21721becfafaa207a00b205265016930a6c49f89fda8f670d3dbb9920aed9a2c

Analysis

max time kernel
121s
max time network
135s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12-10-2023 12:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4815651a017ac48039d825a607e4c630_JC.exe
Size

81KB
MD5

4815651a017ac48039d825a607e4c630
SHA1

6872c624ac688830341e1f319549b9ab2197446d
SHA256

21721becfafaa207a00b205265016930a6c49f89fda8f670d3dbb9920aed9a2c
SHA512

b6d86523d6de4066809d51f10e0166bad147d787dfdc400d75e4b0a3cc1e689c02b0e2b24e9e222482b297578616a4435b83a7f911634aa91f5ed453a509d9d1
SSDEEP

1536:5lrsicagdzn8K2ariPOcjk+XQuPVN72NMSVU2QOL0uV4g7lrgS:5JjcF8KfCOcjk+guPVjSV6OL0ud

Score

7^/10

persistence upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1312-0-0x0000000000400000-0x0000000000467000-memory.dmp	upx
behavioral1/files/0x000700000001468b-6.dat	upx
behavioral1/memory/1312-34-0x0000000000400000-0x0000000000467000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	4815651a017ac48039d825a607e4c630_JC.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\two teen lesbians with dildo having fun.mpg.pif	4815651a017ac48039d825a607e4c630_JC.exe
File created	C:\Windows\SysWOW64\macromd\msncracker.exe	4815651a017ac48039d825a607e4c630_JC.exe
File created	C:\Windows\SysWOW64\macromd\girls gone wild.mpg.exe	4815651a017ac48039d825a607e4c630_JC.exe
File created	C:\Windows\SysWOW64\macromd\nymph enjoys fisting all the way to the elbow.mpg.pif	4815651a017ac48039d825a607e4c630_JC.exe
File created	C:\Windows\SysWOW64\macromd\closeups of horny slut serving up sweet hairy bush.mpg.pif	4815651a017ac48039d825a607e4c630_JC.exe
File created	C:\Windows\SysWOW64\macromd\teen spreading in the kitchen.mpg.pif	4815651a017ac48039d825a607e4c630_JC.exe
File created	C:\Windows\SysWOW64\macromd\AIM Account Stealer.exe	4815651a017ac48039d825a607e4c630_JC.exe
File created	C:\Windows\SysWOW64\macromd\two studs fucking the hell out of a slut from behind.mpg.pif	4815651a017ac48039d825a607e4c630_JC.exe
File created	C:\Windows\SysWOW64\macromd\amateur spreading more fine ass than stud can handle.mpg.pif	4815651a017ac48039d825a607e4c630_JC.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	4815651a017ac48039d825a607e4c630_JC.exe
File created	C:\Windows\SysWOW64\macromd\Kama Sutra Tetris.exe	4815651a017ac48039d825a607e4c630_JC.exe
File created	C:\Windows\SysWOW64\macromd\divx pro.exe	4815651a017ac48039d825a607e4c630_JC.exe
File created	C:\Windows\SysWOW64\macromd\Counter Strike CD Keygen.exe	4815651a017ac48039d825a607e4c630_JC.exe
File created	C:\Windows\SysWOW64\macromd\MSN.exe	4815651a017ac48039d825a607e4c630_JC.exe
File created	C:\Windows\SysWOW64\macromd\3 teen blonde babes chin deep in pussy sauce.mpg.pif	4815651a017ac48039d825a607e4c630_JC.exe
File created	C:\Windows\SysWOW64\macromd\chick weeing in her pants.mpg.pif	4815651a017ac48039d825a607e4c630_JC.exe
File created	C:\Windows\SysWOW64\macromd\hotmailhacker.exe	4815651a017ac48039d825a607e4c630_JC.exe
File created	C:\Windows\SysWOW64\macromd\hot girl on the beach sucking cock and fucking guy.mpg.exe	4815651a017ac48039d825a607e4c630_JC.exe
File created	C:\Windows\SysWOW64\macromd\mature show older pussy and happy to do it.mpg.pif	4815651a017ac48039d825a607e4c630_JC.exe
File created	C:\Windows\SysWOW64\macromd\this really wild insane groupsex.mpg.pif	4815651a017ac48039d825a607e4c630_JC.exe
File created	C:\Windows\SysWOW64\macromd\Norton antivirus 2002.exe	4815651a017ac48039d825a607e4c630_JC.exe
File created	C:\Windows\SysWOW64\macromd\little chicken shy about exposing sweet cunt.mpg.pif	4815651a017ac48039d825a607e4c630_JC.exe
File created	C:\Windows\SysWOW64\macromd\blonde beauty ass fucked.mpg.pif	4815651a017ac48039d825a607e4c630_JC.exe
File created	C:\Windows\SysWOW64\macromd\tenderonie who insist her pussy must always be free.mpg.pif	4815651a017ac48039d825a607e4c630_JC.exe
File created	C:\Windows\SysWOW64\macromd\trio having hardcore fucking fun.mpg.pif	4815651a017ac48039d825a607e4c630_JC.exe
File created	C:\Windows\SysWOW64\macromd\sexy amatures sucking whole bag.mpg.pif	4815651a017ac48039d825a607e4c630_JC.exe
File created	C:\Windows\SysWOW64\macromd\sexy hot looking horny ebony teens.mpg.pif	4815651a017ac48039d825a607e4c630_JC.exe
File created	C:\Windows\SysWOW64\macromd\Jenna Jamison Dildo Humping.exe	4815651a017ac48039d825a607e4c630_JC.exe
File created	C:\Windows\SysWOW64\macromd\honies with incredibly delicious big boobs.mpg.pif	4815651a017ac48039d825a607e4c630_JC.exe
File created	C:\Windows\SysWOW64\macromd\blonde on couch gettin tight anal fucking.mpg.pif	4815651a017ac48039d825a607e4c630_JC.exe
File created	C:\Windows\SysWOW64\macromd\fine babe spreading sweet ass and luscious cunt.mpg.pif	4815651a017ac48039d825a607e4c630_JC.exe
File created	C:\Windows\SysWOW64\macromd\movie of mom who whip hot ass on daughter's big cock lover.mpg.pif	4815651a017ac48039d825a607e4c630_JC.exe
File created	C:\Windows\SysWOW64\macromd\uncle fred spanking his young nieces little ass.mpg.pif	4815651a017ac48039d825a607e4c630_JC.exe

C:\Users\Admin\AppData\Local\Temp\4815651a017ac48039d825a607e4c630_JC.exe
"C:\Users\Admin\AppData\Local\Temp\4815651a017ac48039d825a607e4c630_JC.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:1312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\macromd\msncracker.exe

Filesize
81KB

MD5
5c2fdbd26b3d6c115d72936682bde5f4

SHA1
5337e67de7c21376d8538ee4c7d597a45388bda0

SHA256
ec8f606e43c7d07102f39fba54c4912cba2658a30b1d0dacba1c5bf32fe1f709

SHA512
099f19e44029d4c08a4ca4bca510becaac501393b190b2f0b790e1edc790f550fa0a104660e7cf1a03ad3fb13b771be101efadab1eda8a3cb9b132a97f6e1307

Download Submit
memory/1312-0-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/1312-34-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads