7f87d731d8bd99f751e240ed039569086f29bf1e25371f37b3ad84c84ce30c41

Analysis

max time kernel
122s
max time network
129s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
16/10/2023, 18:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.500cf5fd0a5bf155b6e017c8408dcb30.exe
Size

431KB
MD5

500cf5fd0a5bf155b6e017c8408dcb30
SHA1

9fc73a9f54ec661c1f643045f0dcda297a36cc5d
SHA256

7f87d731d8bd99f751e240ed039569086f29bf1e25371f37b3ad84c84ce30c41
SHA512

c6e2718686e57d0901ad26837ae5b861debefd41c129698d92831dca1fc90b7a09ffa565177f6e3d9260a58b4b1f82ab3463472e5ea0f902fa0cb1e2d19ded6b
SSDEEP

3072:smVW8iTX/3Rfl8Xq1+0cxxsWEL02fXcIp08Moe9DESZLK0uxicQf4yGI:tM7jJljxYTHYZM1vlncQfLl

Score

7^/10

persistence upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2044-0-0x0000000000400000-0x0000000000468000-memory.dmp	upx
behavioral1/files/0x0008000000018ca9-6.dat	upx
behavioral1/memory/2044-34-0x0000000000400000-0x0000000000468000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	NEAS.500cf5fd0a5bf155b6e017c8408dcb30.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\winxcfg.exe	NEAS.500cf5fd0a5bf155b6e017c8408dcb30.exe
File created	C:\Windows\SysWOW64\macromd\Microsoft Office XP (english) key generator.exe	NEAS.500cf5fd0a5bf155b6e017c8408dcb30.exe
File created	C:\Windows\SysWOW64\macromd\Digimon.exe	NEAS.500cf5fd0a5bf155b6e017c8408dcb30.exe
File created	C:\Windows\SysWOW64\macromd\horny teen waking up with her pink pussy spread.mpg.pif	NEAS.500cf5fd0a5bf155b6e017c8408dcb30.exe
File created	C:\Windows\SysWOW64\macromd\cute teen fingering herself on the sofa.mpg.pif	NEAS.500cf5fd0a5bf155b6e017c8408dcb30.exe
File created	C:\Windows\SysWOW64\macromd\hot blonde teen sucking old dick.mpg.pif	NEAS.500cf5fd0a5bf155b6e017c8408dcb30.exe
File created	C:\Windows\SysWOW64\macromd\plump brunette using her finger.mpg.pif	NEAS.500cf5fd0a5bf155b6e017c8408dcb30.exe
File created	C:\Windows\SysWOW64\macromd\career girls playing with their snatch after work.mpg.pif	NEAS.500cf5fd0a5bf155b6e017c8408dcb30.exe
File created	C:\Windows\SysWOW64\macromd\asian getting a taste of pork.mpg.pif	NEAS.500cf5fd0a5bf155b6e017c8408dcb30.exe
File created	C:\Windows\SysWOW64\macromd\sexy bi guys doing a chick together.mpg.pif	NEAS.500cf5fd0a5bf155b6e017c8408dcb30.exe
File created	C:\Windows\SysWOW64\macromd\lesbians lickin and toying.mpg.pif	NEAS.500cf5fd0a5bf155b6e017c8408dcb30.exe
File created	C:\Windows\SysWOW64\macromd\gorgious babe who quit school to model pretty pink.mpg.pif	NEAS.500cf5fd0a5bf155b6e017c8408dcb30.exe
File created	C:\Windows\SysWOW64\macromd\hairy lezzies torching it up with hot candles.mpg.pif	NEAS.500cf5fd0a5bf155b6e017c8408dcb30.exe
File created	C:\Windows\SysWOW64\macromd\swimmingpool threesome fuck suck group sucking.mpg.pif	NEAS.500cf5fd0a5bf155b6e017c8408dcb30.exe
File created	C:\Windows\SysWOW64\macromd\Counter Strike CD Keygen.exe	NEAS.500cf5fd0a5bf155b6e017c8408dcb30.exe
File created	C:\Windows\SysWOW64\macromd\Play Games Online For FREE.exe	NEAS.500cf5fd0a5bf155b6e017c8408dcb30.exe
File created	C:\Windows\SysWOW64\macromd\Teen Violent Forced Gangbang.exe	NEAS.500cf5fd0a5bf155b6e017c8408dcb30.exe
File created	C:\Windows\SysWOW64\macromd\Pamela Anderson And Tommy Lee Home Video (Part 1).mpg.exe	NEAS.500cf5fd0a5bf155b6e017c8408dcb30.exe
File created	C:\Windows\SysWOW64\macromd\Free Porn.exe	NEAS.500cf5fd0a5bf155b6e017c8408dcb30.exe
File created	C:\Windows\SysWOW64\macromd\cute honie spreading flawless ass and juicy twat.mpg.pif	NEAS.500cf5fd0a5bf155b6e017c8408dcb30.exe
File created	C:\Windows\SysWOW64\macromd\old fucker punishing teeny.mpg.pif	NEAS.500cf5fd0a5bf155b6e017c8408dcb30.exe
File created	C:\Windows\SysWOW64\macromd\this really wild insane groupsex.mpg.pif	NEAS.500cf5fd0a5bf155b6e017c8408dcb30.exe
File created	C:\Windows\SysWOW64\macromd\MSN.exe	NEAS.500cf5fd0a5bf155b6e017c8408dcb30.exe
File created	C:\Windows\SysWOW64\macromd\supermodel nina brosh .mpg.pif	NEAS.500cf5fd0a5bf155b6e017c8408dcb30.exe
File created	C:\Windows\SysWOW64\macromd\Britney Spears Dance Beat.exe	NEAS.500cf5fd0a5bf155b6e017c8408dcb30.exe
File created	C:\Windows\SysWOW64\macromd\AIM Account Hacker.exe	NEAS.500cf5fd0a5bf155b6e017c8408dcb30.exe
File created	C:\Windows\SysWOW64\macromd\virtua girl - bailey short skirt.pif	NEAS.500cf5fd0a5bf155b6e017c8408dcb30.exe
File created	C:\Windows\SysWOW64\macromd\two teenie boppers learning to eat pussy.mpg.pif	NEAS.500cf5fd0a5bf155b6e017c8408dcb30.exe
File created	C:\Windows\SysWOW64\macromd\mature show older pussy and happy to do it.mpg.pif	NEAS.500cf5fd0a5bf155b6e017c8408dcb30.exe
File created	C:\Windows\SysWOW64\macromd\spying on gals in toilet.mpg.pif	NEAS.500cf5fd0a5bf155b6e017c8408dcb30.exe
File created	C:\Windows\SysWOW64\macromd\gay super heros and fairys.mpg.pif	NEAS.500cf5fd0a5bf155b6e017c8408dcb30.exe
File created	C:\Windows\SysWOW64\macromd\yummy lesbos licking.mpg.pif	NEAS.500cf5fd0a5bf155b6e017c8408dcb30.exe
File created	C:\Windows\SysWOW64\macromd\an asian bush getting a cum bath.mpg.pif	NEAS.500cf5fd0a5bf155b6e017c8408dcb30.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.500cf5fd0a5bf155b6e017c8408dcb30.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.500cf5fd0a5bf155b6e017c8408dcb30.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:2044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\macromd\Microsoft Office XP (english) key generator.exe

Filesize
78KB

MD5
75f13a295c597ee33902796f45621643

SHA1
626c2098b60f5f1556cce2fee97af69bc161eb7c

SHA256
7026cceb4312b6c048954ee0f7508b4cd49371352578dc030f6ba004f3de3d0f

SHA512
e5f2bc3f88d2a037f594d632d08a36a4e9d477799852a4dc901eed877e7ba0f9de200ad8a6dfc407f8ff9f6b2fcb111b788b45265017dd4e8b81c31ad2a4ced1

Download Submit
memory/2044-0-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download
memory/2044-34-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads