e11150f2cb67ab96df0aac1fa168aa20caab4c9fc7dc218c154b1be76b1eaaa9

General

Target

e11150f2cb67ab96df0aac1fa168aa20caab4c9fc7dc218c154b1be76b1eaaa9.exe
Size

147KB
MD5

42e03fc8558e51059e35039524b3e3b0
SHA1

df340fa089ea208ac010f52172c0bc162d0a8f42
SHA256

e11150f2cb67ab96df0aac1fa168aa20caab4c9fc7dc218c154b1be76b1eaaa9
SHA512

c5eb85a7f300e89ab6f9d7ccdd95bebe4e9efe5f1a58f6863ca3db81ec79aeda06657013c666652958073bb4221e458d4581d9b003d0ee0a6b8b46941e1b61c9
SSDEEP

3072:jmVW8iTX/3RfldjjXq1+0cxxsWEL02fXcIp08MoepTIwzs:aM7jJlRexYTHYZMpTHzs

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

e11150f2cb67ab96df0aac1fa168aa20caab4c9fc7dc218c154b1be76b1eaaa9.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	e11150f2cb67ab96df0aac1fa168aa20caab4c9fc7dc218c154b1be76b1eaaa9.exe

Drops file in System32 directory 33 IoCs

Processes:

e11150f2cb67ab96df0aac1fa168aa20caab4c9fc7dc218c154b1be76b1eaaa9.exe

description	ioc	process
File created	C:\Windows\SysWOW64\macromd\cute blonde cheerleader dancing.mpg.pif	e11150f2cb67ab96df0aac1fa168aa20caab4c9fc7dc218c154b1be76b1eaaa9.exe
File created	C:\Windows\SysWOW64\macromd\busty older bitch gets slammed.mpg.pif	e11150f2cb67ab96df0aac1fa168aa20caab4c9fc7dc218c154b1be76b1eaaa9.exe
File created	C:\Windows\SysWOW64\macromd\robin throating and fucking.mpg.pif	e11150f2cb67ab96df0aac1fa168aa20caab4c9fc7dc218c154b1be76b1eaaa9.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	e11150f2cb67ab96df0aac1fa168aa20caab4c9fc7dc218c154b1be76b1eaaa9.exe
File created	C:\Windows\SysWOW64\macromd\Pamela Anderson.exe	e11150f2cb67ab96df0aac1fa168aa20caab4c9fc7dc218c154b1be76b1eaaa9.exe
File created	C:\Windows\SysWOW64\macromd\blonde beauty ass fucked.mpg.pif	e11150f2cb67ab96df0aac1fa168aa20caab4c9fc7dc218c154b1be76b1eaaa9.exe
File created	C:\Windows\SysWOW64\macromd\blonde doing dildo outdoors.mpg.pif	e11150f2cb67ab96df0aac1fa168aa20caab4c9fc7dc218c154b1be76b1eaaa9.exe
File created	C:\Windows\SysWOW64\macromd\sexy star kate hudson nude.mpg.pif	e11150f2cb67ab96df0aac1fa168aa20caab4c9fc7dc218c154b1be76b1eaaa9.exe
File created	C:\Windows\SysWOW64\macromd\GTA3 crack.exe	e11150f2cb67ab96df0aac1fa168aa20caab4c9fc7dc218c154b1be76b1eaaa9.exe
File created	C:\Windows\SysWOW64\macromd\chicks working orgasm from dude's cock as a present.mpg.pif	e11150f2cb67ab96df0aac1fa168aa20caab4c9fc7dc218c154b1be76b1eaaa9.exe
File created	C:\Windows\SysWOW64\macromd\babes letting dudes assault their furballs.mpg.pif	e11150f2cb67ab96df0aac1fa168aa20caab4c9fc7dc218c154b1be76b1eaaa9.exe
File created	C:\Windows\SysWOW64\macromd\teen with her legs wide and fingers in her wet cunt.mpg.pif	e11150f2cb67ab96df0aac1fa168aa20caab4c9fc7dc218c154b1be76b1eaaa9.exe
File created	C:\Windows\SysWOW64\macromd\asian slut with puffy exotic lips.mpg.pif	e11150f2cb67ab96df0aac1fa168aa20caab4c9fc7dc218c154b1be76b1eaaa9.exe
File created	C:\Windows\SysWOW64\macromd\hot japanese office sex.mpg.pif	e11150f2cb67ab96df0aac1fa168aa20caab4c9fc7dc218c154b1be76b1eaaa9.exe
File created	C:\Windows\SysWOW64\macromd\hot babe getting pussy eaten by horny girlfriend.mpg.pif	e11150f2cb67ab96df0aac1fa168aa20caab4c9fc7dc218c154b1be76b1eaaa9.exe
File created	C:\Windows\SysWOW64\macromd\sunbathing beauties tanning tender pussy lips.mpg.pif	e11150f2cb67ab96df0aac1fa168aa20caab4c9fc7dc218c154b1be76b1eaaa9.exe
File created	C:\Windows\SysWOW64\macromd\horny little blonde spreading pink.mpg.pif	e11150f2cb67ab96df0aac1fa168aa20caab4c9fc7dc218c154b1be76b1eaaa9.exe
File created	C:\Windows\SysWOW64\macromd\teen tied up and raped.exe	e11150f2cb67ab96df0aac1fa168aa20caab4c9fc7dc218c154b1be76b1eaaa9.exe
File created	C:\Windows\SysWOW64\macromd\movie of mom who whip hot ass on daughter's big cock lover.mpg.pif	e11150f2cb67ab96df0aac1fa168aa20caab4c9fc7dc218c154b1be76b1eaaa9.exe
File created	C:\Windows\SysWOW64\macromd\twin sisters tag teaming neighbors cock.mpg.pif	e11150f2cb67ab96df0aac1fa168aa20caab4c9fc7dc218c154b1be76b1eaaa9.exe
File created	C:\Windows\SysWOW64\macromd\trio having hardcore fucking fun.mpg.pif	e11150f2cb67ab96df0aac1fa168aa20caab4c9fc7dc218c154b1be76b1eaaa9.exe
File created	C:\Windows\SysWOW64\macromd\uptown girl with great ass that should be illegal.mpg.pif	e11150f2cb67ab96df0aac1fa168aa20caab4c9fc7dc218c154b1be76b1eaaa9.exe
File created	C:\Windows\SysWOW64\macromd\15 year old on beach.mpg.exe	e11150f2cb67ab96df0aac1fa168aa20caab4c9fc7dc218c154b1be76b1eaaa9.exe
File created	C:\Windows\SysWOW64\macromd\OfficeXP Keygen.exe	e11150f2cb67ab96df0aac1fa168aa20caab4c9fc7dc218c154b1be76b1eaaa9.exe
File created	C:\Windows\SysWOW64\macromd\honies letting dudes flush mouths full of hot cum.mpg.pif	e11150f2cb67ab96df0aac1fa168aa20caab4c9fc7dc218c154b1be76b1eaaa9.exe
File created	C:\Windows\SysWOW64\macromd\young slut being pound in all her tight holes.mpg.pif	e11150f2cb67ab96df0aac1fa168aa20caab4c9fc7dc218c154b1be76b1eaaa9.exe
File created	C:\Windows\SysWOW64\macromd\firm ass honie with thick lips made for sucking rods.mpg.pif	e11150f2cb67ab96df0aac1fa168aa20caab4c9fc7dc218c154b1be76b1eaaa9.exe
File created	C:\Windows\SysWOW64\macromd\fun slut who let dude eat her off in jacuzzi.mpg.pif	e11150f2cb67ab96df0aac1fa168aa20caab4c9fc7dc218c154b1be76b1eaaa9.exe
File created	C:\Windows\SysWOW64\macromd\mature show older pussy and happy to do it.mpg.pif	e11150f2cb67ab96df0aac1fa168aa20caab4c9fc7dc218c154b1be76b1eaaa9.exe
File created	C:\Windows\SysWOW64\macromd\chick weeing in her pants.mpg.pif	e11150f2cb67ab96df0aac1fa168aa20caab4c9fc7dc218c154b1be76b1eaaa9.exe
File created	C:\Windows\SysWOW64\macromd\black girl gets dildo wet.mpg.pif	e11150f2cb67ab96df0aac1fa168aa20caab4c9fc7dc218c154b1be76b1eaaa9.exe
File created	C:\Windows\SysWOW64\macromd\hotties sucking boobs and eating snatch in large bed.mpg.pif	e11150f2cb67ab96df0aac1fa168aa20caab4c9fc7dc218c154b1be76b1eaaa9.exe
File created	C:\Windows\SysWOW64\macromd\hard 3 way fuck in car shop.mpg.pif	e11150f2cb67ab96df0aac1fa168aa20caab4c9fc7dc218c154b1be76b1eaaa9.exe

C:\Users\Admin\AppData\Local\Temp\e11150f2cb67ab96df0aac1fa168aa20caab4c9fc7dc218c154b1be76b1eaaa9.exe
"C:\Users\Admin\AppData\Local\Temp\e11150f2cb67ab96df0aac1fa168aa20caab4c9fc7dc218c154b1be76b1eaaa9.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:900

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads