742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431

Analysis

max time kernel
109s
max time network
186s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 09:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
Size

73KB
MD5

e4f18f9ab5c915144e39f1920a415e16
SHA1

92e1114602f4d257eace6b65886521d94bab0836
SHA256

742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431
SHA512

25c589f74a824584203fe461ae81dd6e5e7237f4894454315482e9a07e6c412997430c05cd90f1a1d9c8d8b0d579ba4c5f3a958ec4f788ebfa4c9e2927e36818
SSDEEP

1536:5lrsicagdzn8K2ariPOcjk+XQuPVN72NMScBLf9B2j:5JjcF8KfCOcjk+guPVjS4rPc

Score

8^/10

persistence upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1540-132-0x0000000000400000-0x0000000000467000-memory.dmp	upx
behavioral2/memory/1540-133-0x0000000000400000-0x0000000000467000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\hot busty amateur babe stripping and spreading.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\horny teen waking up with her pink pussy spread.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\sunbathing beauties tanning tender pussy lips.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\shanks who serve up smelly pootang.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\jenna jameson - xxx nurse scene.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\yummy lesbos licking.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\neighbor boy fucking grandma after mowing her grass.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\sylvia lauren showing her assets.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\amateur swinger babe sucking on a couple of cocks.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\extremely fine hoine with incredible sweet twat.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\two teenie boppers learning to eat pussy.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\Free Porn.exe	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\divx pro.exe	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\hot babe getting pussy eaten by horny girlfriend.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\hot teeny sucking cock.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\Another bang bus victim forced rape sex cum.mpg.exe	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\jenna jameson - shower scene.exe	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\two studs fucking the hell out of a slut from behind.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\huge titty blonde taking in a full 12 inch cock.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\gangbang tryout with young slut and two studs.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\redhead getting a group facial at a wild party.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\AIM Password Stealer.exe	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\babes with great lips that knows how suck cock.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\GTA 3 Serial.exe	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\two kinky old lezbos snapping the whip.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\cute petite amateur girl spreading her snatch.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\fine babe spreading sweet ass and luscious cunt.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\ebony spreading her pink wet pussy.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\babes getting facials and riding cocks.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\jenna jameson sex scene huge dick blowjob.scr	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\preteen snuff sex rape with a stick hardcore.mpg.pif	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
File created	C:\Windows\SysWOW64\macromd\password stealer.exe	742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe

C:\Users\Admin\AppData\Local\Temp\742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe
"C:\Users\Admin\AppData\Local\Temp\742be62a9f26e7a75626c69bad204b18bbfc7b10048df05b72a7c55292a42431.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:1540

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1540-132-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/1540-133-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download