103e096a08350ef3ceb9682bfa4.exe
File created	C:\Windows\SysWOW64\macromd\young slut being pound in all her tight holes.mpg.pif	65fc0c61929ef23ac46b491309535010020b7103e096a08350ef3ceb9682bfa4.exe
File created	C:\Windows\SysWOW64\macromd\lesbian strapon dildo entertainments.mpg.pif	65fc0c61929ef23ac46b491309535010020b7103e096a08350ef3ceb9682bfa4.exe
File created	C:\Windows\SysWOW64\macromd\divx pro.exe	65fc0c61929ef23ac46b491309535010020b7103e096a08350ef3ceb9682bfa4.exe
File created	C:\Windows\SysWOW64\macromd\krystal steal getting her bald clam filled.mpg.pif	65fc0c61929ef23ac46b491309535010020b7103e096a08350ef3ceb9682bfa4.exe
File created	C:\Windows\SysWOW64\macromd\babe leading pussy-whipped stud around by her cunt.mpg.pif	65fc0c61929ef23ac46b491309535010020b7103e096a08350ef3ceb9682bfa4.exe
File created	C:\Windows\SysWOW64\macromd\asian getting a taste of pork.mpg.pif	65fc0c61929ef23ac46b491309535010020b7103e096a08350ef3ceb9682bfa4.exe
File created	C:\Windows\SysWOW64\macromd\twink stroking his butt plugger.mpg.pif	65fc0c61929ef23ac46b491309535010020b7103e096a08350ef3ceb9682bfa4.exe
File created	C:\Windows\SysWOW64\macromd\fetish bondage preteen porno.mpg.pif	65fc0c61929ef23ac46b491309535010020b7103e096a08350ef3ceb9682bfa4.exe
File created	C:\Windows\SysWOW64\macromd\Digimon.exe	65fc0c61929ef23ac46b491309535010020b7103e096a08350ef3ceb9682bfa4.exe
File created	C:\Windows\SysWOW64\macromd\cute teen with her hole spread wide open.mpg.pif	65fc0c61929ef23ac46b491309535010020b7103e096a08350ef3ceb9682bfa4.exe
File created	C:\Windows\SysWOW64\macromd\nasty teen posing in panties.mpg.pif	65fc0c61929ef23ac46b491309535010020b7103e096a08350ef3ceb9682bfa4.exe
File created	C:\Windows\SysWOW64\macromd\jenna jameson - built for speed.exe	65fc0c61929ef23ac46b491309535010020b7103e096a08350ef3ceb9682bfa4.exe
File created	C:\Windows\SysWOW64\macromd\Nokia Unloker (most models).exe	65fc0c61929ef23ac46b491309535010020b7103e096a08350ef3ceb9682bfa4.exe
File created	C:\Windows\SysWOW64\macromd\sunbathing beauties tanning tender pussy lips.mpg.pif	65fc0c61929ef23ac46b491309535010020b7103e096a08350ef3ceb9682bfa4.exe
File created	C:\Windows\SysWOW64\macromd\jessica shows us her fat fisting.mpg.pif	65fc0c61929ef23ac46b491309535010020b7103e096a08350ef3ceb9682bfa4.exe
File created	C:\Windows\SysWOW64\macromd\Britney Spears Dance Beat.exe	65fc0c61929ef23ac46b491309535010020b7103e096a08350ef3ceb9682bfa4.exe
File created	C:\Windows\SysWOW64\macromd\Cable Modem Uncapper.exe	65fc0c61929ef23ac46b491309535010020b7103e096a08350ef3ceb9682bfa4.exe
File created	C:\Windows\SysWOW64\macromd\win2k serial.exe	65fc0c61929ef23ac46b491309535010020b7103e096a08350ef3ceb9682bfa4.exe
File created	C:\Windows\SysWOW64\macromd\first time anal and she loves it.mpg.pif	65fc0c61929ef23ac46b491309535010020b7103e096a08350ef3ceb9682bfa4.exe
File created	C:\Windows\SysWOW64\macromd\schoolgirl deep sucking some cock.mpg.pif	65fc0c61929ef23ac46b491309535010020b7103e096a08350ef3ceb9682bfa4.exe
File created	C:\Windows\SysWOW64\macromd\cum hungry teen in action.mpg.pif	65fc0c61929ef23ac46b491309535010020b7103e096a08350ef3ceb9682bfa4.exe
File created	C:\Windows\SysWOW64\macromd\some twink ass rippers.mpg.pif	65fc0c61929ef23ac46b491309535010020b7103e096a08350ef3ceb9682bfa4.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	65fc0c61929ef23ac46b491309535010020b7103e096a08350ef3ceb9682bfa4.exe
File created	C:\Windows\SysWOW64\macromd\2 horny babes doing 1 lucky dude.mpg.pif	65fc0c61929ef23ac46b491309535010020b7103e096a08350ef3ceb9682bfa4.exe

C:\Users\Admin\AppData\Local\Temp\65fc0c61929ef23ac46b491309535010020b7103e096a08350ef3ceb9682bfa4.exe
"C:\Users\Admin\AppData\Local\Temp\65fc0c61929ef23ac46b491309535010020b7103e096a08350ef3ceb9682bfa4.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:4936

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4936-135-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/4936-136-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download