Analysis
-
max time kernel
115s -
max time network
118s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
30/10/2022, 09:56
Behavioral task
behavioral1
Sample
ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe
Resource
win7-20220901-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe
-
Size
85KB
-
MD5
a27fd66a192b8a3562ab23715d83562a
-
SHA1
0296597d244626db301f0374b9e4c8fe6959e1d1
-
SHA256
ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301
-
SHA512
7784a235a81509866c1af695cded61141b06b7ad1ac914e3201a3a04f82233af5cc634d5101779eb76ec52198b872307347cb42229b888c7d814d4adfa6f2a27
-
SSDEEP
1536:5lrsicagdzn8K2ariPOcjk+XQuPVN72NMSQhZgco78BeTaN58PkmHH:5JjcF8KfCOcjk+guPVjSg07YeiItn
Score
8/10
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/1812-132-0x0000000000400000-0x0000000000467000-memory.dmp upx behavioral2/memory/1812-133-0x0000000000400000-0x0000000000467000-memory.dmp upx -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe" ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe -
Drops file in System32 directory 33 IoCs
description ioc Process File created C:\Windows\SysWOW64\macromd\sister and brother gettin' freaky .mpg.pif ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe File created C:\Windows\SysWOW64\macromd\2 horny babes doing 1 lucky dude.mpg.pif ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe File created C:\Windows\SysWOW64\macromd\anal fisting ass fucking and double penn.mpg.pif ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe File created C:\Windows\SysWOW64\macromd\ICQ Hackingtools.exe ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe File created C:\Windows\SysWOW64\macromd\little brown cup-cake with plump boobs and sweet beaver.mpg.pif ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe File created C:\Windows\SysWOW64\macromd\candy stripper getting down on sick mans cock.mpg.pif ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe File created C:\Windows\SysWOW64\macromd\cunt licking in pool.mpg.pif ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe File created C:\Windows\SysWOW64\macromd\sweet ass blonde teen with dripping wet pussy.mpg.pif ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe File created C:\Windows\SysWOW64\macromd\teen bisexual mmf threesome.mpg.pif ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe File created C:\Windows\SysWOW64\macromd\sexy little bitch playing with dildo.mpg.pif ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe File created C:\Windows\SysWOW64\macromd\gettin it hard up the ass.mpg.pif ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe File created C:\Windows\SysWOW64\macromd\chick weeing in her pants.mpg.pif ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe File created C:\Windows\SysWOW64\macromd\Lolita preteen sex.mpeg.pif ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe File created C:\Windows\SysWOW64\macromd\GTA 3 Crack.exe ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe File created C:\Windows\SysWOW64\macromd\hot babe getting pussy eaten by horny girlfriend.mpg.pif ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe File created C:\Windows\SysWOW64\macromd\genuine indian slut posing.mpg.pif ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe File created C:\Windows\SysWOW64\winxcfg.exe ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe File created C:\Windows\SysWOW64\macromd\young teen slut with a huge cock in her mouth.mpg.pif ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe File created C:\Windows\SysWOW64\macromd\tiny little virgin showing off her cherry pussy.mpg.pif ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe File created C:\Windows\SysWOW64\macromd\cute girl giving head.exe ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe File created C:\Windows\SysWOW64\macromd\two hot college girl fucking in class.mpg.pif ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe File created C:\Windows\SysWOW64\macromd\sweet teen lesbians licking snatch.mpg.pif ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe File created C:\Windows\SysWOW64\macromd\supermodel nina brosh .mpg.pif ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe File created C:\Windows\SysWOW64\macromd\Another bang bus victim forced rape sex cum.mpg.exe ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe File created C:\Windows\SysWOW64\macromd\fetish bondage preteen porno.mpg.pif ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe File created C:\Windows\SysWOW64\macromd\hot babes having too much fun at nude beach party.mpg.pif ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe File created C:\Windows\SysWOW64\macromd\password stealer.exe ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe File created C:\Windows\SysWOW64\macromd\yahoo hacker.exe ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe File created C:\Windows\SysWOW64\macromd\teen taking off her panties outdoors.mpg.pif ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe File created C:\Windows\SysWOW64\macromd\gay stud giving head and fucking.mpg.pif ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe File created C:\Windows\SysWOW64\macromd\two large black bones in a small white box.mpg.pif ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe File created C:\Windows\SysWOW64\macromd\fine babe spreading sweet ass and luscious cunt.mpg.pif ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe File created C:\Windows\SysWOW64\macromd\patricia arquette showing her tits.mpg.pif ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe