Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240319-en -
resource tags
arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system -
submitted
07-04-2024 23:17
Behavioral task
behavioral1
Sample
8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe
Resource
win10v2004-20240319-en
General
-
Target
8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe
-
Size
361KB
-
MD5
a6d0264c7ea6056dec2f24e714189567
-
SHA1
e76d1ba7b3fc43594bc4173c0c3f1b8e2158d997
-
SHA256
8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8
-
SHA512
fb58384f0d06b63ed93526e39f47b0e7435b771bd0af3c788ba8f61b6616ade67ae151913dd9b6092634af8a3f91e8268a51701d1432510c3ca45a00c352a482
-
SSDEEP
6144:VjluQoSv4DSIo5R4nM/40yw5MCDsdycfd5pMZj8070WQ95Zml5Ahq/JN6/m6Sutk:VEQoSfqHCDyyWDQf70il5OAT6/5Se+ka
Malware Config
Signatures
-
Detects executables containing possible sandbox analysis VM usernames 18 IoCs
Processes:
resource yara_rule behavioral2/memory/464-144-0x0000000000400000-0x000000000041E000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SandboxUserNames behavioral2/memory/3008-157-0x0000000000400000-0x000000000041E000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SandboxUserNames behavioral2/memory/3468-171-0x0000000000400000-0x000000000041E000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SandboxUserNames behavioral2/memory/464-174-0x0000000000400000-0x000000000041E000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SandboxUserNames behavioral2/memory/3280-172-0x0000000000400000-0x000000000041E000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SandboxUserNames behavioral2/memory/464-186-0x0000000000400000-0x000000000041E000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SandboxUserNames behavioral2/memory/464-190-0x0000000000400000-0x000000000041E000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SandboxUserNames behavioral2/memory/464-194-0x0000000000400000-0x000000000041E000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SandboxUserNames behavioral2/memory/464-199-0x0000000000400000-0x000000000041E000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SandboxUserNames behavioral2/memory/464-203-0x0000000000400000-0x000000000041E000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SandboxUserNames behavioral2/memory/464-209-0x0000000000400000-0x000000000041E000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SandboxUserNames behavioral2/memory/464-219-0x0000000000400000-0x000000000041E000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SandboxUserNames behavioral2/memory/464-223-0x0000000000400000-0x000000000041E000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SandboxUserNames behavioral2/memory/464-227-0x0000000000400000-0x000000000041E000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SandboxUserNames behavioral2/memory/464-231-0x0000000000400000-0x000000000041E000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SandboxUserNames behavioral2/memory/464-236-0x0000000000400000-0x000000000041E000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SandboxUserNames behavioral2/memory/464-240-0x0000000000400000-0x000000000041E000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SandboxUserNames behavioral2/memory/464-244-0x0000000000400000-0x000000000041E000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SandboxUserNames -
UPX dump on OEP (original entry point) 20 IoCs
Processes:
resource yara_rule behavioral2/memory/464-0-0x0000000000400000-0x000000000041E000-memory.dmp UPX C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\indian gang bang gay big femdom .rar.exe UPX behavioral2/memory/464-144-0x0000000000400000-0x000000000041E000-memory.dmp UPX behavioral2/memory/3008-157-0x0000000000400000-0x000000000041E000-memory.dmp UPX behavioral2/memory/3468-171-0x0000000000400000-0x000000000041E000-memory.dmp UPX behavioral2/memory/464-174-0x0000000000400000-0x000000000041E000-memory.dmp UPX behavioral2/memory/3280-172-0x0000000000400000-0x000000000041E000-memory.dmp UPX behavioral2/memory/464-186-0x0000000000400000-0x000000000041E000-memory.dmp UPX behavioral2/memory/464-190-0x0000000000400000-0x000000000041E000-memory.dmp UPX behavioral2/memory/464-194-0x0000000000400000-0x000000000041E000-memory.dmp UPX behavioral2/memory/464-199-0x0000000000400000-0x000000000041E000-memory.dmp UPX behavioral2/memory/464-203-0x0000000000400000-0x000000000041E000-memory.dmp UPX behavioral2/memory/464-209-0x0000000000400000-0x000000000041E000-memory.dmp UPX behavioral2/memory/464-219-0x0000000000400000-0x000000000041E000-memory.dmp UPX behavioral2/memory/464-223-0x0000000000400000-0x000000000041E000-memory.dmp UPX behavioral2/memory/464-227-0x0000000000400000-0x000000000041E000-memory.dmp UPX behavioral2/memory/464-231-0x0000000000400000-0x000000000041E000-memory.dmp UPX behavioral2/memory/464-236-0x0000000000400000-0x000000000041E000-memory.dmp UPX behavioral2/memory/464-240-0x0000000000400000-0x000000000041E000-memory.dmp UPX behavioral2/memory/464-244-0x0000000000400000-0x000000000041E000-memory.dmp UPX -
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe Key value queried \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Processes:
resource yara_rule behavioral2/memory/464-0-0x0000000000400000-0x000000000041E000-memory.dmp upx C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\indian gang bang gay big femdom .rar.exe upx behavioral2/memory/464-144-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/3008-157-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/3468-171-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/464-174-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/3280-172-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/464-186-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/464-190-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/464-194-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/464-199-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/464-203-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/464-209-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/464-219-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/464-223-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/464-227-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/464-231-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/464-236-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/464-240-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/464-244-0x0000000000400000-0x000000000041E000-memory.dmp upx -
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe -
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exedescription ioc process File opened (read-only) \??\G: 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File opened (read-only) \??\H: 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File opened (read-only) \??\O: 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File opened (read-only) \??\P: 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File opened (read-only) \??\Q: 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File opened (read-only) \??\T: 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File opened (read-only) \??\U: 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File opened (read-only) \??\A: 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File opened (read-only) \??\B: 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File opened (read-only) \??\L: 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File opened (read-only) \??\W: 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File opened (read-only) \??\X: 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File opened (read-only) \??\E: 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File opened (read-only) \??\R: 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File opened (read-only) \??\S: 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File opened (read-only) \??\M: 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File opened (read-only) \??\N: 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File opened (read-only) \??\V: 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File opened (read-only) \??\Y: 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File opened (read-only) \??\Z: 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File opened (read-only) \??\I: 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File opened (read-only) \??\J: 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File opened (read-only) \??\K: 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe -
Drops file in System32 directory 12 IoCs
Processes:
8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exedescription ioc process File created C:\Windows\SysWOW64\config\systemprofile\russian handjob horse sleeping girly .rar.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\SysWOW64\IME\SHARED\gay hidden (Sarah).mpg.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\bukkake hot (!) .zip.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\SysWOW64\config\systemprofile\indian action sperm big upskirt .mpeg.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\SysWOW64\IME\SHARED\bukkake masturbation (Jade).avi.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\brasilian nude lesbian catfight castration .mpg.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\tyrkish porn horse girls glans swallow .mpeg.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\System32\DriverStore\Temp\indian gang bang lingerie [milf] (Melissa).rar.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\SysWOW64\FxsTmp\british fucking girls beautyfull (Ashley,Liz).mpg.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\System32\LogFiles\Fax\Incoming\horse public .mpg.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\american nude lesbian public (Tatjana).zip.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\SysWOW64\FxsTmp\russian action lingerie girls 40+ (Britney,Tatjana).rar.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe -
Drops file in Program Files directory 19 IoCs
Processes:
8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exedescription ioc process File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\brasilian fetish gay masturbation hole (Ashley,Sarah).rar.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Program Files\Microsoft Office\Updates\Download\fucking [bangbus] boots (Anniston,Liz).zip.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\indian gang bang gay big femdom .rar.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\danish porn bukkake masturbation cock beautyfull .mpeg.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Program Files (x86)\Common Files\Microsoft Shared\sperm catfight bondage (Britney,Sylvia).mpeg.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\indian action trambling girls .avi.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\danish porn blowjob hidden Ôï .avi.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Program Files\Microsoft Office\root\Templates\lesbian [free] fishy .rar.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Program Files\dotnet\shared\beast big shoes .mpg.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\horse hidden .mpg.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\tyrkish animal sperm hot (!) leather .mpg.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Program Files\Windows Sidebar\Shared Gadgets\black horse xxx [bangbus] traffic .mpg.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\handjob hardcore uncut cock castration (Liz).mpg.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Program Files (x86)\Google\Temp\swedish gang bang trambling big glans .mpg.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Program Files (x86)\Google\Update\Download\brasilian kicking sperm [bangbus] feet boots .mpeg.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Program Files\Common Files\microsoft shared\lesbian big mature .mpeg.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\{D3EA2F86-0081-495C-8439-1E64CA71F999}\EDGEMITMP_57EE5.tmp\black beastiality sperm big (Karin).mpg.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Program Files (x86)\Microsoft\Temp\sperm catfight beautyfull .rar.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\beast [free] hole stockings .zip.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe -
Drops file in Windows directory 64 IoCs
Processes:
8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exedescription ioc process File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\cum horse [free] .mpg.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\spanish hardcore masturbation (Karin).avi.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\russian animal bukkake [bangbus] swallow (Gina,Samantha).rar.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\american porn horse voyeur latex (Jenna,Karin).avi.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\horse public 50+ .avi.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\italian nude lingerie full movie cock .avi.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bca64d70c79f104b\japanese kicking horse public sm .avi.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\hardcore girls balls .zip.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\brasilian beastiality gay hidden sweet .mpeg.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\ServiceProfiles\NetworkService\Downloads\beast catfight YEâPSè& (Sonja,Samantha).zip.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_d980e9752d51efac\fucking voyeur .mpeg.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\danish horse gay uncut high heels .mpeg.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\indian nude xxx several models glans .mpeg.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_de-de_bc04d4fbcc35e12a\indian cum blowjob several models black hairunshaved .mpg.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\russian nude sperm masturbation hole .mpeg.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\norwegian blowjob voyeur (Samantha).avi.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\chinese horse full movie (Liz).zip.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\CbsTemp\danish cumshot fucking voyeur glans .mpg.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\tyrkish nude lingerie sleeping shower (Jenna,Liz).zip.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\norwegian xxx lesbian high heels .rar.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f8d34ba1b1eb00de\norwegian blowjob catfight .rar.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_2426cc56d654beaa\tyrkish action sperm public glans Ôï .zip.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\InputMethod\SHARED\indian cumshot horse uncut (Karin).mpg.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\gay girls shower .mpeg.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\fetish hardcore sleeping granny .avi.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\action beast lesbian sm .rar.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_10.0.19041.1_none_77cfea69a421a4a1\french lesbian hidden .mpg.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\assembly\temp\lesbian sleeping (Janette).mpeg.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\horse hardcore [bangbus] glans (Christine,Melissa).zip.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\spanish sperm several models bedroom (Gina,Karin).mpg.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\indian kicking fucking uncut .zip.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\porn xxx masturbation .rar.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\american porn lesbian uncut (Sarah).rar.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\russian porn fucking sleeping sm (Sonja,Curtney).mpeg.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_ee94ce5eb8e7e4c0\spanish gay catfight .zip.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.746_none_0b33a1c93a22de1c\norwegian bukkake big titts blondie (Sarah).mpeg.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\InstallTemp\xxx big glans .avi.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\x86_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_bde408a455fc3ece\british xxx catfight shoes (Sandy,Karin).avi.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\SoftwareDistribution\Download\chinese blowjob licking feet balls .mpeg.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\xxx big cock mature (Curtney).zip.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\Downloaded Program Files\russian nude xxx hot (!) feet (Sonja,Liz).avi.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\russian nude xxx hidden cock bondage (Sarah).zip.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_56cd15352969a8d0\russian kicking trambling voyeur sm .avi.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_4ab14109a3e1e067\black handjob hardcore [free] stockings (Britney,Melissa).zip.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\african trambling big redhair (Jenna,Samantha).zip.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.1_none_813610a8a9b59e0a\chinese gay licking (Tatjana).mpg.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\italian horse beast catfight (Sylvia).avi.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.1_none_c513167c1d0a90dd\chinese beast [free] (Karin).mpeg.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\norwegian horse girls cock .avi.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\french lingerie hidden castration .zip.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\malaysia xxx uncut high heels (Sandy,Sarah).zip.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\asian fucking several models glans circumcision .zip.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\cumshot bukkake masturbation hotel .zip.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_cee95e04c201c860\spanish blowjob full movie .mpeg.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\action fucking hidden feet latex (Sylvia).rar.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\kicking lesbian licking sm .mpeg.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\malaysia blowjob [bangbus] boots .zip.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\brasilian animal fucking hidden feet Ôï .mpg.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\russian kicking bukkake hot (!) cock .mpg.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.746_none_292c449ed2edefa3\horse big castration .mpeg.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\trambling several models .rar.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\lesbian lesbian feet .rar.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\asian fucking several models shower (Sandy,Curtney).zip.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\horse bukkake sleeping (Sarah).avi.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exepid process 464 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 464 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 3008 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 3008 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 464 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 464 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 3468 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 3468 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 464 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 464 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 3280 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 3280 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 3008 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 3008 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 3468 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 3468 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 464 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 464 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 3280 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 3280 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 3008 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 3008 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 3468 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 3468 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 464 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 464 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 3280 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 3280 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 3008 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 3008 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 3468 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 3468 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 464 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 464 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 3280 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 3280 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 3008 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 3008 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 3468 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 3468 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 464 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 464 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 3280 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 3280 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 3008 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 3008 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 3468 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 3468 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 464 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 464 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 3280 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 3280 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 3008 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 3008 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 3468 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 3468 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 464 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 464 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 3280 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 3280 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 3008 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 3008 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 3468 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 3468 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe -
Suspicious use of WriteProcessMemory 9 IoCs
Processes:
8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exedescription pid process target process PID 464 wrote to memory of 3008 464 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe PID 464 wrote to memory of 3008 464 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe PID 464 wrote to memory of 3008 464 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe PID 464 wrote to memory of 3468 464 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe PID 464 wrote to memory of 3468 464 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe PID 464 wrote to memory of 3468 464 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe PID 3008 wrote to memory of 3280 3008 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe PID 3008 wrote to memory of 3280 3008 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe PID 3008 wrote to memory of 3280 3008 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe 8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe"C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe"1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:464 -
C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe"C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe"2⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3008 -
C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe"C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe"3⤵
- Suspicious behavior: EnumeratesProcesses
PID:3280 -
C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe"C:\Users\Admin\AppData\Local\Temp\8e3d4c2d2f7790bc97295feb284b856ff53b2bf469c951149652f32bab5698a8.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3468
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3232 --field-trial-handle=3408,i,16599691418790971742,134777455365707676,262144 --variations-seed-version /prefetch:81⤵PID:1020
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\indian gang bang gay big femdom .rar.exe
Filesize1.5MB
MD5b262dc1299756b8615d14f1f882e4af3
SHA1f3461c864c419471542938c1261c564e12f720fb
SHA2560835584fab1345475dcca532662aae22c2551d4a170912ac292b4eabb75a403a
SHA512e00d21079fc20aed19acef5fb0f70b35a8d1fcdd8628dc3d7485ccdeb4df3575e1d696c441435024d8158de3ca4cbdec7c9f67f21c44939dd84ff539bb9a73c0