0e304d1b5115ee3649a6932978e94fafb05ffd06addf4f8bb783c76360d77b86

Analysis

max time kernel
141s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
02/11/2023, 22:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.c64754994445fb736343f82026472250_JC.exe
Size

438KB
MD5

c64754994445fb736343f82026472250
SHA1

27cbbf99bf523c7649932e92339063461314969e
SHA256

0e304d1b5115ee3649a6932978e94fafb05ffd06addf4f8bb783c76360d77b86
SHA512

f1e93e87e93e0fd9e2e229c7c2cd4f31229d87e989376d0271eef63d4794368257dc141ffbaf399db9a63a594417d1f65cb2fbb82d03cc1bbfcb896d8a249b57
SSDEEP

3072:smVW8iTX/3Rfl8Xq1+0cxxsWEL02fXcIp08Moe9DESZLrdt6Vm+4qqLi5:tM7jJljxYTHYZM1v9Uwg

Score

7^/10

persistence upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3488-0-0x0000000000400000-0x0000000000468000-memory.dmp	upx
behavioral2/files/0x0006000000022e11-6.dat	upx
behavioral2/memory/3488-34-0x0000000000400000-0x0000000000468000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	NEAS.c64754994445fb736343f82026472250_JC.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\old lady in bra and corset with dildo.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\fat grannies action.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\busty ebony girl showing shaved pus.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\cute blonde chick riding cock.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\preteen snuff sex rape with a stick hardcore.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\win2k serial.exe	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\babes letting dudes assault their furballs.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\amateur slut fingering herself threw her wet panties.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\DivX pro key generator.exe	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\sweet ass blonde teen with dripping wet pussy.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\hot girls who like cock but eat lots of pussy.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\blonde showing her pussy to her neighbor.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\sylvia lauren showing her assets.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\bottle blonde tramp sucking a dick dry.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\nasty brunette getting hard jolting.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\Digimon.exe	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\Norton antivirus 2002.exe	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\euro moma with big headlights and scrumptous ass.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\hot babes having too much fun at nude beach party.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\AOL, MSN, Yahoo mail password stealer.exe	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\babe with dick stuck between her ass cheeks.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\sexy ass black slut sucking huge cock.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\yummy lesbos licking wet pussy holes.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\Kama Sutra Tetris.exe	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\trailor tramp pissing for you.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\lucky lesbians licking outdoors.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\girl and her new vibrator.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\brunette fucking in bedroom with boyfriend.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\Universal Game Crack.exe	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\sexy bi guys doing a chick together.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\honie playing in her cunt with newly bought toy.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe
File created	C:\Windows\SysWOW64\macromd\glamour babe in black stockings.mpg.pif	NEAS.c64754994445fb736343f82026472250_JC.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.c64754994445fb736343f82026472250_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.c64754994445fb736343f82026472250_JC.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:3488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\macromd\Digimon.exe

Filesize
82KB

MD5
61bd593c9ec1ba7bb00b59796f607753

SHA1
c6faf2f9b961e96ba611d479e48672df41e3e130

SHA256
b55af1ee009358cfcd6347b3aa00bf74df76d8d4dcdd96d595b8e85194274361

SHA512
35656dd63c14bfed0eda538073d32d28053230ec4b3f06af8ba12d36580673d551a1524156bb5a5ce508651d1fecf55316f3acc115abb4c0114b536ae6db597c

Download Submit
memory/3488-0-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download
memory/3488-34-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads