b9ac32d9f8b1c3e2d75e9d5b7221bf9c1e981ba6033855583e64734efe65cec3

Analysis

max time kernel
38s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07/11/2022, 07:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b9ac32d9f8b1c3e2d75e9d5b7221bf9c1e981ba6033855583e64734efe65cec3.exe
Size

71KB
MD5

1307287f9bb888949e9aaaff71824790
SHA1

ef2786aa5eef8fe289811cd77c2c69dd34227c39
SHA256

b9ac32d9f8b1c3e2d75e9d5b7221bf9c1e981ba6033855583e64734efe65cec3
SHA512

31ef896a4f174562d370b5addf2813de521c76b2fde3322fa4c536341b112c520eeb01f39d9e43a2c4ab202b29c0d70cc9b7b36392f670c9200a22f501ccdefa
SSDEEP

1536:5lrsicagdzn8K2ariPOcjk+XQuPVN72NMSfymU:5JjcF8KfCOcjk+guPVjSflU

Score

8^/10

persistence upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1872-54-0x0000000000400000-0x0000000000467000-memory.dmp	upx
behavioral1/memory/1872-55-0x0000000000400000-0x0000000000467000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	b9ac32d9f8b1c3e2d75e9d5b7221bf9c1e981ba6033855583e64734efe65cec3.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\girls gone wild.mpg.exe	b9ac32d9f8b1c3e2d75e9d5b7221bf9c1e981ba6033855583e64734efe65cec3.exe
File created	C:\Windows\SysWOW64\macromd\two studs gangbanging a hot little sluts holes.mpg.pif	b9ac32d9f8b1c3e2d75e9d5b7221bf9c1e981ba6033855583e64734efe65cec3.exe
File created	C:\Windows\SysWOW64\macromd\hard cock cumming in her mouth.mpg.pif	b9ac32d9f8b1c3e2d75e9d5b7221bf9c1e981ba6033855583e64734efe65cec3.exe
File created	C:\Windows\SysWOW64\macromd\jenna jameson - built for speed.exe	b9ac32d9f8b1c3e2d75e9d5b7221bf9c1e981ba6033855583e64734efe65cec3.exe
File created	C:\Windows\SysWOW64\macromd\tiny little virgin showing off her cherry pussy.mpg.pif	b9ac32d9f8b1c3e2d75e9d5b7221bf9c1e981ba6033855583e64734efe65cec3.exe
File created	C:\Windows\SysWOW64\macromd\old man fucking young blonde teen.mpg.pif	b9ac32d9f8b1c3e2d75e9d5b7221bf9c1e981ba6033855583e64734efe65cec3.exe
File created	C:\Windows\SysWOW64\macromd\ICQ Hackingtools.exe	b9ac32d9f8b1c3e2d75e9d5b7221bf9c1e981ba6033855583e64734efe65cec3.exe
File created	C:\Windows\SysWOW64\macromd\GTA 3 Serial.exe	b9ac32d9f8b1c3e2d75e9d5b7221bf9c1e981ba6033855583e64734efe65cec3.exe
File created	C:\Windows\SysWOW64\macromd\brutal preteen porn xxx.exe	b9ac32d9f8b1c3e2d75e9d5b7221bf9c1e981ba6033855583e64734efe65cec3.exe
File created	C:\Windows\SysWOW64\macromd\violent preteen gang bang illegal.mpg.exe	b9ac32d9f8b1c3e2d75e9d5b7221bf9c1e981ba6033855583e64734efe65cec3.exe
File created	C:\Windows\SysWOW64\macromd\young slut being pound in all her tight holes.mpg.pif	b9ac32d9f8b1c3e2d75e9d5b7221bf9c1e981ba6033855583e64734efe65cec3.exe
File created	C:\Windows\SysWOW64\macromd\Kama Sutra Tetris.exe	b9ac32d9f8b1c3e2d75e9d5b7221bf9c1e981ba6033855583e64734efe65cec3.exe
File created	C:\Windows\SysWOW64\macromd\Jenna Jameson Nude Gang Bang Forced Cum Blowjob.mpg.pif	b9ac32d9f8b1c3e2d75e9d5b7221bf9c1e981ba6033855583e64734efe65cec3.exe
File created	C:\Windows\SysWOW64\macromd\closeups of horny slut serving up sweet hairy bush.mpg.pif	b9ac32d9f8b1c3e2d75e9d5b7221bf9c1e981ba6033855583e64734efe65cec3.exe
File created	C:\Windows\SysWOW64\macromd\babes getting their tender little asses corked.mpg.pif	b9ac32d9f8b1c3e2d75e9d5b7221bf9c1e981ba6033855583e64734efe65cec3.exe
File created	C:\Windows\SysWOW64\macromd\polish naturals with nice round titties.mpg.pif	b9ac32d9f8b1c3e2d75e9d5b7221bf9c1e981ba6033855583e64734efe65cec3.exe
File created	C:\Windows\SysWOW64\macromd\horny little blonde spreading pink.mpg.pif	b9ac32d9f8b1c3e2d75e9d5b7221bf9c1e981ba6033855583e64734efe65cec3.exe
File created	C:\Windows\SysWOW64\macromd\redhead in red lingerie ready to fuck.mpg.pif	b9ac32d9f8b1c3e2d75e9d5b7221bf9c1e981ba6033855583e64734efe65cec3.exe
File created	C:\Windows\SysWOW64\macromd\Another bang bus victim forced rape sex cum.mpg.exe	b9ac32d9f8b1c3e2d75e9d5b7221bf9c1e981ba6033855583e64734efe65cec3.exe
File created	C:\Windows\SysWOW64\macromd\Britney spears nude.exe	b9ac32d9f8b1c3e2d75e9d5b7221bf9c1e981ba6033855583e64734efe65cec3.exe
File created	C:\Windows\SysWOW64\macromd\MSN Flooder.exe	b9ac32d9f8b1c3e2d75e9d5b7221bf9c1e981ba6033855583e64734efe65cec3.exe
File created	C:\Windows\SysWOW64\macromd\cute honie spreading flawless ass and juicy twat.mpg.pif	b9ac32d9f8b1c3e2d75e9d5b7221bf9c1e981ba6033855583e64734efe65cec3.exe
File created	C:\Windows\SysWOW64\macromd\fun slut who let dude eat her off in jacuzzi.mpg.pif	b9ac32d9f8b1c3e2d75e9d5b7221bf9c1e981ba6033855583e64734efe65cec3.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	b9ac32d9f8b1c3e2d75e9d5b7221bf9c1e981ba6033855583e64734efe65cec3.exe
File created	C:\Windows\SysWOW64\macromd\hot babe getting pussy eaten by horny girlfriend.mpg.pif	b9ac32d9f8b1c3e2d75e9d5b7221bf9c1e981ba6033855583e64734efe65cec3.exe
File created	C:\Windows\SysWOW64\macromd\babes getting big cocks off with lips.mpg.pif	b9ac32d9f8b1c3e2d75e9d5b7221bf9c1e981ba6033855583e64734efe65cec3.exe
File created	C:\Windows\SysWOW64\macromd\yummy lesbos licking.mpg.pif	b9ac32d9f8b1c3e2d75e9d5b7221bf9c1e981ba6033855583e64734efe65cec3.exe
File created	C:\Windows\SysWOW64\macromd\Choke on cum (sodomy, rape).mpg.exe	b9ac32d9f8b1c3e2d75e9d5b7221bf9c1e981ba6033855583e64734efe65cec3.exe
File created	C:\Windows\SysWOW64\macromd\Winzip.exe	b9ac32d9f8b1c3e2d75e9d5b7221bf9c1e981ba6033855583e64734efe65cec3.exe
File created	C:\Windows\SysWOW64\macromd\Yahoo mail cracker.exe	b9ac32d9f8b1c3e2d75e9d5b7221bf9c1e981ba6033855583e64734efe65cec3.exe
File created	C:\Windows\SysWOW64\macromd\Norton antivirus 2002.exe	b9ac32d9f8b1c3e2d75e9d5b7221bf9c1e981ba6033855583e64734efe65cec3.exe
File created	C:\Windows\SysWOW64\macromd\anastasia nude.exe	b9ac32d9f8b1c3e2d75e9d5b7221bf9c1e981ba6033855583e64734efe65cec3.exe
File created	C:\Windows\SysWOW64\macromd\hotmailhacker.exe	b9ac32d9f8b1c3e2d75e9d5b7221bf9c1e981ba6033855583e64734efe65cec3.exe

C:\Users\Admin\AppData\Local\Temp\b9ac32d9f8b1c3e2d75e9d5b7221bf9c1e981ba6033855583e64734efe65cec3.exe
"C:\Users\Admin\AppData\Local\Temp\b9ac32d9f8b1c3e2d75e9d5b7221bf9c1e981ba6033855583e64734efe65cec3.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:1872

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1872-54-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/1872-55-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download