Analysis Overview
SHA256
697ffdb3348c5c761c2b5ae2a6e7ea0ceb02ff68670360a18003de8a6b1ef542
Threat Level: Shows suspicious behavior
The file 697ffdb3348c5c761c2b5ae2a6e7ea0ceb02ff68670360a18003de8a6b1ef542 was found to be: Shows suspicious behavior.
Malicious Activity Summary
UPX packed file
Adds Run key to start application
Drops file in System32 directory
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-06 21:55
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-06 21:55
Reported
2024-04-06 21:57
Platform
win7-20240221-en
Max time kernel
119s
Max time network
120s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe" | C:\Users\Admin\AppData\Local\Temp\697ffdb3348c5c761c2b5ae2a6e7ea0ceb02ff68670360a18003de8a6b1ef542.exe | N/A |
Drops file in System32 directory
Processes
C:\Users\Admin\AppData\Local\Temp\697ffdb3348c5c761c2b5ae2a6e7ea0ceb02ff68670360a18003de8a6b1ef542.exe
"C:\Users\Admin\AppData\Local\Temp\697ffdb3348c5c761c2b5ae2a6e7ea0ceb02ff68670360a18003de8a6b1ef542.exe"
Network
Files
memory/2228-0-0x0000000000400000-0x0000000000464000-memory.dmp
C:\Windows\SysWOW64\macromd\16 year old webcam.mpg.exe
| MD5 | 3377315461c1ad879ac417647ab7e6c8 |
| SHA1 | 0fb697ec297649276e5a55ae0cc970b550d445a3 |
| SHA256 | 78d9329d8c2074535e18d841e7b3a2d76dc4a491fda887e399966726f2fe23be |
| SHA512 | a00da0b908a39f0c9440ecb7eeb4b965f842dc15885571967120d1bc11eda40a3ae86781c5c5d03ed194036dd158b6bc86899188041a6143c75b51ac3361c48c |
memory/2228-28-0x0000000000400000-0x0000000000464000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-06 21:55
Reported
2024-04-06 21:57
Platform
win10v2004-20240319-en
Max time kernel
147s
Max time network
155s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe" | C:\Users\Admin\AppData\Local\Temp\697ffdb3348c5c761c2b5ae2a6e7ea0ceb02ff68670360a18003de8a6b1ef542.exe | N/A |
Drops file in System32 directory
Processes
C:\Users\Admin\AppData\Local\Temp\697ffdb3348c5c761c2b5ae2a6e7ea0ceb02ff68670360a18003de8a6b1ef542.exe
"C:\Users\Admin\AppData\Local\Temp\697ffdb3348c5c761c2b5ae2a6e7ea0ceb02ff68670360a18003de8a6b1ef542.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3684 --field-trial-handle=2148,i,1752153415760610784,11376271161549019716,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.2.37.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| IE | 94.245.104.56:443 | tcp | |
| GB | 51.140.242.104:443 | tcp | |
| GB | 51.11.108.188:443 | tcp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| GB | 13.105.221.15:443 | tcp | |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.16.208.104.in-addr.arpa | udp |
Files
memory/2304-0-0x0000000000400000-0x0000000000464000-memory.dmp
C:\Windows\SysWOW64\macromd\nikki nova sex scene huge dick blowjob.mpg.exe
| MD5 | 3e133a35e1a2a5b049e707ed33be3c3d |
| SHA1 | 65499b1c613fbf484a36a53c80cf24684a021a92 |
| SHA256 | 4af9f5b95a8df92c223cedc57f8b2970f0d0b20e2dcbe20b82d701627055941b |
| SHA512 | 17b8783113723ce6bb46fabeaa6baf03b6c8650d3592fab6eb975d65b36251c9a8c5da5fccb6af72226acccf0b375bb8a6891d7485c2b29a7ba50d935ca79c58 |
memory/2304-28-0x0000000000400000-0x0000000000464000-memory.dmp