Overview

overview

9

Static

static

7

BruteForce...te.exe

windows10-2004-x64

7

BruteForce...er.exe

windows10-2004-x64

7

BruteForce...32.exe

windows10-2004-x64

3

BruteForce....1.exe

windows10-2004-x64

7

BruteForce...er.exe

windows10-2004-x64

7

BruteForce...st.exe

windows10-2004-x64

7

BruteForce...O2.exe

windows10-2004-x64

7

BruteForce...er.exe

windows10-2004-x64

7

BruteForce...to.exe

windows10-2004-x64

7

BruteForce...er.exe

windows10-2004-x64

7

BruteForce...32.exe

windows10-2004-x64

7

BruteForce...AM.exe

windows10-2004-x64

9

BruteForce...er.exe

windows10-2004-x64

7

BruteForce...ce.exe

windows10-2004-x64

9

BruteForce...te.exe

windows10-2004-x64

7

BruteForce...er.exe

windows10-2004-x64

7

BruteForce...gs.exe

windows10-2004-x64

7

BruteForce...te.exe

windows10-2004-x64

7

BruteForce...er.exe

windows10-2004-x64

7

BruteForce...mt.exe

windows10-2004-x64

5

BruteForce...er.exe

windows10-2004-x64

7

BruteForce...ti.exe

windows10-2004-x64

1

BruteForce...ER.exe

windows10-2004-x64

7

BruteForce...ck.exe

windows10-2004-x64

7

BruteForce...er.exe

windows10-2004-x64

7

BruteForce...ET.exe

windows10-2004-x64

3

BruteForce...ce.exe

windows10-2004-x64

7

BruteForce...er.exe

windows10-2004-x64

7

BruteForce...ys.exe

windows10-2004-x64

1

BruteForce...AM.exe

windows10-2004-x64

7

BruteForce...er.exe

windows10-2004-x64

7

BruteForce...ml.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    31s
  • max time network
    42s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230621-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-06-2023 22:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    BruteForcers PACK/BruteForcers PACK/PORNHUB BRUTER CHECKER 2022/PORNHUB BRUTER.exe

  • Size

    179KB

  • MD5

    4ba3cee14df6c818fb2f92a628426870

  • SHA1

    0ba7d121915d5b99dc56ad2d0c780fd300a1f53b

  • SHA256

    e1b8f55a342cdced0434b71883fa6509ea061132a9fdfe96ca14b68da8d17173

  • SHA512

    832f2b4b95954509ead01746d5fcb0a80b94100f786db2ab97f0e9ac9a91ad343502002bf672421538ba6bc35d05b11bca504185af9f17e99c794c089b5dd95c

  • SSDEEP

    768:6ec4lj/4ePn4wrgszN0cgqlqbjOrJIUKh4SL8tM3J:y4lceP37Z0vuI7j

Score
7/10
persistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 1 IoCs
  • Executes dropped EXE 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 9 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\BruteForcers PACK\BruteForcers PACK\PORNHUB BRUTER CHECKER 2022\PORNHUB BRUTER.exe
    "C:\Users\Admin\AppData\Local\Temp\BruteForcers PACK\BruteForcers PACK\PORNHUB BRUTER CHECKER 2022\PORNHUB BRUTER.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4956
    • C:\Users\Admin\AppData\Local\Temp\BruteForcers PACK\BruteForcers PACK\PORNHUB BRUTER CHECKER 2022\DATA\Launcher.exe
      "C:\Users\Admin\AppData\Local\Temp\BruteForcers PACK\BruteForcers PACK\PORNHUB BRUTER CHECKER 2022\DATA\Launcher.exe"
      2⤵
      • Drops startup file
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4420
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" add-mppreference -exclusionpath C:\Windows\IMF\
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:804
      • C:\Windows\IMF\Windows Services.exe
        "C:\Windows\IMF\Windows Services.exe" {Arguments If Needed}
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1504
        • C:\Windows\IMF\Secure System Shell.exe
          "C:\Windows\IMF\Secure System Shell.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:3800
        • C:\Windows\IMF\Runtime Explorer.exe
          "C:\Windows\IMF\Runtime Explorer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious use of SetWindowsHookEx
          PID:232
    • C:\Users\Admin\AppData\Local\Temp\BruteForcers PACK\BruteForcers PACK\PORNHUB BRUTER CHECKER 2022\DATA\xpti.exe
      "C:\Users\Admin\AppData\Local\Temp\BruteForcers PACK\BruteForcers PACK\PORNHUB BRUTER CHECKER 2022\DATA\xpti.exe"
      2⤵
        PID:4072

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_jucijs5j.420.ps1
      Filesize

      60B

      MD5

      d17fe0a3f47be24a6453e9ef58c94641

      SHA1

      6ab83620379fc69f80c0242105ddffd7d98d5d9d

      SHA256

      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

      SHA512

      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

      Download Submit

    • C:\Windows\IMF\Runtime Explorer.exe
      Filesize

      144KB

      MD5

      ec70c6f4dc443c5ab2b91d64ae04fa8e

      SHA1

      43eb3b3289782fced204f0b4e3edad2ba1b085b7

      SHA256

      276f1bfc6256f4c1ddd544d5a556d299ebddcf200a64ee7c9c3edef686df727d

      SHA512

      6217c232edbcf60ae1337120aa9b51956e06f591c660fd720b02fe8abf01923dd4dca28f69ece88c12c705a4c3a392d0cbb6f4f6c6759306123db141ed05d584

      Download Submit

    • C:\Windows\IMF\Runtime Explorer.exe
      Filesize

      144KB

      MD5

      ec70c6f4dc443c5ab2b91d64ae04fa8e

      SHA1

      43eb3b3289782fced204f0b4e3edad2ba1b085b7

      SHA256

      276f1bfc6256f4c1ddd544d5a556d299ebddcf200a64ee7c9c3edef686df727d

      SHA512

      6217c232edbcf60ae1337120aa9b51956e06f591c660fd720b02fe8abf01923dd4dca28f69ece88c12c705a4c3a392d0cbb6f4f6c6759306123db141ed05d584

      Download Submit

    • C:\Windows\IMF\Runtime Explorer.exe
      Filesize

      144KB

      MD5

      ec70c6f4dc443c5ab2b91d64ae04fa8e

      SHA1

      43eb3b3289782fced204f0b4e3edad2ba1b085b7

      SHA256

      276f1bfc6256f4c1ddd544d5a556d299ebddcf200a64ee7c9c3edef686df727d

      SHA512

      6217c232edbcf60ae1337120aa9b51956e06f591c660fd720b02fe8abf01923dd4dca28f69ece88c12c705a4c3a392d0cbb6f4f6c6759306123db141ed05d584

      Download Submit

    • C:\Windows\IMF\Secure System Shell.exe
      Filesize

      45KB

      MD5

      7d0c7359e5b2daa5665d01afdc98cc00

      SHA1

      c3cc830c8ffd0f53f28d89dcd9f3426be87085cb

      SHA256

      f1abd5ab03189e82971513e6ca04bd372fcf234d670079888f01cf4addd49809

      SHA512

      a8f82b11b045d8dd744506f4f56f3382b33a03684a6aebc91a02ea901c101b91cb43b7d0213f72f39cbb22f616ecd5de8b9e6c99fb5669f26a3ea6bcb63c8407

      Download Submit

    • C:\Windows\IMF\Secure System Shell.exe
      Filesize

      45KB

      MD5

      7d0c7359e5b2daa5665d01afdc98cc00

      SHA1

      c3cc830c8ffd0f53f28d89dcd9f3426be87085cb

      SHA256

      f1abd5ab03189e82971513e6ca04bd372fcf234d670079888f01cf4addd49809

      SHA512

      a8f82b11b045d8dd744506f4f56f3382b33a03684a6aebc91a02ea901c101b91cb43b7d0213f72f39cbb22f616ecd5de8b9e6c99fb5669f26a3ea6bcb63c8407

      Download Submit

    • C:\Windows\IMF\Secure System Shell.exe
      Filesize

      45KB

      MD5

      7d0c7359e5b2daa5665d01afdc98cc00

      SHA1

      c3cc830c8ffd0f53f28d89dcd9f3426be87085cb

      SHA256

      f1abd5ab03189e82971513e6ca04bd372fcf234d670079888f01cf4addd49809

      SHA512

      a8f82b11b045d8dd744506f4f56f3382b33a03684a6aebc91a02ea901c101b91cb43b7d0213f72f39cbb22f616ecd5de8b9e6c99fb5669f26a3ea6bcb63c8407

      Download Submit

    • C:\Windows\IMF\Windows Services.exe
      Filesize

      46KB

      MD5

      ad0ce1302147fbdfecaec58480eb9cf9

      SHA1

      874efbc76e5f91bc1425a43ea19400340f98d42b

      SHA256

      2c339b52b82e73b4698a0110cdfe310c00c5c69078e9e1bd6fa1308652bf82a3

      SHA512

      adccd5520e01b673c2fc5c451305fe31b1a3e74891aece558f75fefc50218adf1fb81bb8c7f19969929d3fecb0fdb2cb5b564400d51e0a5a1ad8d5bc2d4eed53

      Download Submit

    • C:\Windows\IMF\Windows Services.exe
      Filesize

      46KB

      MD5

      ad0ce1302147fbdfecaec58480eb9cf9

      SHA1

      874efbc76e5f91bc1425a43ea19400340f98d42b

      SHA256

      2c339b52b82e73b4698a0110cdfe310c00c5c69078e9e1bd6fa1308652bf82a3

      SHA512

      adccd5520e01b673c2fc5c451305fe31b1a3e74891aece558f75fefc50218adf1fb81bb8c7f19969929d3fecb0fdb2cb5b564400d51e0a5a1ad8d5bc2d4eed53

      Download Submit

    • C:\Windows\IMF\Windows Services.exe
      Filesize

      46KB

      MD5

      ad0ce1302147fbdfecaec58480eb9cf9

      SHA1

      874efbc76e5f91bc1425a43ea19400340f98d42b

      SHA256

      2c339b52b82e73b4698a0110cdfe310c00c5c69078e9e1bd6fa1308652bf82a3

      SHA512

      adccd5520e01b673c2fc5c451305fe31b1a3e74891aece558f75fefc50218adf1fb81bb8c7f19969929d3fecb0fdb2cb5b564400d51e0a5a1ad8d5bc2d4eed53

      Download Submit

    • memory/804-213-0x0000000070B80000-0x0000000070BCC000-memory.dmp

      Filesize

      304KB

      Download

    • memory/804-202-0x00000000067E0000-0x00000000067FE000-memory.dmp

      Filesize

      120KB

      Download

    • memory/804-232-0x0000000007E00000-0x0000000007E08000-memory.dmp

      Filesize

      32KB

      Download

    • memory/804-147-0x0000000002F10000-0x0000000002F46000-memory.dmp

      Filesize

      216KB

      Download

    • memory/804-148-0x0000000005A60000-0x0000000006088000-memory.dmp

      Filesize

      6.2MB

      Download

    • memory/804-231-0x0000000007E20000-0x0000000007E3A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/804-230-0x0000000007D10000-0x0000000007D1E000-memory.dmp

      Filesize

      56KB

      Download

    • memory/804-151-0x0000000002EE0000-0x0000000002EF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/804-152-0x0000000005710000-0x0000000005732000-memory.dmp

      Filesize

      136KB

      Download

    • memory/804-155-0x00000000058B0000-0x0000000005916000-memory.dmp

      Filesize

      408KB

      Download

    • memory/804-156-0x0000000006090000-0x00000000060F6000-memory.dmp

      Filesize

      408KB

      Download

    • memory/804-229-0x0000000007D60000-0x0000000007DF6000-memory.dmp

      Filesize

      600KB

      Download

    • memory/804-228-0x0000000007B50000-0x0000000007B5A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/804-227-0x0000000007AE0000-0x0000000007AFA000-memory.dmp

      Filesize

      104KB

      Download

    • memory/804-226-0x0000000008130000-0x00000000087AA000-memory.dmp

      Filesize

      6.5MB

      Download

    • memory/804-225-0x000000007F960000-0x000000007F970000-memory.dmp

      Filesize

      64KB

      Download

    • memory/804-224-0x0000000002EE0000-0x0000000002EF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/804-223-0x0000000006D40000-0x0000000006D5E000-memory.dmp

      Filesize

      120KB

      Download

    • memory/804-212-0x00000000077B0000-0x00000000077E2000-memory.dmp

      Filesize

      200KB

      Download

    • memory/1504-203-0x0000000004D30000-0x0000000004D40000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1504-201-0x0000000000380000-0x0000000000392000-memory.dmp

      Filesize

      72KB

      Download

    • memory/1504-236-0x0000000004D30000-0x0000000004D40000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3800-211-0x0000000005930000-0x0000000005940000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3800-237-0x0000000005930000-0x0000000005940000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3800-208-0x0000000000F80000-0x0000000000F92000-memory.dmp

      Filesize

      72KB

      Download

    • memory/4072-146-0x0000000002470000-0x000000000248C000-memory.dmp

      Filesize

      112KB

      Download

    • memory/4072-235-0x000000001B3E0000-0x000000001B3F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4072-144-0x0000000002440000-0x000000000244A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/4072-150-0x000000001B3E0000-0x000000001B3F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4072-142-0x0000000000530000-0x000000000053A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/4420-145-0x0000000004C10000-0x0000000004C20000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4420-149-0x0000000004C10000-0x0000000004C20000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4420-186-0x0000000005D30000-0x0000000005D4E000-memory.dmp

      Filesize

      120KB

      Download

    • memory/4420-185-0x0000000005D50000-0x0000000005DC6000-memory.dmp

      Filesize

      472KB

      Download

    • memory/4420-140-0x0000000000290000-0x00000000002A4000-memory.dmp

      Filesize

      80KB

      Download

    • memory/4420-143-0x0000000006170000-0x00000000061EE000-memory.dmp

      Filesize

      504KB

      Download

    • memory/4956-134-0x0000000005220000-0x00000000052BC000-memory.dmp

      Filesize

      624KB

      Download

    • memory/4956-139-0x0000000005520000-0x0000000005530000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4956-133-0x0000000000890000-0x00000000008C2000-memory.dmp

      Filesize

      200KB

      Download

    • memory/4956-138-0x0000000005530000-0x0000000005586000-memory.dmp

      Filesize

      344KB

      Download

    • memory/4956-135-0x0000000005880000-0x0000000005E24000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/4956-136-0x0000000005370000-0x0000000005402000-memory.dmp

      Filesize

      584KB

      Download

    • memory/4956-137-0x0000000005300000-0x000000000530A000-memory.dmp

      Filesize

      40KB

      Download