b9a8ee0e6cf7fd3a029367a3b8423932f96646e81f9c6909f1f70025d90384d0

Analysis

max time kernel
91s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
28/01/2024, 15:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7d4c13e213c97b723de1ccddf8a511a2.exe
Size

2.8MB
MD5

7d4c13e213c97b723de1ccddf8a511a2
SHA1

3039fb0327ee7ad0bb7f76c484c21252207af934
SHA256

b9a8ee0e6cf7fd3a029367a3b8423932f96646e81f9c6909f1f70025d90384d0
SHA512

e2140305c95cfbfeb5ea7ecea02025cc1665c5b436035f8dac667dae7ad74d9b4eb782c273731b761880a8202d54d7d74922590b324720d377a22fc70d308b52
SSDEEP

49152:++fqi1p1m2606SfCJ66xuoyyZLuBHsUorZ43ssmxuLdCMjvvNz+EhJV0kr+0oum:++fX1p1B6063pxuoyCCBMUorCXmxA/Nm

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4412	sexys105.exe_tmp.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Rihanna Sex-E Screensaver Uninstaller.exe	7d4c13e213c97b723de1ccddf8a511a2.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1856 wrote to memory of 4412	1856	7d4c13e213c97b723de1ccddf8a511a2.exe	88
PID 1856 wrote to memory of 4412	1856	7d4c13e213c97b723de1ccddf8a511a2.exe	88
PID 1856 wrote to memory of 4412	1856	7d4c13e213c97b723de1ccddf8a511a2.exe	88

C:\Users\Admin\AppData\Local\Temp\7d4c13e213c97b723de1ccddf8a511a2.exe
"C:\Users\Admin\AppData\Local\Temp\7d4c13e213c97b723de1ccddf8a511a2.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1856
- C:\Users\Admin\AppData\Local\Temp\inst240603578\installer\sexys105.exe_tmp.exe
  "C:\Users\Admin\AppData\Local\Temp\inst240603578\installer\sexys105.exe_tmp.exe"
  2⤵
  - Executes dropped EXE
  PID:4412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\inst240603578\installer\sexys105.exe_tmp.exe

Filesize
1.4MB

MD5
14a7550a7236f54f6c829590a2131385

SHA1
406e3e6cc765f6142d72de2ec2211eedd5fabadf

SHA256
c010648f6c0ae7cfeee132eb04bf54a7412ed5c9c9c5b055c92efb042ac9201c

SHA512
c1a221b0025b65d76f7b9e2c5cf614e11a89471797fd8bf02ff792397b2bf88582db5f9d9ba95a4de27b28ab8a8aa7e7a83a2af1fae314b99b45060bcbd8a3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\inst240603578\installer\sexys105.exe_tmp.exe

Filesize
1.1MB

MD5
c69917182d0b0094585c41273f38338d

SHA1
38234c9dbedf5f473ba49da3d08eafbd2bd8a950

SHA256
ccf0825fe27566ec2344a1da3942c44b61be18bf8be59458bd7734747922d9d1

SHA512
5416c126fc76b4134b4fcd9db6a6068d0130c0b9d37bd0d1736233c8d89a38ff0d26dee3500519a583371bc28459a807e28acdd68d19b5a7e5d081bef4a3fc4b

Download Submit