606c068a914d8117a224af4e5d202f18bcc46ca8e14b36127aef639ea1abc365

Analysis

max time kernel
112s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2022, 10:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

606c068a914d8117a224af4e5d202f18bcc46ca8e14b36127aef639ea1abc365.exe
Size

80KB
MD5

a2c271c49037ddd7e9b8a8f520b42020
SHA1

5d5d0e4a540d277fa62d611d45e7eda122bedb90
SHA256

606c068a914d8117a224af4e5d202f18bcc46ca8e14b36127aef639ea1abc365
SHA512

6d6af13b3302136d8c62e0a71228eeaf3af92d8bced28bd90ab50222738598c30b7790ea5d2a4f8db4efca2ffa373b933f5c4d509a7cec1c70c54e13c13916e1
SSDEEP

1536:5lrsicagdzn8K2ariPOcjk+XQuPVN72NMSgcXRf2em4QH4q:5JjcF8KfCOcjk+guPVjSFXV2SK4q

Score

8^/10

persistence upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4356-132-0x0000000000400000-0x0000000000467000-memory.dmp	upx
behavioral2/memory/4356-133-0x0000000000400000-0x0000000000467000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	606c068a914d8117a224af4e5d202f18bcc46ca8e14b36127aef639ea1abc365.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\winxcfg.exe	606c068a914d8117a224af4e5d202f18bcc46ca8e14b36127aef639ea1abc365.exe
File created	C:\Windows\SysWOW64\macromd\horny asian warming her finger in her gash.mpg.pif	606c068a914d8117a224af4e5d202f18bcc46ca8e14b36127aef639ea1abc365.exe
File created	C:\Windows\SysWOW64\macromd\jenna jameson - built for speed.exe	606c068a914d8117a224af4e5d202f18bcc46ca8e14b36127aef639ea1abc365.exe
File created	C:\Windows\SysWOW64\macromd\hot babe getting pussy eaten by horny girlfriend.mpg.pif	606c068a914d8117a224af4e5d202f18bcc46ca8e14b36127aef639ea1abc365.exe
File created	C:\Windows\SysWOW64\macromd\amateur getting off in the mirror.mpg.pif	606c068a914d8117a224af4e5d202f18bcc46ca8e14b36127aef639ea1abc365.exe
File created	C:\Windows\SysWOW64\macromd\robin throating and fucking.mpg.pif	606c068a914d8117a224af4e5d202f18bcc46ca8e14b36127aef639ea1abc365.exe
File created	C:\Windows\SysWOW64\macromd\toying blonde with fucking machine.mpg.pif	606c068a914d8117a224af4e5d202f18bcc46ca8e14b36127aef639ea1abc365.exe
File created	C:\Windows\SysWOW64\macromd\babes with great lips that knows how suck cock.mpg.pif	606c068a914d8117a224af4e5d202f18bcc46ca8e14b36127aef639ea1abc365.exe
File created	C:\Windows\SysWOW64\macromd\sexy hot teens gettin busy in shower.mpg.pif	606c068a914d8117a224af4e5d202f18bcc46ca8e14b36127aef639ea1abc365.exe
File created	C:\Windows\SysWOW64\macromd\plump brunette using her finger.mpg.pif	606c068a914d8117a224af4e5d202f18bcc46ca8e14b36127aef639ea1abc365.exe
File created	C:\Windows\SysWOW64\macromd\Jenna Jamison Dildo Humping.exe	606c068a914d8117a224af4e5d202f18bcc46ca8e14b36127aef639ea1abc365.exe
File created	C:\Windows\SysWOW64\macromd\babe leading pussy-whipped stud around by her cunt.mpg.pif	606c068a914d8117a224af4e5d202f18bcc46ca8e14b36127aef639ea1abc365.exe
File created	C:\Windows\SysWOW64\macromd\aunt and nephew doing the nasty.mpg.pif	606c068a914d8117a224af4e5d202f18bcc46ca8e14b36127aef639ea1abc365.exe
File created	C:\Windows\SysWOW64\macromd\kinky banana in pussy.mpg.pif	606c068a914d8117a224af4e5d202f18bcc46ca8e14b36127aef639ea1abc365.exe
File created	C:\Windows\SysWOW64\macromd\fine babe spreading sweet ass and luscious cunt.mpg.pif	606c068a914d8117a224af4e5d202f18bcc46ca8e14b36127aef639ea1abc365.exe
File created	C:\Windows\SysWOW64\macromd\honie with thick ass spreading her money maker.mpg.pif	606c068a914d8117a224af4e5d202f18bcc46ca8e14b36127aef639ea1abc365.exe
File created	C:\Windows\SysWOW64\macromd\dedicated honie giving dude a helping hand and head.mpg.pif	606c068a914d8117a224af4e5d202f18bcc46ca8e14b36127aef639ea1abc365.exe
File created	C:\Windows\SysWOW64\macromd\honies with incredibly delicious big boobs.mpg.pif	606c068a914d8117a224af4e5d202f18bcc46ca8e14b36127aef639ea1abc365.exe
File created	C:\Windows\SysWOW64\macromd\sweet ass blonde teen with dripping wet pussy.mpg.pif	606c068a914d8117a224af4e5d202f18bcc46ca8e14b36127aef639ea1abc365.exe
File created	C:\Windows\SysWOW64\macromd\both holes fucked by a massive fucking machin.mpg.pif	606c068a914d8117a224af4e5d202f18bcc46ca8e14b36127aef639ea1abc365.exe
File created	C:\Windows\SysWOW64\macromd\yahoo hacker.exe	606c068a914d8117a224af4e5d202f18bcc46ca8e14b36127aef639ea1abc365.exe
File created	C:\Windows\SysWOW64\macromd\fine babe spreading extremely hot ass and furball.mpg.pif	606c068a914d8117a224af4e5d202f18bcc46ca8e14b36127aef639ea1abc365.exe
File created	C:\Windows\SysWOW64\macromd\babes getting their tender little asses corked.mpg.pif	606c068a914d8117a224af4e5d202f18bcc46ca8e14b36127aef639ea1abc365.exe
File created	C:\Windows\SysWOW64\macromd\old fucker punishing teeny.mpg.pif	606c068a914d8117a224af4e5d202f18bcc46ca8e14b36127aef639ea1abc365.exe
File created	C:\Windows\SysWOW64\macromd\redhead in red lingerie ready to fuck.mpg.pif	606c068a914d8117a224af4e5d202f18bcc46ca8e14b36127aef639ea1abc365.exe
File created	C:\Windows\SysWOW64\macromd\nikki nova sex scene huge dick blowjob.mpg.exe	606c068a914d8117a224af4e5d202f18bcc46ca8e14b36127aef639ea1abc365.exe
File created	C:\Windows\SysWOW64\macromd\pamela anderson naked.mpg.exe	606c068a914d8117a224af4e5d202f18bcc46ca8e14b36127aef639ea1abc365.exe
File created	C:\Windows\SysWOW64\macromd\invisible IP.exe	606c068a914d8117a224af4e5d202f18bcc46ca8e14b36127aef639ea1abc365.exe
File created	C:\Windows\SysWOW64\macromd\kitty-cat with horny beaver that needs licking.mpg.pif	606c068a914d8117a224af4e5d202f18bcc46ca8e14b36127aef639ea1abc365.exe
File created	C:\Windows\SysWOW64\macromd\Pamela Anderson And Tommy Lee Home Video (Part 1).mpg.exe	606c068a914d8117a224af4e5d202f18bcc46ca8e14b36127aef639ea1abc365.exe
File created	C:\Windows\SysWOW64\macromd\honie with a ka-boom hot ass and delicious cunt.mpg.pif	606c068a914d8117a224af4e5d202f18bcc46ca8e14b36127aef639ea1abc365.exe
File created	C:\Windows\SysWOW64\macromd\busty older bitch gets slammed.mpg.pif	606c068a914d8117a224af4e5d202f18bcc46ca8e14b36127aef639ea1abc365.exe
File created	C:\Windows\SysWOW64\macromd\amateur babe showing pink.mpg.pif	606c068a914d8117a224af4e5d202f18bcc46ca8e14b36127aef639ea1abc365.exe

C:\Users\Admin\AppData\Local\Temp\606c068a914d8117a224af4e5d202f18bcc46ca8e14b36127aef639ea1abc365.exe
"C:\Users\Admin\AppData\Local\Temp\606c068a914d8117a224af4e5d202f18bcc46ca8e14b36127aef639ea1abc365.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:4356

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4356-132-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/4356-133-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download