3ac848021e0364a0f7132d4d797172f4456478c9eb2a97592f5a639fa949c451

Analysis

max time kernel
95s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2022, 10:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3ac848021e0364a0f7132d4d797172f4456478c9eb2a97592f5a639fa949c451.exe
Size

89KB
MD5

a30954b1b1ecc664d2cd536d74245e90
SHA1

a33fbaf85d73d5d6dddd19826a7cb274777960ed
SHA256

3ac848021e0364a0f7132d4d797172f4456478c9eb2a97592f5a639fa949c451
SHA512

d745d505a1777ba38fc36a29356c384b289fb89a55abb70ea454ff2d4aaad5629b35e87db3bab4932c6460cc558a66ec6eebf9a8cc04f4bdc667868587dbf254
SSDEEP

1536:5lrsicagdzn8K2ariPOcjk+XQuPVN72NMS/Vwhha+ZLtRD24clz1t:5JjcF8KfCOcjk+guPVjS/VwlLtZFclP

Score

8^/10

persistence upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5008-132-0x0000000000400000-0x0000000000467000-memory.dmp	upx
behavioral2/memory/5008-133-0x0000000000400000-0x0000000000467000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	3ac848021e0364a0f7132d4d797172f4456478c9eb2a97592f5a639fa949c451.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\Microsoft Office XP (english) key generator.exe	3ac848021e0364a0f7132d4d797172f4456478c9eb2a97592f5a639fa949c451.exe
File created	C:\Windows\SysWOW64\macromd\brutal preteen porn xxx.exe	3ac848021e0364a0f7132d4d797172f4456478c9eb2a97592f5a639fa949c451.exe
File created	C:\Windows\SysWOW64\macromd\yahoo hacker.exe	3ac848021e0364a0f7132d4d797172f4456478c9eb2a97592f5a639fa949c451.exe
File created	C:\Windows\SysWOW64\macromd\blonde showing her pussy to her neighbor.mpg.pif	3ac848021e0364a0f7132d4d797172f4456478c9eb2a97592f5a639fa949c451.exe
File created	C:\Windows\SysWOW64\macromd\horny little blonde spreading pink.mpg.pif	3ac848021e0364a0f7132d4d797172f4456478c9eb2a97592f5a639fa949c451.exe
File created	C:\Windows\SysWOW64\macromd\couple babes getting off with well hung dude.mpg.pif	3ac848021e0364a0f7132d4d797172f4456478c9eb2a97592f5a639fa949c451.exe
File created	C:\Windows\SysWOW64\macromd\sylvia lauren showing her assets.mpg.pif	3ac848021e0364a0f7132d4d797172f4456478c9eb2a97592f5a639fa949c451.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	3ac848021e0364a0f7132d4d797172f4456478c9eb2a97592f5a639fa949c451.exe
File created	C:\Windows\SysWOW64\macromd\babe celebrating new years naked and spreading cunt.mpg.pif	3ac848021e0364a0f7132d4d797172f4456478c9eb2a97592f5a639fa949c451.exe
File created	C:\Windows\SysWOW64\macromd\tenderonie who insist her pussy must always be free.mpg.pif	3ac848021e0364a0f7132d4d797172f4456478c9eb2a97592f5a639fa949c451.exe
File created	C:\Windows\SysWOW64\macromd\kinky banana in pussy.mpg.pif	3ac848021e0364a0f7132d4d797172f4456478c9eb2a97592f5a639fa949c451.exe
File created	C:\Windows\SysWOW64\macromd\cute blonde chick riding cock.mpg.pif	3ac848021e0364a0f7132d4d797172f4456478c9eb2a97592f5a639fa949c451.exe
File created	C:\Windows\SysWOW64\macromd\teen taking off her panties outdoors.mpg.pif	3ac848021e0364a0f7132d4d797172f4456478c9eb2a97592f5a639fa949c451.exe
File created	C:\Windows\SysWOW64\macromd\two hot college girl fucking in class.mpg.pif	3ac848021e0364a0f7132d4d797172f4456478c9eb2a97592f5a639fa949c451.exe
File created	C:\Windows\SysWOW64\macromd\slut mouth open wide to take dick in.mpg.pif	3ac848021e0364a0f7132d4d797172f4456478c9eb2a97592f5a639fa949c451.exe
File created	C:\Windows\SysWOW64\macromd\2 old heshes playing with each other.mpg.pif	3ac848021e0364a0f7132d4d797172f4456478c9eb2a97592f5a639fa949c451.exe
File created	C:\Windows\SysWOW64\macromd\anastasia nude.exe	3ac848021e0364a0f7132d4d797172f4456478c9eb2a97592f5a639fa949c451.exe
File created	C:\Windows\SysWOW64\macromd\asian girls stuffed mouth shots.mpg.pif	3ac848021e0364a0f7132d4d797172f4456478c9eb2a97592f5a639fa949c451.exe
File created	C:\Windows\SysWOW64\macromd\lucky lesbians licking outdoors.mpg.pif	3ac848021e0364a0f7132d4d797172f4456478c9eb2a97592f5a639fa949c451.exe
File created	C:\Windows\SysWOW64\macromd\spread blonde with woolly pussy.mpg.pif	3ac848021e0364a0f7132d4d797172f4456478c9eb2a97592f5a639fa949c451.exe
File created	C:\Windows\SysWOW64\macromd\redhead with a shaved beaver.mpg.pif	3ac848021e0364a0f7132d4d797172f4456478c9eb2a97592f5a639fa949c451.exe
File created	C:\Windows\SysWOW64\macromd\hotmailhacker.exe	3ac848021e0364a0f7132d4d797172f4456478c9eb2a97592f5a639fa949c451.exe
File created	C:\Windows\SysWOW64\macromd\MSN Password Hacker and Stealer.exe	3ac848021e0364a0f7132d4d797172f4456478c9eb2a97592f5a639fa949c451.exe
File created	C:\Windows\SysWOW64\macromd\babes getting big cocks off with lips.mpg.pif	3ac848021e0364a0f7132d4d797172f4456478c9eb2a97592f5a639fa949c451.exe
File created	C:\Windows\SysWOW64\macromd\sexy teen lesbians licking pussy.mpg.pif	3ac848021e0364a0f7132d4d797172f4456478c9eb2a97592f5a639fa949c451.exe
File created	C:\Windows\SysWOW64\macromd\pretty babe sucking cock on bed.mpg.pif	3ac848021e0364a0f7132d4d797172f4456478c9eb2a97592f5a639fa949c451.exe
File created	C:\Windows\SysWOW64\macromd\busty blondie with cool ass.mpg.pif	3ac848021e0364a0f7132d4d797172f4456478c9eb2a97592f5a639fa949c451.exe
File created	C:\Windows\SysWOW64\macromd\maid's vagina plowed by big cock.mpg.pif	3ac848021e0364a0f7132d4d797172f4456478c9eb2a97592f5a639fa949c451.exe
File created	C:\Windows\SysWOW64\macromd\Grand theft auto 3 CD1 crack.exe	3ac848021e0364a0f7132d4d797172f4456478c9eb2a97592f5a639fa949c451.exe
File created	C:\Windows\SysWOW64\macromd\polish naturals with nice round titties.mpg.pif	3ac848021e0364a0f7132d4d797172f4456478c9eb2a97592f5a639fa949c451.exe
File created	C:\Windows\SysWOW64\macromd\violent preteen gang bang illegal.mpg.exe	3ac848021e0364a0f7132d4d797172f4456478c9eb2a97592f5a639fa949c451.exe
File created	C:\Windows\SysWOW64\macromd\tiny girl opening hole in crazy wish of cock.mpg.pif	3ac848021e0364a0f7132d4d797172f4456478c9eb2a97592f5a639fa949c451.exe
File created	C:\Windows\SysWOW64\macromd\hot slut with a big dildo.mpg.pif	3ac848021e0364a0f7132d4d797172f4456478c9eb2a97592f5a639fa949c451.exe

C:\Users\Admin\AppData\Local\Temp\3ac848021e0364a0f7132d4d797172f4456478c9eb2a97592f5a639fa949c451.exe
"C:\Users\Admin\AppData\Local\Temp\3ac848021e0364a0f7132d4d797172f4456478c9eb2a97592f5a639fa949c451.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:5008

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5008-132-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/5008-133-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download