418285a0b81639fc29d252e0ab1eb7be4b1a5cdde1f9d446858a1f83777cf089

Analysis

max time kernel
117s
max time network
138s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
07/11/2023, 16:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.6dea129c37ff6701f98afbfb4b88b380.exe
Size

427KB
MD5

6dea129c37ff6701f98afbfb4b88b380
SHA1

83d347abd77b3cb8472dad6887bf962151a9b6c5
SHA256

418285a0b81639fc29d252e0ab1eb7be4b1a5cdde1f9d446858a1f83777cf089
SHA512

7458e6cff79f5d478307c0717ba0cff1b7a3bfde1331987dfb5e433db35ef9f8911c66cd7fa926c10e631d65abcc9fe164b605a356622a4cc0f4357830419c37
SSDEEP

3072:smVW8iTX/3Rfl8Xq1+0cxxsWEL02fXcIp08Moe9DESZLIDjNFa8zr:tM7jJljxYTHYZM1vkDjrfzr

Score

7^/10

persistence upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2272-1-0x0000000000400000-0x0000000000468000-memory.dmp	upx
behavioral1/files/0x000700000001605c-6.dat	upx
behavioral1/memory/2272-34-0x0000000000400000-0x0000000000468000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	NEAS.6dea129c37ff6701f98afbfb4b88b380.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\DivX pro key generator.exe	NEAS.6dea129c37ff6701f98afbfb4b88b380.exe
File created	C:\Windows\SysWOW64\macromd\babe celebrating new years naked and spreading cunt.mpg.pif	NEAS.6dea129c37ff6701f98afbfb4b88b380.exe
File created	C:\Windows\SysWOW64\macromd\sluts who are in control of their slaves.mpg.pif	NEAS.6dea129c37ff6701f98afbfb4b88b380.exe
File created	C:\Windows\SysWOW64\macromd\firm ass honie with thick lips made for sucking rods.mpg.pif	NEAS.6dea129c37ff6701f98afbfb4b88b380.exe
File created	C:\Windows\SysWOW64\macromd\sexy hot teens gettin busy in shower.mpg.pif	NEAS.6dea129c37ff6701f98afbfb4b88b380.exe
File created	C:\Windows\SysWOW64\macromd\sexy blonde teasing pussy.mpg.pif	NEAS.6dea129c37ff6701f98afbfb4b88b380.exe
File created	C:\Windows\SysWOW64\macromd\blonde on couch gettin tight anal fucking.mpg.pif	NEAS.6dea129c37ff6701f98afbfb4b88b380.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	NEAS.6dea129c37ff6701f98afbfb4b88b380.exe
File created	C:\Windows\SysWOW64\macromd\uncle fred spanking his young nieces little ass.mpg.pif	NEAS.6dea129c37ff6701f98afbfb4b88b380.exe
File created	C:\Windows\SysWOW64\macromd\hot babe showing her pussy and wanting a stiff cock.mpg.pif	NEAS.6dea129c37ff6701f98afbfb4b88b380.exe
File created	C:\Windows\SysWOW64\macromd\tenderonie who insist her pussy must always be free.mpg.pif	NEAS.6dea129c37ff6701f98afbfb4b88b380.exe
File created	C:\Windows\SysWOW64\macromd\Microsoft Office XP (english) key generator.exe	NEAS.6dea129c37ff6701f98afbfb4b88b380.exe
File created	C:\Windows\SysWOW64\macromd\polish naturals with nice round titties.mpg.pif	NEAS.6dea129c37ff6701f98afbfb4b88b380.exe
File created	C:\Windows\SysWOW64\macromd\beautiful blonde gettin an anal fucking.mpg.pif	NEAS.6dea129c37ff6701f98afbfb4b88b380.exe
File created	C:\Windows\SysWOW64\macromd\XXX Porn Passwords.exe	NEAS.6dea129c37ff6701f98afbfb4b88b380.exe
File created	C:\Windows\SysWOW64\macromd\little chicken shy about exposing sweet cunt.mpg.pif	NEAS.6dea129c37ff6701f98afbfb4b88b380.exe
File created	C:\Windows\SysWOW64\macromd\maid's vagina plowed by big cock.mpg.pif	NEAS.6dea129c37ff6701f98afbfb4b88b380.exe
File created	C:\Windows\SysWOW64\macromd\two studs gangbanging a hot little sluts holes.mpg.pif	NEAS.6dea129c37ff6701f98afbfb4b88b380.exe
File created	C:\Windows\SysWOW64\macromd\Warcraft 3 battle.net serial generator.exe	NEAS.6dea129c37ff6701f98afbfb4b88b380.exe
File created	C:\Windows\SysWOW64\macromd\Napster Clone.exe	NEAS.6dea129c37ff6701f98afbfb4b88b380.exe
File created	C:\Windows\SysWOW64\macromd\hot mature blonde in stockings.mpg.pif	NEAS.6dea129c37ff6701f98afbfb4b88b380.exe
File created	C:\Windows\SysWOW64\macromd\GTA 3 Serial.exe	NEAS.6dea129c37ff6701f98afbfb4b88b380.exe
File created	C:\Windows\SysWOW64\macromd\horny little blonde spreading pink.mpg.pif	NEAS.6dea129c37ff6701f98afbfb4b88b380.exe
File created	C:\Windows\SysWOW64\macromd\crazy old man playing young teen.mpg.pif	NEAS.6dea129c37ff6701f98afbfb4b88b380.exe
File created	C:\Windows\SysWOW64\macromd\older blonde showing she has the goods.mpg.pif	NEAS.6dea129c37ff6701f98afbfb4b88b380.exe
File created	C:\Windows\SysWOW64\macromd\babe locking lips around her man's rod in backyard.mpg.pif	NEAS.6dea129c37ff6701f98afbfb4b88b380.exe
File created	C:\Windows\SysWOW64\macromd\Britney spears nude.exe	NEAS.6dea129c37ff6701f98afbfb4b88b380.exe
File created	C:\Windows\SysWOW64\macromd\little brown cup-cake with plump boobs and sweet beaver.mpg.pif	NEAS.6dea129c37ff6701f98afbfb4b88b380.exe
File created	C:\Windows\SysWOW64\macromd\amateur orgy at a swinger party.mpg.pif	NEAS.6dea129c37ff6701f98afbfb4b88b380.exe
File created	C:\Windows\SysWOW64\macromd\honie with a ka-boom hot ass and delicious cunt.mpg.pif	NEAS.6dea129c37ff6701f98afbfb4b88b380.exe
File created	C:\Windows\SysWOW64\macromd\amateur slut fingering herself threw her wet panties.mpg.pif	NEAS.6dea129c37ff6701f98afbfb4b88b380.exe
File created	C:\Windows\SysWOW64\macromd\sexy amatures sucking whole bag.mpg.pif	NEAS.6dea129c37ff6701f98afbfb4b88b380.exe
File created	C:\Windows\SysWOW64\macromd\Teen Violent Forced Gangbang.exe	NEAS.6dea129c37ff6701f98afbfb4b88b380.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.6dea129c37ff6701f98afbfb4b88b380.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.6dea129c37ff6701f98afbfb4b88b380.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:2272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\macromd\Microsoft Office XP (english) key generator.exe

Filesize
93KB

MD5
0c43d95cc4bfc9ba85fe777b752a1ffc

SHA1
fe97241e30467ad3738adb6d3facf8f320195d1d

SHA256
6f31c813b2c9d64e62956522261f8867b80df6575bc637c72f838b666c319ae7

SHA512
e8a304692b249e3c3385471de424126e70f56e9bf376f905d67716cfcac26150098fc3daf4e74841b45f7f3e58a18bc3579a053933cbf22b8abde3372372d7b2

Download Submit
memory/2272-1-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download
memory/2272-34-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads