Analysis Overview
SHA256
66f53900e586df3a842f2e120ebde534aeed3fd9a56c917a51dbf79d081b7e02
Threat Level: Shows suspicious behavior
The file 66f53900e586df3a842f2e120ebde534aeed3fd9a56c917a51dbf79d081b7e02 was found to be: Shows suspicious behavior.
Malicious Activity Summary
UPX packed file
Adds Run key to start application
Drops file in System32 directory
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-06 21:50
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-06 21:50
Reported
2024-04-06 21:52
Platform
win7-20240221-en
Max time kernel
118s
Max time network
118s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe" | C:\Users\Admin\AppData\Local\Temp\66f53900e586df3a842f2e120ebde534aeed3fd9a56c917a51dbf79d081b7e02.exe | N/A |
Drops file in System32 directory
Processes
C:\Users\Admin\AppData\Local\Temp\66f53900e586df3a842f2e120ebde534aeed3fd9a56c917a51dbf79d081b7e02.exe
"C:\Users\Admin\AppData\Local\Temp\66f53900e586df3a842f2e120ebde534aeed3fd9a56c917a51dbf79d081b7e02.exe"
Network
Files
memory/2864-0-0x0000000000400000-0x0000000000464000-memory.dmp
C:\Windows\SysWOW64\macromd\16 year old webcam.mpg.exe
| MD5 | f3468b4c7a6e2256fa3088cbc1521635 |
| SHA1 | 7d95946f908d23e0596859d4035fafe4473a248d |
| SHA256 | 907ba0de005f3c1206f2f2bb65dbf9d688046bd00738d43b772f7440bcaad1ca |
| SHA512 | ea24b04950a31cfe74c2b4dcf757721aa892c2d7841d34d2fb06d8b1d8e77f488ebd3f0317680ff56714dded42755323a8fdaf28065803d96071a611b4e41861 |
memory/2864-28-0x0000000000400000-0x0000000000464000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-06 21:50
Reported
2024-04-06 21:52
Platform
win10v2004-20240226-en
Max time kernel
93s
Max time network
119s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe" | C:\Users\Admin\AppData\Local\Temp\66f53900e586df3a842f2e120ebde534aeed3fd9a56c917a51dbf79d081b7e02.exe | N/A |
Drops file in System32 directory
Processes
C:\Users\Admin\AppData\Local\Temp\66f53900e586df3a842f2e120ebde534aeed3fd9a56c917a51dbf79d081b7e02.exe
"C:\Users\Admin\AppData\Local\Temp\66f53900e586df3a842f2e120ebde534aeed3fd9a56c917a51dbf79d081b7e02.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.171.91.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| IE | 52.111.236.23:443 | tcp | |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
memory/3528-0-0x0000000000400000-0x0000000000464000-memory.dmp
C:\Windows\SysWOW64\macromd\Kama Sutra Tetris.exe
| MD5 | 7f6cabacfc3e8039a659fd6d2cca276b |
| SHA1 | 554b1f7b79789c67bdb27686aa3f2c709891d6a6 |
| SHA256 | 6e5418326ef5b4ecccaf620a155b0160ca54a97e8668f640322dd14e88f9665b |
| SHA512 | 76fe06da25dadfbc3c3a741913989740cb85187c2fa94e420d7823d0ef4171a6e9726a3ed9b7d65b74699965f77adde40a480f563e753ea8dcf2d5439386f941 |
memory/3528-28-0x0000000000400000-0x0000000000464000-memory.dmp