c5ce541ac5f8062342ca62d25b0e8860223eb0da7a35db2bdc54b567f2140bca

Analysis

max time kernel
90s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2022, 09:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c5ce541ac5f8062342ca62d25b0e8860223eb0da7a35db2bdc54b567f2140bca.exe
Size

88KB
MD5

a2c65f2f236a2a3bde1bdfce38666490
SHA1

b801fab72ecd481390a76ef89916e5c0eed71e43
SHA256

c5ce541ac5f8062342ca62d25b0e8860223eb0da7a35db2bdc54b567f2140bca
SHA512

d031d9915ca6387e9bd0ed474500b51e9a46ab7a3ba3bcc8db784c30414c52959e999da729e0e9143bc23af5d68a5d2af880ce5299890c4bfd68fdb302ea83b4
SSDEEP

1536:5lrsicagdzn8K2ariPOcjk+XQuPVN72NMShOzeUwpXIaLpclesoJX5M:5JjcF8KfCOcjk+guPVjShOyhxLpBXu

Score

8^/10

persistence upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1140-132-0x0000000000400000-0x0000000000467000-memory.dmp	upx
behavioral2/memory/1140-133-0x0000000000400000-0x0000000000467000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	c5ce541ac5f8062342ca62d25b0e8860223eb0da7a35db2bdc54b567f2140bca.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\honie playing in her cunt with newly bought toy.mpg.pif	c5ce541ac5f8062342ca62d25b0e8860223eb0da7a35db2bdc54b567f2140bca.exe
File created	C:\Windows\SysWOW64\macromd\old fucker punishing teeny.mpg.pif	c5ce541ac5f8062342ca62d25b0e8860223eb0da7a35db2bdc54b567f2140bca.exe
File created	C:\Windows\SysWOW64\macromd\Britney spears nude.exe	c5ce541ac5f8062342ca62d25b0e8860223eb0da7a35db2bdc54b567f2140bca.exe
File created	C:\Windows\SysWOW64\macromd\GTA 3 Crack.exe	c5ce541ac5f8062342ca62d25b0e8860223eb0da7a35db2bdc54b567f2140bca.exe
File created	C:\Windows\SysWOW64\macromd\yummy lesbos licking.mpg.pif	c5ce541ac5f8062342ca62d25b0e8860223eb0da7a35db2bdc54b567f2140bca.exe
File created	C:\Windows\SysWOW64\macromd\Counter Strike CD Keygen.exe	c5ce541ac5f8062342ca62d25b0e8860223eb0da7a35db2bdc54b567f2140bca.exe
File created	C:\Windows\SysWOW64\macromd\wife in kitchen preparing hot pussy for hubby's dinner.mpg.pif	c5ce541ac5f8062342ca62d25b0e8860223eb0da7a35db2bdc54b567f2140bca.exe
File created	C:\Windows\SysWOW64\macromd\Xbox Iso 2 Rom Converter.exe	c5ce541ac5f8062342ca62d25b0e8860223eb0da7a35db2bdc54b567f2140bca.exe
File created	C:\Windows\SysWOW64\macromd\momma's juggs that make you scream for mercy.mpg.pif	c5ce541ac5f8062342ca62d25b0e8860223eb0da7a35db2bdc54b567f2140bca.exe
File created	C:\Windows\SysWOW64\macromd\cute petite amateur girl spreading her snatch.mpg.pif	c5ce541ac5f8062342ca62d25b0e8860223eb0da7a35db2bdc54b567f2140bca.exe
File created	C:\Windows\SysWOW64\macromd\yahoo cracker.exe	c5ce541ac5f8062342ca62d25b0e8860223eb0da7a35db2bdc54b567f2140bca.exe
File created	C:\Windows\SysWOW64\macromd\AIM Account Hacker.exe	c5ce541ac5f8062342ca62d25b0e8860223eb0da7a35db2bdc54b567f2140bca.exe
File created	C:\Windows\SysWOW64\macromd\shy teen draining the juice from 2 cocks.mpg.pif	c5ce541ac5f8062342ca62d25b0e8860223eb0da7a35db2bdc54b567f2140bca.exe
File created	C:\Windows\SysWOW64\macromd\hot babe showing her pussy and wanting a stiff cock.mpg.pif	c5ce541ac5f8062342ca62d25b0e8860223eb0da7a35db2bdc54b567f2140bca.exe
File created	C:\Windows\SysWOW64\macromd\jenna jameson - shower scene.exe	c5ce541ac5f8062342ca62d25b0e8860223eb0da7a35db2bdc54b567f2140bca.exe
File created	C:\Windows\SysWOW64\macromd\cute honie spreading flawless ass and juicy twat.mpg.pif	c5ce541ac5f8062342ca62d25b0e8860223eb0da7a35db2bdc54b567f2140bca.exe
File created	C:\Windows\SysWOW64\macromd\stud fucking his blonde french maid.mpg.pif	c5ce541ac5f8062342ca62d25b0e8860223eb0da7a35db2bdc54b567f2140bca.exe
File created	C:\Windows\SysWOW64\macromd\mature show older pussy and happy to do it.mpg.pif	c5ce541ac5f8062342ca62d25b0e8860223eb0da7a35db2bdc54b567f2140bca.exe
File created	C:\Windows\SysWOW64\macromd\hotties sucking boobs and eating snatch in large bed.mpg.pif	c5ce541ac5f8062342ca62d25b0e8860223eb0da7a35db2bdc54b567f2140bca.exe
File created	C:\Windows\SysWOW64\macromd\kitty-cat with horny beaver that needs licking.mpg.pif	c5ce541ac5f8062342ca62d25b0e8860223eb0da7a35db2bdc54b567f2140bca.exe
File created	C:\Windows\SysWOW64\macromd\hotmail account sniffer.exe	c5ce541ac5f8062342ca62d25b0e8860223eb0da7a35db2bdc54b567f2140bca.exe
File created	C:\Windows\SysWOW64\macromd\nice girl showing her tits for extra money.mpg.pif	c5ce541ac5f8062342ca62d25b0e8860223eb0da7a35db2bdc54b567f2140bca.exe
File created	C:\Windows\SysWOW64\macromd\her taking a dildo right in the ass.mpg.pif	c5ce541ac5f8062342ca62d25b0e8860223eb0da7a35db2bdc54b567f2140bca.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	c5ce541ac5f8062342ca62d25b0e8860223eb0da7a35db2bdc54b567f2140bca.exe
File created	C:\Windows\SysWOW64\macromd\jenna jameson - xxx nurse scene.mpg.pif	c5ce541ac5f8062342ca62d25b0e8860223eb0da7a35db2bdc54b567f2140bca.exe
File created	C:\Windows\SysWOW64\macromd\chunky broad with a hairy well used ass.mpg.pif	c5ce541ac5f8062342ca62d25b0e8860223eb0da7a35db2bdc54b567f2140bca.exe
File created	C:\Windows\SysWOW64\macromd\both holes fucked by a massive fucking machin.mpg.pif	c5ce541ac5f8062342ca62d25b0e8860223eb0da7a35db2bdc54b567f2140bca.exe
File created	C:\Windows\SysWOW64\macromd\Winzip.exe	c5ce541ac5f8062342ca62d25b0e8860223eb0da7a35db2bdc54b567f2140bca.exe
File created	C:\Windows\SysWOW64\macromd\career girls playing with their snatch after work.mpg.pif	c5ce541ac5f8062342ca62d25b0e8860223eb0da7a35db2bdc54b567f2140bca.exe
File created	C:\Windows\SysWOW64\macromd\some fine amateur pussy shots from behind.mpg.pif	c5ce541ac5f8062342ca62d25b0e8860223eb0da7a35db2bdc54b567f2140bca.exe
File created	C:\Windows\SysWOW64\macromd\busty older bitch gets slammed.mpg.pif	c5ce541ac5f8062342ca62d25b0e8860223eb0da7a35db2bdc54b567f2140bca.exe
File created	C:\Windows\SysWOW64\macromd\preteen snuff sex rape with a stick hardcore.mpg.pif	c5ce541ac5f8062342ca62d25b0e8860223eb0da7a35db2bdc54b567f2140bca.exe
File created	C:\Windows\SysWOW64\macromd\cool rooster raiding hen house for hot babes, link city.mpg.pif	c5ce541ac5f8062342ca62d25b0e8860223eb0da7a35db2bdc54b567f2140bca.exe

C:\Users\Admin\AppData\Local\Temp\c5ce541ac5f8062342ca62d25b0e8860223eb0da7a35db2bdc54b567f2140bca.exe
"C:\Users\Admin\AppData\Local\Temp\c5ce541ac5f8062342ca62d25b0e8860223eb0da7a35db2bdc54b567f2140bca.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:1140

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1140-132-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/1140-133-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download