Analysis Overview
SHA256
86094c4ad55224365aa8009e6e9229433e93bae4fd66be6df1e250a506a232a4
Threat Level: Shows suspicious behavior
The file 86094c4ad55224365aa8009e6e9229433e93bae4fd66be6df1e250a506a232a4 was found to be: Shows suspicious behavior.
Malicious Activity Summary
UPX packed file
Adds Run key to start application
Drops file in System32 directory
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 22:58
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 22:58
Reported
2024-04-07 23:01
Platform
win10v2004-20240226-en
Max time kernel
147s
Max time network
153s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe" | C:\Users\Admin\AppData\Local\Temp\86094c4ad55224365aa8009e6e9229433e93bae4fd66be6df1e250a506a232a4.exe | N/A |
Drops file in System32 directory
Processes
C:\Users\Admin\AppData\Local\Temp\86094c4ad55224365aa8009e6e9229433e93bae4fd66be6df1e250a506a232a4.exe
"C:\Users\Admin\AppData\Local\Temp\86094c4ad55224365aa8009e6e9229433e93bae4fd66be6df1e250a506a232a4.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.173.189.20.in-addr.arpa | udp |
Files
memory/900-0-0x0000000000400000-0x0000000000468000-memory.dmp
C:\Windows\SysWOW64\macromd\hot girl on the beach sucking cock and fucking guy.mpg.exe
| MD5 | b0bb9f3438922865039c9d72faf223f8 |
| SHA1 | 7a45e09485e495ae54fa95179e13328279a198fc |
| SHA256 | dc4934d99f2f9a9c5e16129b9b5d5f07d5291666574d63143523e99bbba229ba |
| SHA512 | f5b08170aad85103f561dec78dc982fd7291bc62b69494068c516b56d3d5a434419b9b765a60c792889596a1fab252e4ec908116de3ed9ffa49e7184cba9d743 |
memory/900-34-0x0000000000400000-0x0000000000468000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 22:58
Reported
2024-04-07 23:00
Platform
win7-20240221-en
Max time kernel
121s
Max time network
122s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe" | C:\Users\Admin\AppData\Local\Temp\86094c4ad55224365aa8009e6e9229433e93bae4fd66be6df1e250a506a232a4.exe | N/A |
Drops file in System32 directory
Processes
C:\Users\Admin\AppData\Local\Temp\86094c4ad55224365aa8009e6e9229433e93bae4fd66be6df1e250a506a232a4.exe
"C:\Users\Admin\AppData\Local\Temp\86094c4ad55224365aa8009e6e9229433e93bae4fd66be6df1e250a506a232a4.exe"
Network
Files
memory/2216-13-0x0000000000400000-0x0000000000468000-memory.dmp
C:\Windows\SysWOW64\macromd\Pamela Anderson.exe
| MD5 | 66e5d1a48f6b925206b1124d233af399 |
| SHA1 | 34da7315f825a3f02d99915979dd52747e46599c |
| SHA256 | b8d69a66f4a96279ce32409dca89c8b220a9ef9f9b520a86001d7bc5f371a513 |
| SHA512 | bf41839dc332ea71eebe7862f157aeca2167ea1813896bf1de77a0ff3fa27fb8558cb1c2ceca1e12a1af0b1c4055aee860ef09b547074bf7a8f3f2e41c5eec9d |
memory/2216-34-0x0000000000400000-0x0000000000468000-memory.dmp