0e304d1b5115ee3649a6932978e94fafb05ffd06addf4f8bb783c76360d77b86

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
02/11/2023, 22:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.c64754994445fb736343f82026472250_JC.exe
Size

438KB
MD5

c64754994445fb736343f82026472250
SHA1

27cbbf99bf523c7649932e92339063461314969e
SHA256

0e304d1b5115ee3649a6932978e94fafb05ffd06addf4f8bb783c76360d77b86
SHA512

f1e93e87e93e0fd9e2e229c7c2cd4f31229d87e989376d0271eef63d4794368257dc141ffbaf399db9a63a594417d1f65cb2fbb82d03cc1bbfcb896d8a249b57
SSDEEP

3072:smVW8iTX/3Rfl8Xq1+0cxxsWEL02fXcIp08Moe9DESZLrdt6Vm+4qqLi5:tM7jJljxYTHYZM1v9Uwg

Score

7^/10

persistence upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2096-0-0x0000000000400000-0x0000000000468000-memory.dmp	upx
behavioral1/files/0x00070000000167f7-6.dat	upx
behavioral1/memory/2096-34-0x0000000000400000-0x0000000000468000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	NEAS.c64754994445fb736343f82026472250_JC.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\closeups of horny slut serving up sweet hairy bush.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\hot babe getting pussy eaten by horny girlfriend.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\bigger chunky girl with huge tits posing in the buff.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\cutie nailed up the ass.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\two studs gangbanging a hot little sluts holes.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\sexy brunette showing her bod outside the house.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\redhead getting a group facial at a wild party.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\cute girl giving head.exe	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\Pamela Anderson And Tommy Lee Home Video (Part 1).mpg.exe	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\Two girls - Blonde and Brunette - Giving head.exe	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\hotmail account sniffer.exe	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\Xbox Iso 2 Rom Converter.exe	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\two kinky old lezbos snapping the whip.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\ICQ Hackingtools.exe	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\MSN Password Hacker and Stealer.exe	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\cute teen with her hole spread wide open.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\hot hungry sluts sucking cum for a line of coke.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\sluts who are in control of their slaves.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\hot babe showing her pussy and wanting a stiff cock.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\hairy lezzies torching it up with hot candles.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\Lolita preteen sex.mpeg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\gorgious hotties who stimulated over worked rods.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\honie with a ka-boom hot ass and delicious cunt.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\yummy lesbos licking.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\older blonde showing she has the goods.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\little brown cup-cake with plump boobs and sweet beaver.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\wild ebony slut taking two cocks.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\brunette fucking in bedroom with boyfriend.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\little chicken shy about exposing sweet cunt.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\tiny girl opening hole in crazy wish of cock.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\nurse in pink showing her healthy bone slot.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\stud fucking his blonde french maid.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.c64754994445fb736343f82026472250_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.c64754994445fb736343f82026472250_JC.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:2096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\macromd\Xbox Iso 2 Rom Converter.exe

Filesize
91KB

MD5
80bf56007d60885c465a329603972c05

SHA1
89c2d922425d58a31f1ca15551bb0065d1f044d2

SHA256
30b320da0f9d3872e8ef60a6ca27b72459275e025033a08af0c7ba09669b04a7

SHA512
dd008c9f8236810919c8536a1f03de4276fe3ec39bbc460c7330ae06e619810d9c9abfe9f6fa62d2a994f90bbe227cda560d6f3917d26363dcfd6f446415892a

Download Submit
memory/2096-0-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download
memory/2096-34-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads