b56528c6b71632379bbb9184ce0ef02d1a111c915ca748b54228ff42c9b51d7b

General

Target

b56528c6b71632379bbb9184ce0ef02d1a111c915ca748b54228ff42c9b51d7b.exe
Size

79KB
MD5

56d6f898fdf86a556108b8bfea99b990
SHA1

83e9872aefbc97d0dc7e9fc1ab968403b49427b5
SHA256

b56528c6b71632379bbb9184ce0ef02d1a111c915ca748b54228ff42c9b51d7b
SHA512

0400ed0e02a3bff9a1daf26d0b242a3db0c158df9f9b992c1d665942aed7689de6e013bac7d8c562b4a3d6de686d3a5dc62443f709a1f9d808a480ed8f96c659
SSDEEP

1536:5lrsicagdzn8K2ariPOcjk+XQuPVN72NMSAGQvXTlHeU:5JjcF8KfCOcjk+guPVjSbQvXZ+U

Score

8^/10

persistence upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/2752-132-0x0000000000400000-0x0000000000467000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

b56528c6b71632379bbb9184ce0ef02d1a111c915ca748b54228ff42c9b51d7b.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	b56528c6b71632379bbb9184ce0ef02d1a111c915ca748b54228ff42c9b51d7b.exe

Drops file in System32 directory 33 IoCs

Processes:

b56528c6b71632379bbb9184ce0ef02d1a111c915ca748b54228ff42c9b51d7b.exe

description	ioc	process
File created	C:\Windows\SysWOW64\macromd\yahoo hacker.exe	b56528c6b71632379bbb9184ce0ef02d1a111c915ca748b54228ff42c9b51d7b.exe
File created	C:\Windows\SysWOW64\macromd\babes with great lips that knows how suck cock.mpg.pif	b56528c6b71632379bbb9184ce0ef02d1a111c915ca748b54228ff42c9b51d7b.exe
File created	C:\Windows\SysWOW64\macromd\AOL.exe	b56528c6b71632379bbb9184ce0ef02d1a111c915ca748b54228ff42c9b51d7b.exe
File created	C:\Windows\SysWOW64\macromd\GTA 3 Crack.exe	b56528c6b71632379bbb9184ce0ef02d1a111c915ca748b54228ff42c9b51d7b.exe
File created	C:\Windows\SysWOW64\macromd\mature show older pussy and happy to do it.mpg.pif	b56528c6b71632379bbb9184ce0ef02d1a111c915ca748b54228ff42c9b51d7b.exe
File created	C:\Windows\SysWOW64\macromd\swimmingpool threesome fuck suck group sucking.mpg.pif	b56528c6b71632379bbb9184ce0ef02d1a111c915ca748b54228ff42c9b51d7b.exe
File created	C:\Windows\SysWOW64\macromd\Website Hacker.exe	b56528c6b71632379bbb9184ce0ef02d1a111c915ca748b54228ff42c9b51d7b.exe
File created	C:\Windows\SysWOW64\macromd\two interracial lesbians licking each other.mpg.pif	b56528c6b71632379bbb9184ce0ef02d1a111c915ca748b54228ff42c9b51d7b.exe
File created	C:\Windows\SysWOW64\macromd\babes getting big cocks off with lips.mpg.pif	b56528c6b71632379bbb9184ce0ef02d1a111c915ca748b54228ff42c9b51d7b.exe
File created	C:\Windows\SysWOW64\macromd\an older fat mom spreading wide.mpg.pif	b56528c6b71632379bbb9184ce0ef02d1a111c915ca748b54228ff42c9b51d7b.exe
File created	C:\Windows\SysWOW64\macromd\an asian bush getting a cum bath.mpg.pif	b56528c6b71632379bbb9184ce0ef02d1a111c915ca748b54228ff42c9b51d7b.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	b56528c6b71632379bbb9184ce0ef02d1a111c915ca748b54228ff42c9b51d7b.exe
File created	C:\Windows\SysWOW64\macromd\pamela anderson nude.exe	b56528c6b71632379bbb9184ce0ef02d1a111c915ca748b54228ff42c9b51d7b.exe
File created	C:\Windows\SysWOW64\macromd\sexy ass black slut sucking huge cock.mpg.pif	b56528c6b71632379bbb9184ce0ef02d1a111c915ca748b54228ff42c9b51d7b.exe
File created	C:\Windows\SysWOW64\macromd\babe locking lips around her man's rod in backyard.mpg.pif	b56528c6b71632379bbb9184ce0ef02d1a111c915ca748b54228ff42c9b51d7b.exe
File created	C:\Windows\SysWOW64\macromd\brunette fucking in bedroom with boyfriend.mpg.pif	b56528c6b71632379bbb9184ce0ef02d1a111c915ca748b54228ff42c9b51d7b.exe
File created	C:\Windows\SysWOW64\macromd\OfficeXP Keygen.exe	b56528c6b71632379bbb9184ce0ef02d1a111c915ca748b54228ff42c9b51d7b.exe
File created	C:\Windows\SysWOW64\macromd\Play Games Online For FREE.exe	b56528c6b71632379bbb9184ce0ef02d1a111c915ca748b54228ff42c9b51d7b.exe
File created	C:\Windows\SysWOW64\macromd\hardcored blonde mature.mpg.pif	b56528c6b71632379bbb9184ce0ef02d1a111c915ca748b54228ff42c9b51d7b.exe
File created	C:\Windows\SysWOW64\macromd\busty older bitch gets slammed.mpg.pif	b56528c6b71632379bbb9184ce0ef02d1a111c915ca748b54228ff42c9b51d7b.exe
File created	C:\Windows\SysWOW64\macromd\amateur slut with a huge gun.mpg.pif	b56528c6b71632379bbb9184ce0ef02d1a111c915ca748b54228ff42c9b51d7b.exe
File created	C:\Windows\SysWOW64\macromd\Pamela Anderson.exe	b56528c6b71632379bbb9184ce0ef02d1a111c915ca748b54228ff42c9b51d7b.exe
File created	C:\Windows\SysWOW64\macromd\first time anal and she loves it.mpg.pif	b56528c6b71632379bbb9184ce0ef02d1a111c915ca748b54228ff42c9b51d7b.exe
File created	C:\Windows\SysWOW64\macromd\tiny little virgin showing off her cherry pussy.mpg.pif	b56528c6b71632379bbb9184ce0ef02d1a111c915ca748b54228ff42c9b51d7b.exe
File created	C:\Windows\SysWOW64\macromd\Microsoft Office XP (english) key generator.exe	b56528c6b71632379bbb9184ce0ef02d1a111c915ca748b54228ff42c9b51d7b.exe
File created	C:\Windows\SysWOW64\macromd\tenderonie who insist her pussy must always be free.mpg.pif	b56528c6b71632379bbb9184ce0ef02d1a111c915ca748b54228ff42c9b51d7b.exe
File created	C:\Windows\SysWOW64\macromd\huge titty blonde taking in a full 12 inch cock.mpg.pif	b56528c6b71632379bbb9184ce0ef02d1a111c915ca748b54228ff42c9b51d7b.exe
File created	C:\Windows\SysWOW64\macromd\ICQ Hackingtools.exe	b56528c6b71632379bbb9184ce0ef02d1a111c915ca748b54228ff42c9b51d7b.exe
File created	C:\Windows\SysWOW64\macromd\DivX pro key generator.exe	b56528c6b71632379bbb9184ce0ef02d1a111c915ca748b54228ff42c9b51d7b.exe
File created	C:\Windows\SysWOW64\macromd\cool rooster raiding hen house for hot babes, link city.mpg.pif	b56528c6b71632379bbb9184ce0ef02d1a111c915ca748b54228ff42c9b51d7b.exe
File created	C:\Windows\SysWOW64\macromd\hot babe getting pussy eaten by horny girlfriend.mpg.pif	b56528c6b71632379bbb9184ce0ef02d1a111c915ca748b54228ff42c9b51d7b.exe
File created	C:\Windows\SysWOW64\macromd\polish naturals with nice round titties.mpg.pif	b56528c6b71632379bbb9184ce0ef02d1a111c915ca748b54228ff42c9b51d7b.exe
File created	C:\Windows\SysWOW64\macromd\play station emulator crack.exe	b56528c6b71632379bbb9184ce0ef02d1a111c915ca748b54228ff42c9b51d7b.exe

C:\Users\Admin\AppData\Local\Temp\b56528c6b71632379bbb9184ce0ef02d1a111c915ca748b54228ff42c9b51d7b.exe
"C:\Users\Admin\AppData\Local\Temp\b56528c6b71632379bbb9184ce0ef02d1a111c915ca748b54228ff42c9b51d7b.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:2752

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2752-132-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads