c8d2386cc7126761115646522befa5ab2fc76188983da627ab779825864b41e0

General

Target

c8d2386cc7126761115646522befa5ab2fc76188983da627ab779825864b41e0.exe
Size

77KB
MD5

8e5b0f8837837f684997e2a644884e98
SHA1

86031c6a84d6f6747181453cd87b25de0e8ec390
SHA256

c8d2386cc7126761115646522befa5ab2fc76188983da627ab779825864b41e0
SHA512

67598aba78c77eb757c257c5bbba926eaf8f4e466194f02f92b064c3611fbe0d67cb706069f6bc93441c0ff1d92de2a3ce97e63152cf8620cfd527b6048be96d
SSDEEP

1536:y4QQ6NSyM61l19piO+LV8YEoI/EU9RUe4mxD3klmYU5VtctMV:y4X6NSyfnpijeYEoIcq4ED3kQYytciV

Score

7^/10

persistence upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4320-0-0x0000000000400000-0x0000000000464000-memory.dmp	upx
behavioral2/files/0x0007000000023211-6.dat	upx
behavioral2/memory/4320-28-0x0000000000400000-0x0000000000464000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	c8d2386cc7126761115646522befa5ab2fc76188983da627ab779825864b41e0.exe

Drops file in System32 directory 27 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\jenna jameson - shower scene.exe	c8d2386cc7126761115646522befa5ab2fc76188983da627ab779825864b41e0.exe
File created	C:\Windows\SysWOW64\macromd\hotmailhacker.exe	c8d2386cc7126761115646522befa5ab2fc76188983da627ab779825864b41e0.exe
File created	C:\Windows\SysWOW64\macromd\Bondage Fetish Foot Cum.exe	c8d2386cc7126761115646522befa5ab2fc76188983da627ab779825864b41e0.exe
File created	C:\Windows\SysWOW64\macromd\AIM Flooder.exe	c8d2386cc7126761115646522befa5ab2fc76188983da627ab779825864b41e0.exe
File created	C:\Windows\SysWOW64\macromd\Napster Clone.exe	c8d2386cc7126761115646522befa5ab2fc76188983da627ab779825864b41e0.exe
File created	C:\Windows\SysWOW64\macromd\yahoo cracker.exe	c8d2386cc7126761115646522befa5ab2fc76188983da627ab779825864b41e0.exe
File created	C:\Windows\SysWOW64\macromd\illgal incest preteen porn cum.mpg.exe	c8d2386cc7126761115646522befa5ab2fc76188983da627ab779825864b41e0.exe
File created	C:\Windows\SysWOW64\macromd\aimhacker.exe	c8d2386cc7126761115646522befa5ab2fc76188983da627ab779825864b41e0.exe
File created	C:\Windows\SysWOW64\macromd\play station emulator crack.exe	c8d2386cc7126761115646522befa5ab2fc76188983da627ab779825864b41e0.exe
File created	C:\Windows\SysWOW64\macromd\jenna jameson sex scene huge dick blowjob.scr	c8d2386cc7126761115646522befa5ab2fc76188983da627ab779825864b41e0.exe
File created	C:\Windows\SysWOW64\macromd\Lolita preteen sex.mpeg.pif	c8d2386cc7126761115646522befa5ab2fc76188983da627ab779825864b41e0.exe
File created	C:\Windows\SysWOW64\macromd\preteen snuff sex rape with a stick hardcore.mpg.pif	c8d2386cc7126761115646522befa5ab2fc76188983da627ab779825864b41e0.exe
File created	C:\Windows\SysWOW64\macromd\Blonde and Japanese girl bukkake.mpg.exe	c8d2386cc7126761115646522befa5ab2fc76188983da627ab779825864b41e0.exe
File created	C:\Windows\SysWOW64\macromd\ICQ Hackingtools.exe	c8d2386cc7126761115646522befa5ab2fc76188983da627ab779825864b41e0.exe
File created	C:\Windows\SysWOW64\macromd\Want to see a massive horse cock in a tight little teen's pussy.mpg.pif	c8d2386cc7126761115646522befa5ab2fc76188983da627ab779825864b41e0.exe
File created	C:\Windows\SysWOW64\macromd\Kama Sutra Tetris.exe	c8d2386cc7126761115646522befa5ab2fc76188983da627ab779825864b41e0.exe
File created	C:\Windows\SysWOW64\macromd\AIM Password Stealer.exe	c8d2386cc7126761115646522befa5ab2fc76188983da627ab779825864b41e0.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	c8d2386cc7126761115646522befa5ab2fc76188983da627ab779825864b41e0.exe
File created	C:\Windows\SysWOW64\macromd\CKY3 - Bam Margera World Industries Alien Workshop.exe	c8d2386cc7126761115646522befa5ab2fc76188983da627ab779825864b41e0.exe
File created	C:\Windows\SysWOW64\macromd\GTA 3 Serial.exe	c8d2386cc7126761115646522befa5ab2fc76188983da627ab779825864b41e0.exe
File created	C:\Windows\SysWOW64\macromd\Norton antivirus 2002.exe	c8d2386cc7126761115646522befa5ab2fc76188983da627ab779825864b41e0.exe
File created	C:\Windows\SysWOW64\macromd\chubby girl fucked from all angles xxx.exe	c8d2386cc7126761115646522befa5ab2fc76188983da627ab779825864b41e0.exe
File created	C:\Windows\SysWOW64\macromd\Hotmail Hacker.exe	c8d2386cc7126761115646522befa5ab2fc76188983da627ab779825864b41e0.exe
File created	C:\Windows\SysWOW64\macromd\Counter Strike CD Keygen.exe	c8d2386cc7126761115646522befa5ab2fc76188983da627ab779825864b41e0.exe
File created	C:\Windows\SysWOW64\macromd\aimcracker.exe	c8d2386cc7126761115646522befa5ab2fc76188983da627ab779825864b41e0.exe
File created	C:\Windows\SysWOW64\macromd\AIM Account Stealer.exe	c8d2386cc7126761115646522befa5ab2fc76188983da627ab779825864b41e0.exe
File created	C:\Windows\SysWOW64\macromd\MSN.exe	c8d2386cc7126761115646522befa5ab2fc76188983da627ab779825864b41e0.exe

C:\Users\Admin\AppData\Local\Temp\c8d2386cc7126761115646522befa5ab2fc76188983da627ab779825864b41e0.exe
"C:\Users\Admin\AppData\Local\Temp\c8d2386cc7126761115646522befa5ab2fc76188983da627ab779825864b41e0.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:4320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\macromd\CKY3 - Bam Margera World Industries Alien Workshop.exe

Filesize
64KB

MD5
b59cb261c3f6cda329353e0654c7011f

SHA1
2fc215775aa154de6a82156de53b909e1155df44

SHA256
bb4a4896bbee664633c11cd9c4dacd36d29bee025e89a955112d63341292c66d

SHA512
7d976f4e4fa04150b57a724be21858409c4db1d1705c42033064b86992929ef61c782dc3a3bee6b24b7904510a0c34cffadbeaf14aed9d398258957f3ec67311

Download Submit
memory/4320-0-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/4320-28-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads