f97cd64f0aed46127055a945eaffff77d7b07f152b7009c58beb0ac55b4ddcc3

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2024, 22:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

53bc0b858eb36eaa7d69ae63e3b74009.exe
Size

1.8MB
MD5

53bc0b858eb36eaa7d69ae63e3b74009
SHA1

8b1121c9f31dd71192b3864d9f8f32c9da8ef091
SHA256

f97cd64f0aed46127055a945eaffff77d7b07f152b7009c58beb0ac55b4ddcc3
SHA512

10c8822ff331a52d78ce1473cdc3912ebf9dc81ae3c73002e47b89c83d4014d7c3c7b07e38b6935ce97387f3f6534c9acdb4de32ea1cf7113f2c47e5cb429a55
SSDEEP

49152:5NWlXk2PyjJZyHSo4RWtTg/a9ZT2tAK44ostSWU:zW62PyjDWtTQaP4AOU

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	53bc0b858eb36eaa7d69ae63e3b74009.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	53bc0b858eb36eaa7d69ae63e3b74009.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	53bc0b858eb36eaa7d69ae63e3b74009.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\U:	53bc0b858eb36eaa7d69ae63e3b74009.exe
File opened (read-only)	\??\V:	53bc0b858eb36eaa7d69ae63e3b74009.exe
File opened (read-only)	\??\E:	53bc0b858eb36eaa7d69ae63e3b74009.exe
File opened (read-only)	\??\P:	53bc0b858eb36eaa7d69ae63e3b74009.exe
File opened (read-only)	\??\R:	53bc0b858eb36eaa7d69ae63e3b74009.exe
File opened (read-only)	\??\N:	53bc0b858eb36eaa7d69ae63e3b74009.exe
File opened (read-only)	\??\S:	53bc0b858eb36eaa7d69ae63e3b74009.exe
File opened (read-only)	\??\Z:	53bc0b858eb36eaa7d69ae63e3b74009.exe
File opened (read-only)	\??\A:	53bc0b858eb36eaa7d69ae63e3b74009.exe
File opened (read-only)	\??\G:	53bc0b858eb36eaa7d69ae63e3b74009.exe
File opened (read-only)	\??\K:	53bc0b858eb36eaa7d69ae63e3b74009.exe
File opened (read-only)	\??\Q:	53bc0b858eb36eaa7d69ae63e3b74009.exe
File opened (read-only)	\??\B:	53bc0b858eb36eaa7d69ae63e3b74009.exe
File opened (read-only)	\??\I:	53bc0b858eb36eaa7d69ae63e3b74009.exe
File opened (read-only)	\??\O:	53bc0b858eb36eaa7d69ae63e3b74009.exe
File opened (read-only)	\??\M:	53bc0b858eb36eaa7d69ae63e3b74009.exe
File opened (read-only)	\??\T:	53bc0b858eb36eaa7d69ae63e3b74009.exe
File opened (read-only)	\??\W:	53bc0b858eb36eaa7d69ae63e3b74009.exe
File opened (read-only)	\??\X:	53bc0b858eb36eaa7d69ae63e3b74009.exe
File opened (read-only)	\??\Y:	53bc0b858eb36eaa7d69ae63e3b74009.exe
File opened (read-only)	\??\H:	53bc0b858eb36eaa7d69ae63e3b74009.exe
File opened (read-only)	\??\J:	53bc0b858eb36eaa7d69ae63e3b74009.exe
File opened (read-only)	\??\L:	53bc0b858eb36eaa7d69ae63e3b74009.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\lesbian public lady .zip.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\System32\DriverStore\Temp\indian horse beast sleeping YEâPSè& .rar.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\SysWOW64\FxsTmp\indian porn horse several models .rar.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\SysWOW64\IME\SHARED\indian fetish xxx [free] shoes .rar.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\tyrkish handjob blowjob voyeur YEâPSè& .avi.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\sperm uncut boots .zip.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\sperm masturbation mature .rar.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\SysWOW64\IME\SHARED\beast public hole femdom .zip.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\blowjob [free] bondage .mpg.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\SysWOW64\config\systemprofile\american handjob hardcore licking beautyfull .rar.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\SysWOW64\FxsTmp\italian cum sperm big blondie .rar.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\japanese kicking blowjob uncut cock hairy .mpeg.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\danish kicking lingerie several models gorgeoushorny .avi.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Program Files (x86)\Microsoft\Temp\gay uncut hole wifey (Samantha).avi.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\horse uncut (Melissa).zip.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\horse [bangbus] circumcision .mpeg.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\blowjob [free] swallow (Gina,Janette).mpeg.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Program Files\dotnet\shared\trambling full movie feet .mpeg.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Program Files\Microsoft Office\root\Templates\russian horse beast full movie stockings (Ashley,Curtney).mpg.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\brasilian cumshot lesbian [milf] circumcision .rar.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\german beast several models .mpeg.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\beast big lady .mpg.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\russian porn blowjob [bangbus] .mpeg.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Program Files (x86)\Google\Temp\blowjob girls gorgeoushorny .rar.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Program Files (x86)\Google\Update\Download\lingerie public traffic (Anniston,Melissa).avi.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\american fetish lingerie hidden titts penetration (Liz).mpg.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Program Files\Common Files\microsoft shared\horse hot (!) .mpg.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\american handjob blowjob licking sweet (Britney,Jade).avi.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\italian cum blowjob licking glans .zip.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\tyrkish porn gay girls cock wifey .rar.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\indian kicking xxx hidden girly .rar.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\chinese sperm [free] .zip.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\xxx voyeur (Karin).mpeg.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\german xxx [bangbus] shoes .mpg.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6c85d64de79e0985\german fucking hot (!) fishy (Sonja,Melissa).rar.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\action bukkake public .avi.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\blowjob sleeping mature .zip.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\indian action beast full movie hole (Sonja,Karin).mpeg.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\handjob gay public hole .avi.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\tyrkish handjob bukkake full movie .mpg.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\swedish animal lesbian [bangbus] .mpeg.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\american fetish gay sleeping young .mpeg.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\malaysia trambling [bangbus] ash .zip.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_93c5f32b7859ec4f\norwegian bukkake lesbian .mpg.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\InstallTemp\porn gay big wifey .avi.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\japanese porn lesbian masturbation glans .mpeg.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\spanish bukkake masturbation blondie (Kathrin,Liz).rar.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\beastiality lingerie masturbation feet hotel .mpg.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\mssrv.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\sperm lesbian hole Ôï .mpeg.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\italian kicking bukkake [milf] cock .rar.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_a4f93129c473df49\french horse girls (Karin).mpg.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_2426cc56d654beaa\french bukkake uncut .avi.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..tyvm-sysprep-shared_31bf3856ad364e35_10.0.19041.1_none_3ba048793ab5eb3f\handjob sperm sleeping bedroom .mpeg.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\norwegian bukkake full movie hole .mpeg.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\Downloaded Program Files\hardcore hot (!) (Samantha).mpg.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\indian fetish xxx catfight .mpg.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\nude hardcore lesbian high heels .zip.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\kicking xxx voyeur cock femdom (Melissa).rar.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\trambling catfight cock (Sandy,Liz).mpg.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_en-us_8dd6053a0a5910eb\african hardcore masturbation (Tatjana).avi.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\CbsTemp\lingerie hidden shower .zip.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_de-de_bc04d4fbcc35e12a\asian beast sleeping (Jade).rar.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_56adcc94becfef03\gang bang gay several models glans .zip.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\hardcore big titts circumcision (Liz).zip.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\chinese xxx several models shower .avi.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\norwegian fucking full movie hole .avi.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\chinese gay licking leather .rar.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\asian beast lesbian (Liz).mpg.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.746_none_292c449ed2edefa3\british hardcore [bangbus] bondage (Kathrin,Janette).rar.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\chinese hardcore [milf] lady .zip.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\brasilian handjob hardcore girls .mpg.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\italian fetish horse [bangbus] high heels .mpeg.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\chinese sperm hidden mistress .rar.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\animal blowjob uncut feet young .mpg.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\italian animal beast [free] mistress (Sandy,Melissa).rar.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\indian fetish lingerie public titts .zip.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\indian beastiality fucking sleeping bondage .rar.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\fucking big upskirt .rar.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_e2f5ebbcec2d8fca\chinese hardcore [bangbus] cock (Britney,Tatjana).avi.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_c049dbdb4e15bdd2\danish cum xxx [free] (Jade).mpeg.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\assembly\temp\lesbian sleeping lady .rar.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\sperm big hole .zip.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\danish kicking sperm voyeur redhair (Sandy,Curtney).mpeg.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\japanese beastiality sperm girls mistress .avi.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\malaysia horse sleeping titts .mpeg.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\malaysia lingerie public hole .mpg.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\indian handjob gay several models .rar.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.1_none_c513167c1d0a90dd\beastiality horse hot (!) high heels (Jenna,Melissa).avi.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\tyrkish kicking bukkake [free] feet girly (Sarah).mpg.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\spanish bukkake several models 40+ .mpg.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\Temp\norwegian fucking catfight glans .mpg.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_b6514808f7d87b1a\sperm voyeur titts lady .mpg.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe
File created	C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_d980e9752d51efac\horse lingerie [free] lady .zip.exe	53bc0b858eb36eaa7d69ae63e3b74009.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2504	53bc0b858eb36eaa7d69ae63e3b74009.exe
2504	53bc0b858eb36eaa7d69ae63e3b74009.exe
4340	53bc0b858eb36eaa7d69ae63e3b74009.exe
4340	53bc0b858eb36eaa7d69ae63e3b74009.exe
2504	53bc0b858eb36eaa7d69ae63e3b74009.exe
2504	53bc0b858eb36eaa7d69ae63e3b74009.exe
3260	53bc0b858eb36eaa7d69ae63e3b74009.exe
3260	53bc0b858eb36eaa7d69ae63e3b74009.exe
2504	53bc0b858eb36eaa7d69ae63e3b74009.exe
2504	53bc0b858eb36eaa7d69ae63e3b74009.exe
4340	53bc0b858eb36eaa7d69ae63e3b74009.exe
4340	53bc0b858eb36eaa7d69ae63e3b74009.exe
3260	53bc0b858eb36eaa7d69ae63e3b74009.exe
3260	53bc0b858eb36eaa7d69ae63e3b74009.exe
2504	53bc0b858eb36eaa7d69ae63e3b74009.exe
2504	53bc0b858eb36eaa7d69ae63e3b74009.exe
4340	53bc0b858eb36eaa7d69ae63e3b74009.exe
4340	53bc0b858eb36eaa7d69ae63e3b74009.exe
3260	53bc0b858eb36eaa7d69ae63e3b74009.exe
3260	53bc0b858eb36eaa7d69ae63e3b74009.exe
2504	53bc0b858eb36eaa7d69ae63e3b74009.exe
2504	53bc0b858eb36eaa7d69ae63e3b74009.exe
4340	53bc0b858eb36eaa7d69ae63e3b74009.exe
4340	53bc0b858eb36eaa7d69ae63e3b74009.exe
3260	53bc0b858eb36eaa7d69ae63e3b74009.exe
3260	53bc0b858eb36eaa7d69ae63e3b74009.exe
2504	53bc0b858eb36eaa7d69ae63e3b74009.exe
2504	53bc0b858eb36eaa7d69ae63e3b74009.exe
4340	53bc0b858eb36eaa7d69ae63e3b74009.exe
4340	53bc0b858eb36eaa7d69ae63e3b74009.exe
3260	53bc0b858eb36eaa7d69ae63e3b74009.exe
3260	53bc0b858eb36eaa7d69ae63e3b74009.exe
2504	53bc0b858eb36eaa7d69ae63e3b74009.exe
2504	53bc0b858eb36eaa7d69ae63e3b74009.exe
4340	53bc0b858eb36eaa7d69ae63e3b74009.exe
4340	53bc0b858eb36eaa7d69ae63e3b74009.exe
3260	53bc0b858eb36eaa7d69ae63e3b74009.exe
3260	53bc0b858eb36eaa7d69ae63e3b74009.exe
2504	53bc0b858eb36eaa7d69ae63e3b74009.exe
2504	53bc0b858eb36eaa7d69ae63e3b74009.exe
4340	53bc0b858eb36eaa7d69ae63e3b74009.exe
4340	53bc0b858eb36eaa7d69ae63e3b74009.exe
3260	53bc0b858eb36eaa7d69ae63e3b74009.exe
3260	53bc0b858eb36eaa7d69ae63e3b74009.exe
2504	53bc0b858eb36eaa7d69ae63e3b74009.exe
2504	53bc0b858eb36eaa7d69ae63e3b74009.exe
4340	53bc0b858eb36eaa7d69ae63e3b74009.exe
4340	53bc0b858eb36eaa7d69ae63e3b74009.exe
3260	53bc0b858eb36eaa7d69ae63e3b74009.exe
3260	53bc0b858eb36eaa7d69ae63e3b74009.exe
2504	53bc0b858eb36eaa7d69ae63e3b74009.exe
2504	53bc0b858eb36eaa7d69ae63e3b74009.exe
4340	53bc0b858eb36eaa7d69ae63e3b74009.exe
4340	53bc0b858eb36eaa7d69ae63e3b74009.exe
3260	53bc0b858eb36eaa7d69ae63e3b74009.exe
3260	53bc0b858eb36eaa7d69ae63e3b74009.exe
2504	53bc0b858eb36eaa7d69ae63e3b74009.exe
2504	53bc0b858eb36eaa7d69ae63e3b74009.exe
4340	53bc0b858eb36eaa7d69ae63e3b74009.exe
4340	53bc0b858eb36eaa7d69ae63e3b74009.exe
3260	53bc0b858eb36eaa7d69ae63e3b74009.exe
3260	53bc0b858eb36eaa7d69ae63e3b74009.exe
2504	53bc0b858eb36eaa7d69ae63e3b74009.exe
2504	53bc0b858eb36eaa7d69ae63e3b74009.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2504 wrote to memory of 4340	2504	53bc0b858eb36eaa7d69ae63e3b74009.exe	90
PID 2504 wrote to memory of 4340	2504	53bc0b858eb36eaa7d69ae63e3b74009.exe	90
PID 2504 wrote to memory of 4340	2504	53bc0b858eb36eaa7d69ae63e3b74009.exe	90
PID 4340 wrote to memory of 3260	4340	53bc0b858eb36eaa7d69ae63e3b74009.exe	93
PID 4340 wrote to memory of 3260	4340	53bc0b858eb36eaa7d69ae63e3b74009.exe	93
PID 4340 wrote to memory of 3260	4340	53bc0b858eb36eaa7d69ae63e3b74009.exe	93

C:\Users\Admin\AppData\Local\Temp\53bc0b858eb36eaa7d69ae63e3b74009.exe
"C:\Users\Admin\AppData\Local\Temp\53bc0b858eb36eaa7d69ae63e3b74009.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2504
- C:\Users\Admin\AppData\Local\Temp\53bc0b858eb36eaa7d69ae63e3b74009.exe
  "C:\Users\Admin\AppData\Local\Temp\53bc0b858eb36eaa7d69ae63e3b74009.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4340
- - C:\Users\Admin\AppData\Local\Temp\53bc0b858eb36eaa7d69ae63e3b74009.exe
    "C:\Users\Admin\AppData\Local\Temp\53bc0b858eb36eaa7d69ae63e3b74009.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\danish kicking lingerie several models gorgeoushorny .avi.exe

Filesize
231KB

MD5
24f4bdf1af3e3e36e6587f5fede98940

SHA1
ab18752d5f2c73cd128e878976f16ebbbb497355

SHA256
1892f60e3da69634a455b2fff6b8bee1df7272ab178d19ebaf1f4f5449d76f40

SHA512
1f5e1c0666c4d05c1d5cbe4fab64fd5bc45ac7709f06262fc23de4fe1b2934ac827677930b299ba3c65e18a95ab08e85baade17bc0f438cfba573f65d066ca37

Download Submit