8817ffb8f11d20ffecf206895792adac9f42ce7bdc0d8a3822bae48169a0ebea

General

Target

8817ffb8f11d20ffecf206895792adac9f42ce7bdc0d8a3822bae48169a0ebea.exe
Size

78KB
MD5

42ed73d83ab820eddc4fb5f4887f57b4
SHA1

466a3351955c167f4338ee288c4ca221c602aa28
SHA256

8817ffb8f11d20ffecf206895792adac9f42ce7bdc0d8a3822bae48169a0ebea
SHA512

32d1bcc7428b84101b3a4e5597746074556b4a6e5ff69553d6ca696e854445351185f047ef3f7927ed3f0efab7225cb464f8cda155ce65024ae4e263ccfa5fbd
SSDEEP

1536:5lrsicagdzn8K2ariPOcjk+XQuPVN72NMSWQkK8CvBXi2FaMKI:5JjcF8KfCOcjk+guPVjS0Cv82FLKI

Score

8^/10

persistence upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2012-54-0x0000000000400000-0x0000000000467000-memory.dmp	upx
behavioral1/memory/2012-55-0x0000000000400000-0x0000000000467000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

8817ffb8f11d20ffecf206895792adac9f42ce7bdc0d8a3822bae48169a0ebea.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	8817ffb8f11d20ffecf206895792adac9f42ce7bdc0d8a3822bae48169a0ebea.exe

Drops file in System32 directory 33 IoCs

Processes:

8817ffb8f11d20ffecf206895792adac9f42ce7bdc0d8a3822bae48169a0ebea.exe

description	ioc	process
File created	C:\Windows\SysWOW64\macromd\tiny girl opening hole in crazy wish of cock.mpg.pif	8817ffb8f11d20ffecf206895792adac9f42ce7bdc0d8a3822bae48169a0ebea.exe
File created	C:\Windows\SysWOW64\macromd\dude getting burned out trying to fuck 2 hot babes.mpg.pif	8817ffb8f11d20ffecf206895792adac9f42ce7bdc0d8a3822bae48169a0ebea.exe
File created	C:\Windows\SysWOW64\macromd\ebony girl with massive hooters.mpg.pif	8817ffb8f11d20ffecf206895792adac9f42ce7bdc0d8a3822bae48169a0ebea.exe
File created	C:\Windows\SysWOW64\macromd\candy stripper getting down on sick mans cock.mpg.pif	8817ffb8f11d20ffecf206895792adac9f42ce7bdc0d8a3822bae48169a0ebea.exe
File created	C:\Windows\SysWOW64\macromd\happy babe who got 12 inches last night.mpg.pif	8817ffb8f11d20ffecf206895792adac9f42ce7bdc0d8a3822bae48169a0ebea.exe
File created	C:\Windows\SysWOW64\macromd\Pamela Anderson.exe	8817ffb8f11d20ffecf206895792adac9f42ce7bdc0d8a3822bae48169a0ebea.exe
File created	C:\Windows\SysWOW64\macromd\Yahoo mail cracker.exe	8817ffb8f11d20ffecf206895792adac9f42ce7bdc0d8a3822bae48169a0ebea.exe
File created	C:\Windows\SysWOW64\macromd\horny housewife looking for some action.mpg.pif	8817ffb8f11d20ffecf206895792adac9f42ce7bdc0d8a3822bae48169a0ebea.exe
File created	C:\Windows\SysWOW64\macromd\two busty sluts fucked in bathroom.mpg.pif	8817ffb8f11d20ffecf206895792adac9f42ce7bdc0d8a3822bae48169a0ebea.exe
File created	C:\Windows\SysWOW64\macromd\genuine indian slut posing.mpg.pif	8817ffb8f11d20ffecf206895792adac9f42ce7bdc0d8a3822bae48169a0ebea.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	8817ffb8f11d20ffecf206895792adac9f42ce7bdc0d8a3822bae48169a0ebea.exe
File created	C:\Windows\SysWOW64\macromd\nude.exe	8817ffb8f11d20ffecf206895792adac9f42ce7bdc0d8a3822bae48169a0ebea.exe
File created	C:\Windows\SysWOW64\macromd\warcraft 3 crack.exe	8817ffb8f11d20ffecf206895792adac9f42ce7bdc0d8a3822bae48169a0ebea.exe
File created	C:\Windows\SysWOW64\macromd\babes with oversized hooters spreading.mpg.pif	8817ffb8f11d20ffecf206895792adac9f42ce7bdc0d8a3822bae48169a0ebea.exe
File created	C:\Windows\SysWOW64\macromd\wild ebony slut taking two cocks.mpg.pif	8817ffb8f11d20ffecf206895792adac9f42ce7bdc0d8a3822bae48169a0ebea.exe
File created	C:\Windows\SysWOW64\macromd\honie displaying raw pink ass.mpg.pif	8817ffb8f11d20ffecf206895792adac9f42ce7bdc0d8a3822bae48169a0ebea.exe
File created	C:\Windows\SysWOW64\macromd\chick weeing in her pants.mpg.pif	8817ffb8f11d20ffecf206895792adac9f42ce7bdc0d8a3822bae48169a0ebea.exe
File created	C:\Windows\SysWOW64\macromd\brazilian supermodel adriana lima.mpg.pif	8817ffb8f11d20ffecf206895792adac9f42ce7bdc0d8a3822bae48169a0ebea.exe
File created	C:\Windows\SysWOW64\macromd\jenna jameson - shower scene.exe	8817ffb8f11d20ffecf206895792adac9f42ce7bdc0d8a3822bae48169a0ebea.exe
File created	C:\Windows\SysWOW64\macromd\closeups of horny slut serving up sweet hairy bush.mpg.pif	8817ffb8f11d20ffecf206895792adac9f42ce7bdc0d8a3822bae48169a0ebea.exe
File created	C:\Windows\SysWOW64\macromd\wife in kitchen preparing hot pussy for hubby's dinner.mpg.pif	8817ffb8f11d20ffecf206895792adac9f42ce7bdc0d8a3822bae48169a0ebea.exe
File created	C:\Windows\SysWOW64\macromd\Choke on cum (sodomy, rape).mpg.exe	8817ffb8f11d20ffecf206895792adac9f42ce7bdc0d8a3822bae48169a0ebea.exe
File created	C:\Windows\SysWOW64\macromd\amateur spreading more fine ass than stud can handle.mpg.pif	8817ffb8f11d20ffecf206895792adac9f42ce7bdc0d8a3822bae48169a0ebea.exe
File created	C:\Windows\SysWOW64\macromd\yummy lesbos licking wet pussy holes.mpg.pif	8817ffb8f11d20ffecf206895792adac9f42ce7bdc0d8a3822bae48169a0ebea.exe
File created	C:\Windows\SysWOW64\macromd\firm ass honie with thick lips made for sucking rods.mpg.pif	8817ffb8f11d20ffecf206895792adac9f42ce7bdc0d8a3822bae48169a0ebea.exe
File created	C:\Windows\SysWOW64\macromd\babes with great lips that knows how suck cock.mpg.pif	8817ffb8f11d20ffecf206895792adac9f42ce7bdc0d8a3822bae48169a0ebea.exe
File created	C:\Windows\SysWOW64\macromd\babe locking lips around her man's rod in backyard.mpg.pif	8817ffb8f11d20ffecf206895792adac9f42ce7bdc0d8a3822bae48169a0ebea.exe
File created	C:\Windows\SysWOW64\macromd\hot japanese office sex.mpg.pif	8817ffb8f11d20ffecf206895792adac9f42ce7bdc0d8a3822bae48169a0ebea.exe
File created	C:\Windows\SysWOW64\macromd\invisible IP.exe	8817ffb8f11d20ffecf206895792adac9f42ce7bdc0d8a3822bae48169a0ebea.exe
File created	C:\Windows\SysWOW64\macromd\extremely fine hoine with incredible sweet twat.mpg.pif	8817ffb8f11d20ffecf206895792adac9f42ce7bdc0d8a3822bae48169a0ebea.exe
File created	C:\Windows\SysWOW64\macromd\an older fat mom spreading wide.mpg.pif	8817ffb8f11d20ffecf206895792adac9f42ce7bdc0d8a3822bae48169a0ebea.exe
File created	C:\Windows\SysWOW64\macromd\two hot college girl fucking in class.mpg.pif	8817ffb8f11d20ffecf206895792adac9f42ce7bdc0d8a3822bae48169a0ebea.exe
File created	C:\Windows\SysWOW64\macromd\petite ebony enjoying her joy toy.mpg.pif	8817ffb8f11d20ffecf206895792adac9f42ce7bdc0d8a3822bae48169a0ebea.exe

C:\Users\Admin\AppData\Local\Temp\8817ffb8f11d20ffecf206895792adac9f42ce7bdc0d8a3822bae48169a0ebea.exe
"C:\Users\Admin\AppData\Local\Temp\8817ffb8f11d20ffecf206895792adac9f42ce7bdc0d8a3822bae48169a0ebea.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:2012

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2012-54-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/2012-55-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads