ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301

Analysis

max time kernel
115s
max time network
118s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2022, 09:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe
Size

85KB
MD5

a27fd66a192b8a3562ab23715d83562a
SHA1

0296597d244626db301f0374b9e4c8fe6959e1d1
SHA256

ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301
SHA512

7784a235a81509866c1af695cded61141b06b7ad1ac914e3201a3a04f82233af5cc634d5101779eb76ec52198b872307347cb42229b888c7d814d4adfa6f2a27
SSDEEP

1536:5lrsicagdzn8K2ariPOcjk+XQuPVN72NMSQhZgco78BeTaN58PkmHH:5JjcF8KfCOcjk+guPVjSg07YeiItn

Score

8^/10

persistence upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1812-132-0x0000000000400000-0x0000000000467000-memory.dmp	upx
behavioral2/memory/1812-133-0x0000000000400000-0x0000000000467000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\sister and brother gettin' freaky .mpg.pif	ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe
File created	C:\Windows\SysWOW64\macromd\2 horny babes doing 1 lucky dude.mpg.pif	ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe
File created	C:\Windows\SysWOW64\macromd\anal fisting ass fucking and double penn.mpg.pif	ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe
File created	C:\Windows\SysWOW64\macromd\ICQ Hackingtools.exe	ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe
File created	C:\Windows\SysWOW64\macromd\little brown cup-cake with plump boobs and sweet beaver.mpg.pif	ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe
File created	C:\Windows\SysWOW64\macromd\candy stripper getting down on sick mans cock.mpg.pif	ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe
File created	C:\Windows\SysWOW64\macromd\cunt licking in pool.mpg.pif	ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe
File created	C:\Windows\SysWOW64\macromd\sweet ass blonde teen with dripping wet pussy.mpg.pif	ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe
File created	C:\Windows\SysWOW64\macromd\teen bisexual mmf threesome.mpg.pif	ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe
File created	C:\Windows\SysWOW64\macromd\sexy little bitch playing with dildo.mpg.pif	ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe
File created	C:\Windows\SysWOW64\macromd\gettin it hard up the ass.mpg.pif	ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe
File created	C:\Windows\SysWOW64\macromd\chick weeing in her pants.mpg.pif	ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe
File created	C:\Windows\SysWOW64\macromd\Lolita preteen sex.mpeg.pif	ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe
File created	C:\Windows\SysWOW64\macromd\GTA 3 Crack.exe	ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe
File created	C:\Windows\SysWOW64\macromd\hot babe getting pussy eaten by horny girlfriend.mpg.pif	ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe
File created	C:\Windows\SysWOW64\macromd\genuine indian slut posing.mpg.pif	ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe
File created	C:\Windows\SysWOW64\macromd\young teen slut with a huge cock in her mouth.mpg.pif	ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe
File created	C:\Windows\SysWOW64\macromd\tiny little virgin showing off her cherry pussy.mpg.pif	ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe
File created	C:\Windows\SysWOW64\macromd\cute girl giving head.exe	ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe
File created	C:\Windows\SysWOW64\macromd\two hot college girl fucking in class.mpg.pif	ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe
File created	C:\Windows\SysWOW64\macromd\sweet teen lesbians licking snatch.mpg.pif	ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe
File created	C:\Windows\SysWOW64\macromd\supermodel nina brosh .mpg.pif	ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe
File created	C:\Windows\SysWOW64\macromd\Another bang bus victim forced rape sex cum.mpg.exe	ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe
File created	C:\Windows\SysWOW64\macromd\fetish bondage preteen porno.mpg.pif	ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe
File created	C:\Windows\SysWOW64\macromd\hot babes having too much fun at nude beach party.mpg.pif	ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe
File created	C:\Windows\SysWOW64\macromd\password stealer.exe	ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe
File created	C:\Windows\SysWOW64\macromd\yahoo hacker.exe	ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe
File created	C:\Windows\SysWOW64\macromd\teen taking off her panties outdoors.mpg.pif	ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe
File created	C:\Windows\SysWOW64\macromd\gay stud giving head and fucking.mpg.pif	ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe
File created	C:\Windows\SysWOW64\macromd\two large black bones in a small white box.mpg.pif	ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe
File created	C:\Windows\SysWOW64\macromd\fine babe spreading sweet ass and luscious cunt.mpg.pif	ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe
File created	C:\Windows\SysWOW64\macromd\patricia arquette showing her tits.mpg.pif	ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe

C:\Users\Admin\AppData\Local\Temp\ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe
"C:\Users\Admin\AppData\Local\Temp\ff5226f2455aa7287f472ff87971aa98e1287e2052ac2b2bf439da7950524301.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:1812

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1812-132-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/1812-133-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download