00b3ef325475bfb1707d9454e212b7a73db54e320335c25b0b6d47f1d802c1e8

Analysis

max time kernel
17s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/11/2022, 05:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

00b3ef325475bfb1707d9454e212b7a73db54e320335c25b0b6d47f1d802c1e8.exe
Size

81KB
MD5

22bf2c5dc3960d660d4b89ac84e10350
SHA1

5e33de7c4b435848737fb6914b0d1b5c7ed1c1b4
SHA256

00b3ef325475bfb1707d9454e212b7a73db54e320335c25b0b6d47f1d802c1e8
SHA512

aebebbce018ecc8bdb4c024f1eb96b0d43872c32929cd1caba6d1b5b5206c6eab0715822bf6558f2a42d5d5ed05a753323c1de4598d188b9e77c5edbab525830
SSDEEP

1536:5lrsicagdzn8K2ariPOcjk+XQuPVN72NMSnU81ZWZ5vuxWaPBAbY:5JjcF8KfCOcjk+guPVjSUw0Z5mBqM

Score

8^/10

persistence upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2024-54-0x0000000000400000-0x0000000000467000-memory.dmp	upx
behavioral1/memory/2024-55-0x0000000000400000-0x0000000000467000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	00b3ef325475bfb1707d9454e212b7a73db54e320335c25b0b6d47f1d802c1e8.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\hot blonde teen sucking old dick.mpg.pif	00b3ef325475bfb1707d9454e212b7a73db54e320335c25b0b6d47f1d802c1e8.exe
File created	C:\Windows\SysWOW64\macromd\babe doing boyfriend and his buddy.mpg.pif	00b3ef325475bfb1707d9454e212b7a73db54e320335c25b0b6d47f1d802c1e8.exe
File created	C:\Windows\SysWOW64\macromd\pamela anderson naked.mpg.exe	00b3ef325475bfb1707d9454e212b7a73db54e320335c25b0b6d47f1d802c1e8.exe
File created	C:\Windows\SysWOW64\macromd\babe with peach shape pussy that needs it bitten.mpg.pif	00b3ef325475bfb1707d9454e212b7a73db54e320335c25b0b6d47f1d802c1e8.exe
File created	C:\Windows\SysWOW64\macromd\amateur spreading more fine ass than stud can handle.mpg.pif	00b3ef325475bfb1707d9454e212b7a73db54e320335c25b0b6d47f1d802c1e8.exe
File created	C:\Windows\SysWOW64\macromd\hard cock cumming in her mouth.mpg.pif	00b3ef325475bfb1707d9454e212b7a73db54e320335c25b0b6d47f1d802c1e8.exe
File created	C:\Windows\SysWOW64\macromd\cock forced in some slut mouth.mpg.pif	00b3ef325475bfb1707d9454e212b7a73db54e320335c25b0b6d47f1d802c1e8.exe
File created	C:\Windows\SysWOW64\macromd\Choke on cum (sodomy, rape).mpg.exe	00b3ef325475bfb1707d9454e212b7a73db54e320335c25b0b6d47f1d802c1e8.exe
File created	C:\Windows\SysWOW64\macromd\krystal steal getting her bald clam filled.mpg.pif	00b3ef325475bfb1707d9454e212b7a73db54e320335c25b0b6d47f1d802c1e8.exe
File created	C:\Windows\SysWOW64\macromd\tenderonie who insist her pussy must always be free.mpg.pif	00b3ef325475bfb1707d9454e212b7a73db54e320335c25b0b6d47f1d802c1e8.exe
File created	C:\Windows\SysWOW64\macromd\two teen lesbians with dildo having fun.mpg.pif	00b3ef325475bfb1707d9454e212b7a73db54e320335c25b0b6d47f1d802c1e8.exe
File created	C:\Windows\SysWOW64\macromd\sexy blonde teasing pussy.mpg.pif	00b3ef325475bfb1707d9454e212b7a73db54e320335c25b0b6d47f1d802c1e8.exe
File created	C:\Windows\SysWOW64\macromd\wild stud eating and drilling small pussy freek.mpg.pif	00b3ef325475bfb1707d9454e212b7a73db54e320335c25b0b6d47f1d802c1e8.exe
File created	C:\Windows\SysWOW64\macromd\MSN Password Hacker and Stealer.exe	00b3ef325475bfb1707d9454e212b7a73db54e320335c25b0b6d47f1d802c1e8.exe
File created	C:\Windows\SysWOW64\macromd\sluts who are in control of their slaves.mpg.pif	00b3ef325475bfb1707d9454e212b7a73db54e320335c25b0b6d47f1d802c1e8.exe
File created	C:\Windows\SysWOW64\macromd\two hot college girl fucking in class.mpg.pif	00b3ef325475bfb1707d9454e212b7a73db54e320335c25b0b6d47f1d802c1e8.exe
File created	C:\Windows\SysWOW64\macromd\drunk babes sharing a dick.mpg.pif	00b3ef325475bfb1707d9454e212b7a73db54e320335c25b0b6d47f1d802c1e8.exe
File created	C:\Windows\SysWOW64\macromd\asian slut with puffy exotic lips.mpg.pif	00b3ef325475bfb1707d9454e212b7a73db54e320335c25b0b6d47f1d802c1e8.exe
File created	C:\Windows\SysWOW64\macromd\japanes girl getting it from behind.mpg.pif	00b3ef325475bfb1707d9454e212b7a73db54e320335c25b0b6d47f1d802c1e8.exe
File created	C:\Windows\SysWOW64\macromd\Hotmail Hacker.exe	00b3ef325475bfb1707d9454e212b7a73db54e320335c25b0b6d47f1d802c1e8.exe
File created	C:\Windows\SysWOW64\macromd\jenna jameson - built for speed.exe	00b3ef325475bfb1707d9454e212b7a73db54e320335c25b0b6d47f1d802c1e8.exe
File created	C:\Windows\SysWOW64\macromd\two kinky old lezbos snapping the whip.mpg.pif	00b3ef325475bfb1707d9454e212b7a73db54e320335c25b0b6d47f1d802c1e8.exe
File created	C:\Windows\SysWOW64\macromd\Free Porn.exe	00b3ef325475bfb1707d9454e212b7a73db54e320335c25b0b6d47f1d802c1e8.exe
File created	C:\Windows\SysWOW64\macromd\illegal porno - 15 year old raped by two men on boat.mpg.pif	00b3ef325475bfb1707d9454e212b7a73db54e320335c25b0b6d47f1d802c1e8.exe
File created	C:\Windows\SysWOW64\macromd\win2k serial.exe	00b3ef325475bfb1707d9454e212b7a73db54e320335c25b0b6d47f1d802c1e8.exe
File created	C:\Windows\SysWOW64\macromd\black dude gettin it with two white hoes.mpg.pif	00b3ef325475bfb1707d9454e212b7a73db54e320335c25b0b6d47f1d802c1e8.exe
File created	C:\Windows\SysWOW64\macromd\maid's vagina plowed by big cock.mpg.pif	00b3ef325475bfb1707d9454e212b7a73db54e320335c25b0b6d47f1d802c1e8.exe
File created	C:\Windows\SysWOW64\macromd\brazilian supermodel adriana lima.mpg.pif	00b3ef325475bfb1707d9454e212b7a73db54e320335c25b0b6d47f1d802c1e8.exe
File created	C:\Windows\SysWOW64\macromd\Warcraft 3 battle.net serial generator.exe	00b3ef325475bfb1707d9454e212b7a73db54e320335c25b0b6d47f1d802c1e8.exe
File created	C:\Windows\SysWOW64\macromd\busty asian babe with a hairy box.mpg.pif	00b3ef325475bfb1707d9454e212b7a73db54e320335c25b0b6d47f1d802c1e8.exe
File created	C:\Windows\SysWOW64\macromd\Digimon.exe	00b3ef325475bfb1707d9454e212b7a73db54e320335c25b0b6d47f1d802c1e8.exe
File created	C:\Windows\SysWOW64\macromd\some fine amateur pussy shots from behind.mpg.pif	00b3ef325475bfb1707d9454e212b7a73db54e320335c25b0b6d47f1d802c1e8.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	00b3ef325475bfb1707d9454e212b7a73db54e320335c25b0b6d47f1d802c1e8.exe

C:\Users\Admin\AppData\Local\Temp\00b3ef325475bfb1707d9454e212b7a73db54e320335c25b0b6d47f1d802c1e8.exe
"C:\Users\Admin\AppData\Local\Temp\00b3ef325475bfb1707d9454e212b7a73db54e320335c25b0b6d47f1d802c1e8.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:2024

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2024-54-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/2024-55-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download