fc42ccde72cef90fa2c603a9dc27af57e693a696c8f6e4b1519f5b8249d26832

Analysis

max time kernel
138s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2023, 18:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
Size

427KB
MD5

3b3b67b53e735d1f8b3a273f317b37b0
SHA1

8776e06a01c66764d05819b307693f5afc91ef1f
SHA256

fc42ccde72cef90fa2c603a9dc27af57e693a696c8f6e4b1519f5b8249d26832
SHA512

c5c4847b77529879c9add2af869512b20cdd227467c99d19043e67d0248376f4466a14c97cf7c54752351185426e19ad90195bbb37b3c7efacbd6695e0d52cd2
SSDEEP

3072:smVW8iTX/3Rfl8Xq1+0cxxsWEL02fXcIp08Moe9DESZLQn+MA:tM7jJljxYTHYZM1vUnVA

Score

7^/10

persistence upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4320-0-0x0000000000400000-0x0000000000468000-memory.dmp	upx
behavioral2/files/0x0007000000022e01-7.dat	upx
behavioral2/memory/4320-34-0x0000000000400000-0x0000000000468000-memory.dmp	upx
behavioral2/memory/4320-35-0x0000000000400000-0x0000000000468000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\babes getting their tender little asses corked.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\horny teen waking up with her pink pussy spread.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\teen spreading in the kitchen.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\kinky banana in pussy.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\slutty japanese babe giving blowjob.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\cute girl giving head.exe	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\porn account cracker.exe	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\candy stripper getting down on sick mans cock.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\stud fucking his blonde french maid.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\Preteen Rape Sex Illegal - Jenny - 13 Years old.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\3 teen blonde babes chin deep in pussy sauce.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\horny ass licking lesbians.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\hot mature blonde in stockings.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\Xbox Iso 2 Rom Converter.exe	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\huge titty blonde taking in a full 12 inch cock.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\hard 3 way fuck in car shop.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\illgal incest preteen porn cum.mpg.exe	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\sexy little blonde teasing.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\girls with cock in hand and mouths fill with cum .mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\wild stud eating and drilling small pussy freek.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\kitty-cat with horny beaver that needs licking.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\sweet ass blonde teen with dripping wet pussy.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\yummy lesbos licking wet pussy holes.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\cutie nailed up the ass.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\Pamela Anderson And Tommy Lee Home Video (Part 1).mpg.exe	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\cool rooster raiding hen house for hot babes, link city.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\amateur orgy at a swinger party.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\tiny little virgin showing off her cherry pussy.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\Two girls - Blonde and Brunette - Giving head.exe	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\busty asian babe with a hairy box.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\asian getting a taste of pork.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
File created	C:\Windows\SysWOW64\macromd\busty ebony girl showing shaved pus.mpg.pif	NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.3b3b67b53e735d1f8b3a273f317b37b0.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:4320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\macromd\Two girls - Blonde and Brunette - Giving head.exe

Filesize
78KB

MD5
56d1b3de22b6faadeb6a4c650450a7d2

SHA1
556ee251fe8285c875054a5598cb4917beeaa893

SHA256
a25a72e11efb8dd192f9a86e719ea4579588870118b559a0ad296b415b50d20e

SHA512
27ad42fc45aab5d03f01348eae54669f3518a9d51fbe06dcb7aea3f684caa0bda2f604b927796cd6d4a202582ef1a4c3ef9a24847620f3947b8724032acb34e4

Download Submit
memory/4320-0-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download
memory/4320-34-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download
memory/4320-35-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads