eeb247b749df201f1508a6106335c471dbdc0505ca2cd92eb631b76d63ff0647

General

Target

eeb247b749df201f1508a6106335c471dbdc0505ca2cd92eb631b76d63ff0647.exe
Size

61KB
MD5

8a61c22d925e58ba50b7f19ea1a61608
SHA1

da1f37ed710aa5a242b1f7514354921c133d3aa0
SHA256

eeb247b749df201f1508a6106335c471dbdc0505ca2cd92eb631b76d63ff0647
SHA512

e63b8135685b7e1934977881cf91e2b125b3031edb94281cfa8d9b904ea44ae472a9ae5c710a7a1c1321b6e92cc4e199c8477b41a3ca2f8bf1b4489c70a6eb10
SSDEEP

1536:y4QQ6NSyM61l19piO+LV8YEoI/EU9RUe4m0NFDu:y4X6NSyfnpijeYEoIcq44

Score

7^/10

persistence upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2128-0-0x0000000000400000-0x0000000000464000-memory.dmp	upx
behavioral1/files/0x0009000000015ce1-6.dat	upx
behavioral1/memory/2128-28-0x0000000000400000-0x0000000000464000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	eeb247b749df201f1508a6106335c471dbdc0505ca2cd92eb631b76d63ff0647.exe

Drops file in System32 directory 27 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\hotmailhacker.exe	eeb247b749df201f1508a6106335c471dbdc0505ca2cd92eb631b76d63ff0647.exe
File created	C:\Windows\SysWOW64\macromd\preteen snuff sex rape with a stick hardcore.mpg.pif	eeb247b749df201f1508a6106335c471dbdc0505ca2cd92eb631b76d63ff0647.exe
File created	C:\Windows\SysWOW64\macromd\preteen sucking huge cock illegal.mpg.exe	eeb247b749df201f1508a6106335c471dbdc0505ca2cd92eb631b76d63ff0647.exe
File created	C:\Windows\SysWOW64\macromd\CKY3 - Bam Margera World Industries Alien Workshop.exe	eeb247b749df201f1508a6106335c471dbdc0505ca2cd92eb631b76d63ff0647.exe
File created	C:\Windows\SysWOW64\macromd\Britney spears nude.exe	eeb247b749df201f1508a6106335c471dbdc0505ca2cd92eb631b76d63ff0647.exe
File created	C:\Windows\SysWOW64\macromd\msncracker.exe	eeb247b749df201f1508a6106335c471dbdc0505ca2cd92eb631b76d63ff0647.exe
File created	C:\Windows\SysWOW64\macromd\GTA 3 Serial.exe	eeb247b749df201f1508a6106335c471dbdc0505ca2cd92eb631b76d63ff0647.exe
File created	C:\Windows\SysWOW64\macromd\15 year old on beach.mpg.exe	eeb247b749df201f1508a6106335c471dbdc0505ca2cd92eb631b76d63ff0647.exe
File created	C:\Windows\SysWOW64\macromd\chubby girl bukkake gang banged sucking cock.mpg.pif	eeb247b749df201f1508a6106335c471dbdc0505ca2cd92eb631b76d63ff0647.exe
File created	C:\Windows\SysWOW64\macromd\illegal porno - 15 year old raped by two men on boat.mpg.pif	eeb247b749df201f1508a6106335c471dbdc0505ca2cd92eb631b76d63ff0647.exe
File created	C:\Windows\SysWOW64\macromd\Universal Game Crack.exe	eeb247b749df201f1508a6106335c471dbdc0505ca2cd92eb631b76d63ff0647.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	eeb247b749df201f1508a6106335c471dbdc0505ca2cd92eb631b76d63ff0647.exe
File created	C:\Windows\SysWOW64\macromd\Jenna Jamison Dildo Humping.exe	eeb247b749df201f1508a6106335c471dbdc0505ca2cd92eb631b76d63ff0647.exe
File created	C:\Windows\SysWOW64\macromd\GTA 3 Crack.exe	eeb247b749df201f1508a6106335c471dbdc0505ca2cd92eb631b76d63ff0647.exe
File created	C:\Windows\SysWOW64\macromd\Pamela Anderson.exe	eeb247b749df201f1508a6106335c471dbdc0505ca2cd92eb631b76d63ff0647.exe
File created	C:\Windows\SysWOW64\macromd\Bondage Fetish Foot Cum.exe	eeb247b749df201f1508a6106335c471dbdc0505ca2cd92eb631b76d63ff0647.exe
File created	C:\Windows\SysWOW64\macromd\Kama Sutra Tetris.exe	eeb247b749df201f1508a6106335c471dbdc0505ca2cd92eb631b76d63ff0647.exe
File created	C:\Windows\SysWOW64\macromd\Winzip.exe	eeb247b749df201f1508a6106335c471dbdc0505ca2cd92eb631b76d63ff0647.exe
File created	C:\Windows\SysWOW64\macromd\ICQ Hackingtools.exe	eeb247b749df201f1508a6106335c471dbdc0505ca2cd92eb631b76d63ff0647.exe
File created	C:\Windows\SysWOW64\macromd\AIM Flooder.exe	eeb247b749df201f1508a6106335c471dbdc0505ca2cd92eb631b76d63ff0647.exe
File created	C:\Windows\SysWOW64\macromd\kill osama bin laden game.exe	eeb247b749df201f1508a6106335c471dbdc0505ca2cd92eb631b76d63ff0647.exe
File created	C:\Windows\SysWOW64\macromd\Lolita preteen sex.mpeg.pif	eeb247b749df201f1508a6106335c471dbdc0505ca2cd92eb631b76d63ff0647.exe
File created	C:\Windows\SysWOW64\macromd\virtua girl - adriana.pif	eeb247b749df201f1508a6106335c471dbdc0505ca2cd92eb631b76d63ff0647.exe
File created	C:\Windows\SysWOW64\macromd\16 year old on beach.exe	eeb247b749df201f1508a6106335c471dbdc0505ca2cd92eb631b76d63ff0647.exe
File created	C:\Windows\SysWOW64\macromd\girls gone wild.mpg.exe	eeb247b749df201f1508a6106335c471dbdc0505ca2cd92eb631b76d63ff0647.exe
File created	C:\Windows\SysWOW64\macromd\crack.exe	eeb247b749df201f1508a6106335c471dbdc0505ca2cd92eb631b76d63ff0647.exe
File created	C:\Windows\SysWOW64\macromd\aol password cracker.exe	eeb247b749df201f1508a6106335c471dbdc0505ca2cd92eb631b76d63ff0647.exe

C:\Users\Admin\AppData\Local\Temp\eeb247b749df201f1508a6106335c471dbdc0505ca2cd92eb631b76d63ff0647.exe
"C:\Users\Admin\AppData\Local\Temp\eeb247b749df201f1508a6106335c471dbdc0505ca2cd92eb631b76d63ff0647.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:2128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\macromd\virtua girl - adriana.pif

Filesize
87KB

MD5
e9abcb82489c8e5cd3b8acbd17347cb6

SHA1
dc454dbd4973b99501162d7c0facf0162f9ed103

SHA256
2e61692eac8cf7f5e416c9a1f002772a1d8680c31c67ba3e29fffa34b324f998

SHA512
1eeeeb1e2adc18133b049e23a66d3799eb2db2123276c0c618ecd900462eba07637706064280e5ef318455605403f97fab1dfa20122dff27ac295ad13c9568d0

Download Submit
memory/2128-0-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/2128-28-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads