7451829e844d138c096766aca17c3b761abb1580c27c86fb382c58148aaaf8b8

Analysis

max time kernel
45s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
30-10-2022 10:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7451829e844d138c096766aca17c3b761abb1580c27c86fb382c58148aaaf8b8.exe
Size

71KB
MD5

a328f600496118fdd048c1129ea8e440
SHA1

98ab8b68a8059e93a6935a5b0e458cf1df80be17
SHA256

7451829e844d138c096766aca17c3b761abb1580c27c86fb382c58148aaaf8b8
SHA512

b983be700a6e6aa156e67ca411493325d101eb3751d14ffac1bf53b65916ba34a0b5cade7547796905cf3ebdfe5f0d632d20ad3c2f7b7e0a650282e2bc353105
SSDEEP

1536:5lrsicagdzn8K2ariPOcjk+XQuPVN72NMSPbPs2C4:5JjcF8KfCOcjk+guPVjSPbPZ

Score

8^/10

persistence upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1724-54-0x0000000000400000-0x0000000000467000-memory.dmp	upx
behavioral1/memory/1724-55-0x0000000000400000-0x0000000000467000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	7451829e844d138c096766aca17c3b761abb1580c27c86fb382c58148aaaf8b8.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\huge titty blonde taking in a full 12 inch cock.mpg.pif	7451829e844d138c096766aca17c3b761abb1580c27c86fb382c58148aaaf8b8.exe
File created	C:\Windows\SysWOW64\macromd\cool rooster raiding hen house for hot babes, link city.mpg.pif	7451829e844d138c096766aca17c3b761abb1580c27c86fb382c58148aaaf8b8.exe
File created	C:\Windows\SysWOW64\macromd\young teen slut with a huge cock in her mouth.mpg.pif	7451829e844d138c096766aca17c3b761abb1580c27c86fb382c58148aaaf8b8.exe
File created	C:\Windows\SysWOW64\macromd\hot hungry sluts sucking cum for a line of coke.mpg.pif	7451829e844d138c096766aca17c3b761abb1580c27c86fb382c58148aaaf8b8.exe
File created	C:\Windows\SysWOW64\macromd\nasty teen posing in panties.mpg.pif	7451829e844d138c096766aca17c3b761abb1580c27c86fb382c58148aaaf8b8.exe
File created	C:\Windows\SysWOW64\macromd\celeb's toes being suck by body-guard.mpg.pif	7451829e844d138c096766aca17c3b761abb1580c27c86fb382c58148aaaf8b8.exe
File created	C:\Windows\SysWOW64\macromd\teen tied up and raped.exe	7451829e844d138c096766aca17c3b761abb1580c27c86fb382c58148aaaf8b8.exe
File created	C:\Windows\SysWOW64\macromd\warcraft 3 crack.exe	7451829e844d138c096766aca17c3b761abb1580c27c86fb382c58148aaaf8b8.exe
File created	C:\Windows\SysWOW64\macromd\Xbox Iso 2 Rom Converter.exe	7451829e844d138c096766aca17c3b761abb1580c27c86fb382c58148aaaf8b8.exe
File created	C:\Windows\SysWOW64\macromd\amateur babe showing pink.mpg.pif	7451829e844d138c096766aca17c3b761abb1580c27c86fb382c58148aaaf8b8.exe
File created	C:\Windows\SysWOW64\macromd\sexy bi guys doing a chick together.mpg.pif	7451829e844d138c096766aca17c3b761abb1580c27c86fb382c58148aaaf8b8.exe
File created	C:\Windows\SysWOW64\macromd\nikki nova sex scene huge dick blowjob.mpg.exe	7451829e844d138c096766aca17c3b761abb1580c27c86fb382c58148aaaf8b8.exe
File created	C:\Windows\SysWOW64\macromd\Free Porn.exe	7451829e844d138c096766aca17c3b761abb1580c27c86fb382c58148aaaf8b8.exe
File created	C:\Windows\SysWOW64\macromd\nurse in pink showing her healthy bone slot.mpg.pif	7451829e844d138c096766aca17c3b761abb1580c27c86fb382c58148aaaf8b8.exe
File created	C:\Windows\SysWOW64\macromd\slutty cum babes sharing a dick.mpg.pif	7451829e844d138c096766aca17c3b761abb1580c27c86fb382c58148aaaf8b8.exe
File created	C:\Windows\SysWOW64\macromd\Norton antivirus 2002.exe	7451829e844d138c096766aca17c3b761abb1580c27c86fb382c58148aaaf8b8.exe
File created	C:\Windows\SysWOW64\macromd\Preteen Rape Sex Illegal - Jenny - 13 Years old.mpg.pif	7451829e844d138c096766aca17c3b761abb1580c27c86fb382c58148aaaf8b8.exe
File created	C:\Windows\SysWOW64\macromd\gay stud giving head and fucking.mpg.pif	7451829e844d138c096766aca17c3b761abb1580c27c86fb382c58148aaaf8b8.exe
File created	C:\Windows\SysWOW64\macromd\hot babes having too much fun at nude beach party.mpg.pif	7451829e844d138c096766aca17c3b761abb1580c27c86fb382c58148aaaf8b8.exe
File created	C:\Windows\SysWOW64\macromd\babe locking lips around her man's rod in backyard.mpg.pif	7451829e844d138c096766aca17c3b761abb1580c27c86fb382c58148aaaf8b8.exe
File created	C:\Windows\SysWOW64\macromd\chick weeing in her pants.mpg.pif	7451829e844d138c096766aca17c3b761abb1580c27c86fb382c58148aaaf8b8.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	7451829e844d138c096766aca17c3b761abb1580c27c86fb382c58148aaaf8b8.exe
File created	C:\Windows\SysWOW64\macromd\sexy little blonde teasing.mpg.pif	7451829e844d138c096766aca17c3b761abb1580c27c86fb382c58148aaaf8b8.exe
File created	C:\Windows\SysWOW64\macromd\MSN.exe	7451829e844d138c096766aca17c3b761abb1580c27c86fb382c58148aaaf8b8.exe
File created	C:\Windows\SysWOW64\macromd\super sexy blonde showing her pink.mpg.pif	7451829e844d138c096766aca17c3b761abb1580c27c86fb382c58148aaaf8b8.exe
File created	C:\Windows\SysWOW64\macromd\siemens unlocker.exe	7451829e844d138c096766aca17c3b761abb1580c27c86fb382c58148aaaf8b8.exe
File created	C:\Windows\SysWOW64\macromd\Napster Clone.exe	7451829e844d138c096766aca17c3b761abb1580c27c86fb382c58148aaaf8b8.exe
File created	C:\Windows\SysWOW64\macromd\violent preteen gang bang illegal.mpg.exe	7451829e844d138c096766aca17c3b761abb1580c27c86fb382c58148aaaf8b8.exe
File created	C:\Windows\SysWOW64\macromd\sluts who are in control of their slaves.mpg.pif	7451829e844d138c096766aca17c3b761abb1580c27c86fb382c58148aaaf8b8.exe
File created	C:\Windows\SysWOW64\macromd\toying blonde with fucking machine.mpg.pif	7451829e844d138c096766aca17c3b761abb1580c27c86fb382c58148aaaf8b8.exe
File created	C:\Windows\SysWOW64\macromd\hot teeny sucking cock.mpg.pif	7451829e844d138c096766aca17c3b761abb1580c27c86fb382c58148aaaf8b8.exe
File created	C:\Windows\SysWOW64\macromd\CKY3 - Bam Margera World Industries Alien Workshop.exe	7451829e844d138c096766aca17c3b761abb1580c27c86fb382c58148aaaf8b8.exe
File created	C:\Windows\SysWOW64\macromd\14 year old on beach.mpg.exe	7451829e844d138c096766aca17c3b761abb1580c27c86fb382c58148aaaf8b8.exe

C:\Users\Admin\AppData\Local\Temp\7451829e844d138c096766aca17c3b761abb1580c27c86fb382c58148aaaf8b8.exe
"C:\Users\Admin\AppData\Local\Temp\7451829e844d138c096766aca17c3b761abb1580c27c86fb382c58148aaaf8b8.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:1724

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1724-54-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/1724-55-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download