c45c00cb0be27b36353d6904ece97bf2b502cee01fb5b48814f663a17b03d636

Analysis

max time kernel
140s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
15/10/2023, 19:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bd80409948a799f65127354ad9bf6cf0_exe32.exe
Size

79KB
MD5

bd80409948a799f65127354ad9bf6cf0
SHA1

6f1c4a7931fa5129b41125e8717a6f0355effe0b
SHA256

c45c00cb0be27b36353d6904ece97bf2b502cee01fb5b48814f663a17b03d636
SHA512

b5944a38077566d235233b072cdaa696326c6f071d47d203aa67031d8948115868c031176a56bcdd4c4f9706313910911c49ccad3c3677065cd02911f2fd4b87
SSDEEP

1536:5lrsicagdzn8K2ariPOcjk+XQuPVN72NMS7IITQuxicJPufQ:5JjcF8KfCOcjk+guPVjSl0uxicQfQ

Score

7^/10

persistence upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/416-0-0x0000000000400000-0x0000000000467000-memory.dmp	upx
behavioral2/files/0x0006000000023254-6.dat	upx
behavioral2/memory/416-34-0x0000000000400000-0x0000000000467000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	bd80409948a799f65127354ad9bf6cf0_exe32.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\hot tomoli lathering up sexy body for boyfriend's tongue.mpg.pif	bd80409948a799f65127354ad9bf6cf0_exe32.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	bd80409948a799f65127354ad9bf6cf0_exe32.exe
File created	C:\Windows\SysWOW64\macromd\horny housewife looking for some action.mpg.pif	bd80409948a799f65127354ad9bf6cf0_exe32.exe
File created	C:\Windows\SysWOW64\macromd\chubby girl bukkake gang banged sucking cock.mpg.pif	bd80409948a799f65127354ad9bf6cf0_exe32.exe
File created	C:\Windows\SysWOW64\macromd\senior blonde fucking and suckin like a teen.mpg.pif	bd80409948a799f65127354ad9bf6cf0_exe32.exe
File created	C:\Windows\SysWOW64\macromd\super sexy blonde showing her pink.mpg.pif	bd80409948a799f65127354ad9bf6cf0_exe32.exe
File created	C:\Windows\SysWOW64\macromd\robin throating and fucking.mpg.pif	bd80409948a799f65127354ad9bf6cf0_exe32.exe
File created	C:\Windows\SysWOW64\macromd\Choke on cum (sodomy, rape).mpg.exe	bd80409948a799f65127354ad9bf6cf0_exe32.exe
File created	C:\Windows\SysWOW64\macromd\chubby girl fucked from all angles xxx.exe	bd80409948a799f65127354ad9bf6cf0_exe32.exe
File created	C:\Windows\SysWOW64\macromd\career girls playing with their snatch after work.mpg.pif	bd80409948a799f65127354ad9bf6cf0_exe32.exe
File created	C:\Windows\SysWOW64\macromd\password stealer.exe	bd80409948a799f65127354ad9bf6cf0_exe32.exe
File created	C:\Windows\SysWOW64\macromd\AOL.exe	bd80409948a799f65127354ad9bf6cf0_exe32.exe
File created	C:\Windows\SysWOW64\macromd\amateur babe showing pink.mpg.pif	bd80409948a799f65127354ad9bf6cf0_exe32.exe
File created	C:\Windows\SysWOW64\macromd\jenna jameson - xxx nurse scene.mpg.pif	bd80409948a799f65127354ad9bf6cf0_exe32.exe
File created	C:\Windows\SysWOW64\macromd\old fucker punishing teeny.mpg.pif	bd80409948a799f65127354ad9bf6cf0_exe32.exe
File created	C:\Windows\SysWOW64\macromd\sexy ass black slut sucking huge cock.mpg.pif	bd80409948a799f65127354ad9bf6cf0_exe32.exe
File created	C:\Windows\SysWOW64\macromd\invisible IP.exe	bd80409948a799f65127354ad9bf6cf0_exe32.exe
File created	C:\Windows\SysWOW64\macromd\cool rooster raiding hen house for hot babes, link city.mpg.pif	bd80409948a799f65127354ad9bf6cf0_exe32.exe
File created	C:\Windows\SysWOW64\macromd\sluty cock sucking chick.mpg.pif	bd80409948a799f65127354ad9bf6cf0_exe32.exe
File created	C:\Windows\SysWOW64\macromd\beautiful blonde gettin an anal fucking.mpg.pif	bd80409948a799f65127354ad9bf6cf0_exe32.exe
File created	C:\Windows\SysWOW64\macromd\two busty sluts fucked in bathroom.mpg.pif	bd80409948a799f65127354ad9bf6cf0_exe32.exe
File created	C:\Windows\SysWOW64\macromd\Hotmail Hacker.exe	bd80409948a799f65127354ad9bf6cf0_exe32.exe
File created	C:\Windows\SysWOW64\macromd\ICQ Hackingtools.exe	bd80409948a799f65127354ad9bf6cf0_exe32.exe
File created	C:\Windows\SysWOW64\macromd\AIM Flooder.exe	bd80409948a799f65127354ad9bf6cf0_exe32.exe
File created	C:\Windows\SysWOW64\macromd\aol password cracker.exe	bd80409948a799f65127354ad9bf6cf0_exe32.exe
File created	C:\Windows\SysWOW64\macromd\yummy lesbos licking.mpg.pif	bd80409948a799f65127354ad9bf6cf0_exe32.exe
File created	C:\Windows\SysWOW64\macromd\hardcored blonde mature.mpg.pif	bd80409948a799f65127354ad9bf6cf0_exe32.exe
File created	C:\Windows\SysWOW64\macromd\hard cock cumming in her mouth.mpg.pif	bd80409948a799f65127354ad9bf6cf0_exe32.exe
File created	C:\Windows\SysWOW64\macromd\old lady in bra and corset with dildo.mpg.pif	bd80409948a799f65127354ad9bf6cf0_exe32.exe
File created	C:\Windows\SysWOW64\macromd\Britney Spears Dance Beat.exe	bd80409948a799f65127354ad9bf6cf0_exe32.exe
File created	C:\Windows\SysWOW64\macromd\Blonde and Japanese girl bukkake.mpg.exe	bd80409948a799f65127354ad9bf6cf0_exe32.exe
File created	C:\Windows\SysWOW64\macromd\hard 3 way fuck in car shop.mpg.pif	bd80409948a799f65127354ad9bf6cf0_exe32.exe
File created	C:\Windows\SysWOW64\macromd\toying blonde with fucking machine.mpg.pif	bd80409948a799f65127354ad9bf6cf0_exe32.exe

C:\Users\Admin\AppData\Local\Temp\bd80409948a799f65127354ad9bf6cf0_exe32.exe
"C:\Users\Admin\AppData\Local\Temp\bd80409948a799f65127354ad9bf6cf0_exe32.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\macromd\Britney Spears Dance Beat.exe

Filesize
75KB

MD5
7948c90d22d4482db7afeb9e91e65102

SHA1
e61eb8ccb4be76e50d53ffcf3f410d357d8302e3

SHA256
d3871ead5557c392d23afc4747c90c5c75554c20d96bb680eb1d431d274fde19

SHA512
bac7f020f23f0b9a8184ea3b0718fa3a873b6a70c64e162fc0878a9aa5ab12a698fddbf0bb15b2ad890655508ccd2cbc5d793d4e2d4c8c27e2082dc60e66122a

Download Submit
memory/416-0-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/416-34-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads