742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431

Analysis

max time kernel
56s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 09:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
Size

73KB
MD5

e4f18f9ab5c915144e39f1920a415e16
SHA1

92e1114602f4d257eace6b65886521d94bab0836
SHA256

742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431
SHA512

25c589f74a824584203fe461ae81dd6e5e7237f4894454315482e9a07e6c412997430c05cd90f1a1d9c8d8b0d579ba4c5f3a958ec4f788ebfa4c9e2927e36818
SSDEEP

1536:5lrsicagdzn8K2ariPOcjk+XQuPVN72NMScBLf9B2j:5JjcF8KfCOcjk+guPVjS4rPc

Score

8^/10

persistence upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1640-54-0x0000000000400000-0x0000000000467000-memory.dmp	upx
behavioral1/memory/1640-55-0x0000000000400000-0x0000000000467000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\head rooster pimping hot little tender ass chickens.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\busty asian with big lips.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\sexy babe drinking hot jizz load.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\cum hungry teen in action.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\blonde with titts and cunt sending chills thru cock.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\Nokia Unloker (most models).exe	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\gay guy with a screwing machine.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\hot teeny sucking cock.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\GTA 3 Serial.exe	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\Flash Golf.exe	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\nude.exe	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\fine babe spreading extremely hot ass and furball.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\bad gal being tied and bound.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\gorgious babe who quit school to model pretty pink.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\maid's vagina plowed by big cock.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\showing some hot girls share cock.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\aimhacker.exe	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\slut mouth open wide to take dick in.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\patricia arquette showing her tits.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\honie with a ka-boom hot ass and delicious cunt.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\hot blonde teen sucking old dick.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\cute young tart on a lucky dudes cum shooter.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\siemens unlocker.exe	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\girls gone wild.mpg.exe	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\pamela anderson naked.mpg.exe	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\young teen slut with a huge cock in her mouth.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\spying on gals in toilet.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\an older fat mom spreading wide.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\firm ass honie with thick lips made for sucking rods.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\two studs fucking the hell out of a slut from behind.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\babes with oversized hooters spreading.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\Website Hacker.exe	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe

C:\Users\Admin\AppData\Local\Temp\742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
"C:\Users\Admin\AppData\Local\Temp\742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:1640

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1640-54-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/1640-55-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download