fc42ccde72cef90fa2c603a9dc27af57e693a696c8f6e4b1519f5b8249d26832

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
07/11/2023, 18:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
Size

427KB
MD5

3b3b67b53e735d1f8b3a273f317b37b0
SHA1

8776e06a01c66764d05819b307693f5afc91ef1f
SHA256

fc42ccde72cef90fa2c603a9dc27af57e693a696c8f6e4b1519f5b8249d26832
SHA512

c5c4847b77529879c9add2af869512b20cdd227467c99d19043e67d0248376f4466a14c97cf7c54752351185426e19ad90195bbb37b3c7efacbd6695e0d52cd2
SSDEEP

3072:smVW8iTX/3Rfl8Xq1+0cxxsWEL02fXcIp08Moe9DESZLQn+MA:tM7jJljxYTHYZM1vUnVA

Score

7^/10

persistence upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1828-0-0x0000000000400000-0x0000000000468000-memory.dmp	upx
behavioral1/files/0x0007000000015c80-6.dat	upx
behavioral1/memory/1828-34-0x0000000000400000-0x0000000000468000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\gorgious hotties who stimulated over worked rods.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\young slut being pound in all her tight holes.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\swimmingpool threesome fuck suck group sucking.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\slutty cum babes sharing a dick.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\blonde sucking and fucks outdoor.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\preteen sucking huge cock illegal.mpg.exe	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\babes taking turns munching on hot beavers.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\farmgirl that turned into college slut.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\cute teen fingering herself on the sofa.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\stud fucking his blonde french maid.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\showing some hot girls share cock.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\slutty japanese babe giving blowjob.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\sexy beautiful soon to be pornstar.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\horny teen waking up with her pink pussy spread.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\sexy blonde teasing pussy.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\hard cock cumming in her mouth.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\hot anita blonde doing lesbo.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\wild hoe showing spreading the pink.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\fetish bondage preteen porno.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\sluts who are in control of their slaves.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\babes letting dudes assault their furballs.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\sexy pink pussy girl taking it off.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\ebony girl with massive hooters.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\Another bang bus victim forced rape sex cum.mpg.exe	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\DivX pro key generator.exe	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\redhead in red lingerie ready to fuck.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\girl and her new vibrator.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\maid's vagina plowed by big cock.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\blowjob girl getting a sloppy facial.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\two plain lonely looking lesbians.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\violent preteen gang bang illegal.mpg.exe	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\tiny little virgin showing off her cherry pussy.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:1828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\macromd\violent preteen gang bang illegal.mpg.exe

Filesize
96KB

MD5
a2173fb689927352c6ec646294fe3d2b

SHA1
6197660512e0fd985c58b87fca9f62de2a34c8b0

SHA256
2b29ab192bfcf8819799ee9c448c68455681c2dc2203d9e5fc901f10bd8165fd

SHA512
8f181dc2abc735a135df42341b77db50af2a6f4648bc433fd9de86762b41730f870c64347d4bfaeed0847bf26851619a46bc09d807445af2ce670f7f014c11e6

Download Submit
memory/1828-0-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download
memory/1828-34-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads