a0cad1a2203322b4307c50b49e3fb8d8034d6b199859ed58469367bd73accea8

Analysis

max time kernel
23s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 01:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a0cad1a2203322b4307c50b49e3fb8d8034d6b199859ed58469367bd73accea8.exe
Size

96KB
MD5

dce06cb7e5b90459e30e874a0b611f15
SHA1

4df3241c978efdf0ba94b95f4ad5873bf573f013
SHA256

a0cad1a2203322b4307c50b49e3fb8d8034d6b199859ed58469367bd73accea8
SHA512

34c67671a3de7b1dff0f00941d908cec5ed15383294f04481dd1e8cfc86322bdca9dbb5d619c8682ca86ed4507786d345a84a1bfb8da2b04fca0d8c0ea8fb67c
SSDEEP

3072:5JjcF8KfCOcjk+guPVjS4rPbygbtfsnKWl:5JonkkxudprPWgbtfuKWl

Score

8^/10

persistence upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1060-54-0x0000000000400000-0x0000000000467000-memory.dmp	upx
behavioral1/memory/1060-55-0x0000000000400000-0x0000000000467000-memory.dmp	upx
behavioral1/memory/1060-56-0x0000000000400000-0x0000000000467000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	a0cad1a2203322b4307c50b49e3fb8d8034d6b199859ed58469367bd73accea8.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\busty ebony girl showing shaved pus.mpg.pif	a0cad1a2203322b4307c50b49e3fb8d8034d6b199859ed58469367bd73accea8.exe
File created	C:\Windows\SysWOW64\macromd\Kama Sutra Tetris.exe	a0cad1a2203322b4307c50b49e3fb8d8034d6b199859ed58469367bd73accea8.exe
File created	C:\Windows\SysWOW64\macromd\MSN.exe	a0cad1a2203322b4307c50b49e3fb8d8034d6b199859ed58469367bd73accea8.exe
File created	C:\Windows\SysWOW64\macromd\warcraft 3 crack.exe	a0cad1a2203322b4307c50b49e3fb8d8034d6b199859ed58469367bd73accea8.exe
File created	C:\Windows\SysWOW64\macromd\firm ass honie with thick lips made for sucking rods.mpg.pif	a0cad1a2203322b4307c50b49e3fb8d8034d6b199859ed58469367bd73accea8.exe
File created	C:\Windows\SysWOW64\macromd\old man fucking young blonde teen.mpg.pif	a0cad1a2203322b4307c50b49e3fb8d8034d6b199859ed58469367bd73accea8.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	a0cad1a2203322b4307c50b49e3fb8d8034d6b199859ed58469367bd73accea8.exe
File created	C:\Windows\SysWOW64\macromd\Xbox Iso 2 Rom Converter.exe	a0cad1a2203322b4307c50b49e3fb8d8034d6b199859ed58469367bd73accea8.exe
File created	C:\Windows\SysWOW64\macromd\babes taking turns munching on hot beavers.mpg.pif	a0cad1a2203322b4307c50b49e3fb8d8034d6b199859ed58469367bd73accea8.exe
File created	C:\Windows\SysWOW64\macromd\head rooster pimping hot little tender ass chickens.mpg.pif	a0cad1a2203322b4307c50b49e3fb8d8034d6b199859ed58469367bd73accea8.exe
File created	C:\Windows\SysWOW64\macromd\hot actress heather graham naked.mpg.pif	a0cad1a2203322b4307c50b49e3fb8d8034d6b199859ed58469367bd73accea8.exe
File created	C:\Windows\SysWOW64\macromd\large lesbo sluts in bondage.mpg.pif	a0cad1a2203322b4307c50b49e3fb8d8034d6b199859ed58469367bd73accea8.exe
File created	C:\Windows\SysWOW64\macromd\young and mature babes working soft juggs.mpg.pif	a0cad1a2203322b4307c50b49e3fb8d8034d6b199859ed58469367bd73accea8.exe
File created	C:\Windows\SysWOW64\macromd\GTA 3 Crack.exe	a0cad1a2203322b4307c50b49e3fb8d8034d6b199859ed58469367bd73accea8.exe
File created	C:\Windows\SysWOW64\macromd\fine babe spreading extremely hot ass and furball.mpg.pif	a0cad1a2203322b4307c50b49e3fb8d8034d6b199859ed58469367bd73accea8.exe
File created	C:\Windows\SysWOW64\macromd\babe leading pussy-whipped stud around by her cunt.mpg.pif	a0cad1a2203322b4307c50b49e3fb8d8034d6b199859ed58469367bd73accea8.exe
File created	C:\Windows\SysWOW64\macromd\babe doing boyfriend and his buddy.mpg.pif	a0cad1a2203322b4307c50b49e3fb8d8034d6b199859ed58469367bd73accea8.exe
File created	C:\Windows\SysWOW64\macromd\jenna jameson - shower scene.exe	a0cad1a2203322b4307c50b49e3fb8d8034d6b199859ed58469367bd73accea8.exe
File created	C:\Windows\SysWOW64\macromd\icqcracker.exe	a0cad1a2203322b4307c50b49e3fb8d8034d6b199859ed58469367bd73accea8.exe
File created	C:\Windows\SysWOW64\macromd\euro moma with big headlights and scrumptous ass.mpg.pif	a0cad1a2203322b4307c50b49e3fb8d8034d6b199859ed58469367bd73accea8.exe
File created	C:\Windows\SysWOW64\macromd\cute petite amateur girl spreading her snatch.mpg.pif	a0cad1a2203322b4307c50b49e3fb8d8034d6b199859ed58469367bd73accea8.exe
File created	C:\Windows\SysWOW64\macromd\busty older bitch gets slammed.mpg.pif	a0cad1a2203322b4307c50b49e3fb8d8034d6b199859ed58469367bd73accea8.exe
File created	C:\Windows\SysWOW64\macromd\old lady in bra and corset with dildo.mpg.pif	a0cad1a2203322b4307c50b49e3fb8d8034d6b199859ed58469367bd73accea8.exe
File created	C:\Windows\SysWOW64\macromd\fine babe spreading sweet ass and luscious cunt.mpg.pif	a0cad1a2203322b4307c50b49e3fb8d8034d6b199859ed58469367bd73accea8.exe
File created	C:\Windows\SysWOW64\macromd\bottle blonde tramp sucking a dick dry.mpg.pif	a0cad1a2203322b4307c50b49e3fb8d8034d6b199859ed58469367bd73accea8.exe
File created	C:\Windows\SysWOW64\macromd\yahoo cracker.exe	a0cad1a2203322b4307c50b49e3fb8d8034d6b199859ed58469367bd73accea8.exe
File created	C:\Windows\SysWOW64\macromd\Free Porn.exe	a0cad1a2203322b4307c50b49e3fb8d8034d6b199859ed58469367bd73accea8.exe
File created	C:\Windows\SysWOW64\macromd\bigger chunky girl with huge tits posing in the buff.mpg.pif	a0cad1a2203322b4307c50b49e3fb8d8034d6b199859ed58469367bd73accea8.exe
File created	C:\Windows\SysWOW64\macromd\teen spreading in the kitchen.mpg.pif	a0cad1a2203322b4307c50b49e3fb8d8034d6b199859ed58469367bd73accea8.exe
File created	C:\Windows\SysWOW64\macromd\babes with an assortment of delicious big juggs.mpg.pif	a0cad1a2203322b4307c50b49e3fb8d8034d6b199859ed58469367bd73accea8.exe
File created	C:\Windows\SysWOW64\macromd\both holes fucked by a massive fucking machin.mpg.pif	a0cad1a2203322b4307c50b49e3fb8d8034d6b199859ed58469367bd73accea8.exe
File created	C:\Windows\SysWOW64\macromd\holes fisting to the breaking point.mpg.pif	a0cad1a2203322b4307c50b49e3fb8d8034d6b199859ed58469367bd73accea8.exe
File created	C:\Windows\SysWOW64\macromd\farmgirl that turned into college slut.mpg.pif	a0cad1a2203322b4307c50b49e3fb8d8034d6b199859ed58469367bd73accea8.exe

C:\Users\Admin\AppData\Local\Temp\a0cad1a2203322b4307c50b49e3fb8d8034d6b199859ed58469367bd73accea8.exe
"C:\Users\Admin\AppData\Local\Temp\a0cad1a2203322b4307c50b49e3fb8d8034d6b199859ed58469367bd73accea8.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:1060

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1060-54-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/1060-55-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/1060-56-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download