f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da

Analysis

max time kernel
46s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
07-11-2022 19:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
Size

398KB
MD5

0e769f711e593292fcefc60b486eee15
SHA1

449a595a97c9df2115bb22fafb7648c3919ecd47
SHA256

f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da
SHA512

943cc120d1eb1d10d22bdb14d901b48d3b501e10d31be99e39a9449cc780a463e31e746e05e2e8b2ced72eb9d53b6e95e96ca56b505e8b420db7ca273536758e
SSDEEP

768:tks+cAXJpB2TgpZnjJHk/OxJ+oFEZEM/49:tjrAX5NjJHJ+oFE2M/49

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\VMIntel386 = "C:\\Windows\\Intelx386\\VMIntel386.exe 256mb 32bit"	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Intelx386\Winamp 5.0 (full version).exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\Update Photoshop 7.0 to Photoshop 9.16 (It´s Work!).exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\Juegos JAVA para NOKIA.exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\Silent Hill.exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\Sexo con una menor.exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\Hentai Shizuka clit.exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\Simpsons pack guiones (Temporada 2004).exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\Hentai.exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\RealOne Player (Full version).exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\Follada brutal coño roto.exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\Terminator 3 Wallpapers.exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\Shinchan screen saver.scr	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\Pack Photoshop CS 8 plugins.exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\WAV2MP3.exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\Pack 50 Juegos PS2.exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\humor.exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\Dont Touch.exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\Hentai Evangelion Poker.exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\Update Photoshop 8.0 to Photoshop 9.5 (It´s Work!).exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\VirtualDub 2.1.4.exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\Capitulos ineditos de DragonBall Z jamas emitidos.exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\Puta come mierda.exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\Mazinkaiser pack fondos de escritorio.exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\Solo para Maricas.exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\No lo Descargues.exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\Pack sex very hot nude young girl porn erotic private pussy rape clitoris suck chicas fotos culos tetas coños mamadas corridas sister hermana amigas friends lesbianas mujeres desnudas putas guarras hentai.exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\Hacha Profesional Edition.exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\Chenoa en cueros.exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\VMIntel386.exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\WinZip 9.exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\GBAEmu.exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\Fuck my fat ass.avi.exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\WinRar 4 (with crack).exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\ContaWin 2000 (full version).exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\3D Studio R8 (It's Work!!).exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\Pedofilia pack 37 pics.exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\Download Accelerator Plus (DAP) (full version with serial).exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\GameCube Emulator.exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\Visual Studio (full).exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\FlashGet Max acceleration (Experimental).exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\Mazinkaiser comics pack.exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\Pack Tonos y Logos para Nokia.exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\Visual C.exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\German extreme violation.mpg.exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\Winamp 3.5 (full version).exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\DivX 7.2 freeware.exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\MSN messenger 6.3.exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\Matrix Wallpapers.exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\WinAce 3.85 (with Serial).exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\WinRar v6.11 (with crack).exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\3D Movie Maker.exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\mugen (full).exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\PSEmu.exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\Lolita Pack 20 Pics.exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\a pelo.exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\RM2GBA.exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\Dont Download.exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\WinAmp skings and plugins.exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\Winamp 3 (full version).exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\BsPlayer v3.exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\Nero 7.5.1.0 (cracked!).exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\Pack 25 Juegos GameCube.exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\Resident Evil for GameCube.exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
File created	C:\Windows\Intelx386\Visual Basic 6.exe	f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe

C:\Users\Admin\AppData\Local\Temp\f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe
"C:\Users\Admin\AppData\Local\Temp\f20b3425d5572a38843c59d6b59c1b68a310752aadb7a0c2ea9df789ae30a9da.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
PID:1444

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads