f6d4dbc269159371134a7fed648509a1fb0efe2a58bb75ec81df037168e9d06d

Analysis

max time kernel
127s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
01/11/2023, 04:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.8aef9e29337402fc50d32a1133e6cd20.exe
Size

80KB
MD5

8aef9e29337402fc50d32a1133e6cd20
SHA1

e6ad314802e7cf2d9823c27a79c271852f44de0b
SHA256

f6d4dbc269159371134a7fed648509a1fb0efe2a58bb75ec81df037168e9d06d
SHA512

a730f61d4c9436c0f2c48bf35e9ba843e0d1a6098c805d8ade2ef378b4e8aba71cd2e6f53d62275a57f3a4cb4a007a1fb54caf2bc102a311ebe155110aed4458
SSDEEP

1536:5lrsicagdzn8K2ariPOcjk+XQuPVN72NMS3xIamX/LdyYC:5JjcF8KfCOcjk+guPVjS3uaLR

Score

7^/10

persistence upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4380-0-0x0000000000400000-0x0000000000467000-memory.dmp	upx
behavioral2/files/0x0006000000022e66-6.dat	upx
behavioral2/memory/4380-34-0x0000000000400000-0x0000000000467000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	NEAS.8aef9e29337402fc50d32a1133e6cd20.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\hot japanese office sex.mpg.pif	NEAS.8aef9e29337402fc50d32a1133e6cd20.exe
File created	C:\Windows\SysWOW64\macromd\slut mouth open wide to take dick in.mpg.pif	NEAS.8aef9e29337402fc50d32a1133e6cd20.exe
File created	C:\Windows\SysWOW64\macromd\amateur slut with a huge gun.mpg.pif	NEAS.8aef9e29337402fc50d32a1133e6cd20.exe
File created	C:\Windows\SysWOW64\macromd\wild stud eating and drilling small pussy freek.mpg.pif	NEAS.8aef9e29337402fc50d32a1133e6cd20.exe
File created	C:\Windows\SysWOW64\macromd\sunbathing beauties tanning tender pussy lips.mpg.pif	NEAS.8aef9e29337402fc50d32a1133e6cd20.exe
File created	C:\Windows\SysWOW64\macromd\swimmingpool threesome fuck suck group sucking.mpg.pif	NEAS.8aef9e29337402fc50d32a1133e6cd20.exe
File created	C:\Windows\SysWOW64\macromd\pigtail black babe with pretty boy.mpg.pif	NEAS.8aef9e29337402fc50d32a1133e6cd20.exe
File created	C:\Windows\SysWOW64\macromd\two dudes comparing dick sizes.mpg.pif	NEAS.8aef9e29337402fc50d32a1133e6cd20.exe
File created	C:\Windows\SysWOW64\macromd\Play Games Online For FREE.exe	NEAS.8aef9e29337402fc50d32a1133e6cd20.exe
File created	C:\Windows\SysWOW64\macromd\hot butt sex ..unbeliveable.mpg.pif	NEAS.8aef9e29337402fc50d32a1133e6cd20.exe
File created	C:\Windows\SysWOW64\macromd\horny ass licking lesbians.mpg.pif	NEAS.8aef9e29337402fc50d32a1133e6cd20.exe
File created	C:\Windows\SysWOW64\macromd\cutie nailed up the ass.mpg.pif	NEAS.8aef9e29337402fc50d32a1133e6cd20.exe
File created	C:\Windows\SysWOW64\macromd\Nokia Unloker (most models).exe	NEAS.8aef9e29337402fc50d32a1133e6cd20.exe
File created	C:\Windows\SysWOW64\macromd\hot tomoli lathering up sexy body for boyfriend's tongue.mpg.pif	NEAS.8aef9e29337402fc50d32a1133e6cd20.exe
File created	C:\Windows\SysWOW64\macromd\nice girl showing her tits for extra money.mpg.pif	NEAS.8aef9e29337402fc50d32a1133e6cd20.exe
File created	C:\Windows\SysWOW64\macromd\busty older bitch gets slammed.mpg.pif	NEAS.8aef9e29337402fc50d32a1133e6cd20.exe
File created	C:\Windows\SysWOW64\macromd\twink stroking his butt plugger.mpg.pif	NEAS.8aef9e29337402fc50d32a1133e6cd20.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	NEAS.8aef9e29337402fc50d32a1133e6cd20.exe
File created	C:\Windows\SysWOW64\macromd\pamela anderson naked.mpg.exe	NEAS.8aef9e29337402fc50d32a1133e6cd20.exe
File created	C:\Windows\SysWOW64\macromd\teen spreading in the kitchen.mpg.pif	NEAS.8aef9e29337402fc50d32a1133e6cd20.exe
File created	C:\Windows\SysWOW64\macromd\shanks who serve up smelly pootang.mpg.pif	NEAS.8aef9e29337402fc50d32a1133e6cd20.exe
File created	C:\Windows\SysWOW64\macromd\cute blonde cheerleader dancing.mpg.pif	NEAS.8aef9e29337402fc50d32a1133e6cd20.exe
File created	C:\Windows\SysWOW64\macromd\head rooster pimping hot little tender ass chickens.mpg.pif	NEAS.8aef9e29337402fc50d32a1133e6cd20.exe
File created	C:\Windows\SysWOW64\macromd\two studs gangbanging a hot little sluts holes.mpg.pif	NEAS.8aef9e29337402fc50d32a1133e6cd20.exe
File created	C:\Windows\SysWOW64\macromd\yummy lesbos licking wet pussy holes.mpg.pif	NEAS.8aef9e29337402fc50d32a1133e6cd20.exe
File created	C:\Windows\SysWOW64\macromd\horny little blonde spreading pink.mpg.pif	NEAS.8aef9e29337402fc50d32a1133e6cd20.exe
File created	C:\Windows\SysWOW64\macromd\some twink ass rippers.mpg.pif	NEAS.8aef9e29337402fc50d32a1133e6cd20.exe
File created	C:\Windows\SysWOW64\macromd\sweet ass blonde teen with dripping wet pussy.mpg.pif	NEAS.8aef9e29337402fc50d32a1133e6cd20.exe
File created	C:\Windows\SysWOW64\macromd\hot babes having too much fun at nude beach party.mpg.pif	NEAS.8aef9e29337402fc50d32a1133e6cd20.exe
File created	C:\Windows\SysWOW64\macromd\sexy blonde teasing pussy.mpg.pif	NEAS.8aef9e29337402fc50d32a1133e6cd20.exe
File created	C:\Windows\SysWOW64\macromd\hot teeny sucking cock.mpg.pif	NEAS.8aef9e29337402fc50d32a1133e6cd20.exe
File created	C:\Windows\SysWOW64\macromd\Website Hacker.exe	NEAS.8aef9e29337402fc50d32a1133e6cd20.exe
File created	C:\Windows\SysWOW64\macromd\tiny little virgin showing off her cherry pussy.mpg.pif	NEAS.8aef9e29337402fc50d32a1133e6cd20.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.8aef9e29337402fc50d32a1133e6cd20.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.8aef9e29337402fc50d32a1133e6cd20.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:4380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\macromd\cute blonde cheerleader dancing.mpg.pif

Filesize
73KB

MD5
84496874105c2e653852af363bbbd970

SHA1
98754d041e321c022345c9764de19adab739c49e

SHA256
d6b2b7bf7710b7fe3bc154238f2c8aafd2e4c77e11cd1e9eee324d2e2868c5eb

SHA512
01623a5f6e0e8ec847cea19323a9c271d3dfe2707aa16cdac261cc2382ce024dc0ffcfafabf35f42b543d8a9a7dad1cb6875c00997d918b071af88b72bb9397e

Download Submit
memory/4380-0-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/4380-34-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads