ba1fe8d9cf509c0d00f4dad6283100c7b1c408833fd8f59baf861a6fc70e3d9c

General

Target

ba1fe8d9cf509c0d00f4dad6283100c7b1c408833fd8f59baf861a6fc70e3d9c.exe
Size

71KB
MD5

8857fade0310032e68058e54ed4410e8
SHA1

5c3f8246946d83bc367ee924778781c46e3d4384
SHA256

ba1fe8d9cf509c0d00f4dad6283100c7b1c408833fd8f59baf861a6fc70e3d9c
SHA512

71d7d027c70a3bfe4d67ed92469c85581c9b1d3348e7d741f7ce0966ee76f52254ffd49f581bc1b9463657fe5f8d5c6f6c0c500760db48d98b4da00df455887e
SSDEEP

1536:Q4QQ6NSyM61l19piO+LV8YEoI/EU9RUe4m/ssuSsWu7qFa+Y:Q4X6NSyfnpijeYEoIcq4AruvWQsaH

Score

7^/10

persistence upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2904-0-0x0000000000400000-0x0000000000464000-memory.dmp	upx
behavioral1/files/0x0008000000015d88-6.dat	upx
behavioral1/memory/2904-28-0x0000000000400000-0x0000000000464000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	ba1fe8d9cf509c0d00f4dad6283100c7b1c408833fd8f59baf861a6fc70e3d9c.exe

Drops file in System32 directory 27 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\Hotmail Hacker.exe	ba1fe8d9cf509c0d00f4dad6283100c7b1c408833fd8f59baf861a6fc70e3d9c.exe
File created	C:\Windows\SysWOW64\macromd\teen tied up and raped.exe	ba1fe8d9cf509c0d00f4dad6283100c7b1c408833fd8f59baf861a6fc70e3d9c.exe
File created	C:\Windows\SysWOW64\macromd\16 year old on beach.exe	ba1fe8d9cf509c0d00f4dad6283100c7b1c408833fd8f59baf861a6fc70e3d9c.exe
File created	C:\Windows\SysWOW64\macromd\15 year old on beach.mpg.exe	ba1fe8d9cf509c0d00f4dad6283100c7b1c408833fd8f59baf861a6fc70e3d9c.exe
File created	C:\Windows\SysWOW64\macromd\AOL.exe	ba1fe8d9cf509c0d00f4dad6283100c7b1c408833fd8f59baf861a6fc70e3d9c.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	ba1fe8d9cf509c0d00f4dad6283100c7b1c408833fd8f59baf861a6fc70e3d9c.exe
File created	C:\Windows\SysWOW64\macromd\nikki nova sex scene huge dick blowjob.mpg.exe	ba1fe8d9cf509c0d00f4dad6283100c7b1c408833fd8f59baf861a6fc70e3d9c.exe
File created	C:\Windows\SysWOW64\macromd\DivX pro key generator.exe	ba1fe8d9cf509c0d00f4dad6283100c7b1c408833fd8f59baf861a6fc70e3d9c.exe
File created	C:\Windows\SysWOW64\macromd\cute girl giving head.exe	ba1fe8d9cf509c0d00f4dad6283100c7b1c408833fd8f59baf861a6fc70e3d9c.exe
File created	C:\Windows\SysWOW64\macromd\Pamela Anderson.exe	ba1fe8d9cf509c0d00f4dad6283100c7b1c408833fd8f59baf861a6fc70e3d9c.exe
File created	C:\Windows\SysWOW64\macromd\preteen sucking huge cock illegal.mpg.exe	ba1fe8d9cf509c0d00f4dad6283100c7b1c408833fd8f59baf861a6fc70e3d9c.exe
File created	C:\Windows\SysWOW64\macromd\chubby girl fucked from all angles xxx.exe	ba1fe8d9cf509c0d00f4dad6283100c7b1c408833fd8f59baf861a6fc70e3d9c.exe
File created	C:\Windows\SysWOW64\macromd\hot girl on the beach sucking cock and fucking guy.mpg.exe	ba1fe8d9cf509c0d00f4dad6283100c7b1c408833fd8f59baf861a6fc70e3d9c.exe
File created	C:\Windows\SysWOW64\macromd\Universal Game Crack.exe	ba1fe8d9cf509c0d00f4dad6283100c7b1c408833fd8f59baf861a6fc70e3d9c.exe
File created	C:\Windows\SysWOW64\macromd\Jenna Jamison Dildo Humping.exe	ba1fe8d9cf509c0d00f4dad6283100c7b1c408833fd8f59baf861a6fc70e3d9c.exe
File created	C:\Windows\SysWOW64\macromd\password stealer.exe	ba1fe8d9cf509c0d00f4dad6283100c7b1c408833fd8f59baf861a6fc70e3d9c.exe
File created	C:\Windows\SysWOW64\macromd\hotmailhacker.exe	ba1fe8d9cf509c0d00f4dad6283100c7b1c408833fd8f59baf861a6fc70e3d9c.exe
File created	C:\Windows\SysWOW64\macromd\play station emulator crack.exe	ba1fe8d9cf509c0d00f4dad6283100c7b1c408833fd8f59baf861a6fc70e3d9c.exe
File created	C:\Windows\SysWOW64\macromd\Britney Spears Dance Beat.exe	ba1fe8d9cf509c0d00f4dad6283100c7b1c408833fd8f59baf861a6fc70e3d9c.exe
File created	C:\Windows\SysWOW64\macromd\siemens unlocker.exe	ba1fe8d9cf509c0d00f4dad6283100c7b1c408833fd8f59baf861a6fc70e3d9c.exe
File created	C:\Windows\SysWOW64\macromd\illegal porno - 15 year old raped by two men on boat.mpg.pif	ba1fe8d9cf509c0d00f4dad6283100c7b1c408833fd8f59baf861a6fc70e3d9c.exe
File created	C:\Windows\SysWOW64\macromd\Another bang bus victim forced rape sex cum.mpg.exe	ba1fe8d9cf509c0d00f4dad6283100c7b1c408833fd8f59baf861a6fc70e3d9c.exe
File created	C:\Windows\SysWOW64\macromd\fetish bondage preteen porno.mpg.pif	ba1fe8d9cf509c0d00f4dad6283100c7b1c408833fd8f59baf861a6fc70e3d9c.exe
File created	C:\Windows\SysWOW64\macromd\Website Hacker.exe	ba1fe8d9cf509c0d00f4dad6283100c7b1c408833fd8f59baf861a6fc70e3d9c.exe
File created	C:\Windows\SysWOW64\macromd\Harry Potter and the sorcerors stone.divx.exe	ba1fe8d9cf509c0d00f4dad6283100c7b1c408833fd8f59baf861a6fc70e3d9c.exe
File created	C:\Windows\SysWOW64\macromd\divx pro.exe	ba1fe8d9cf509c0d00f4dad6283100c7b1c408833fd8f59baf861a6fc70e3d9c.exe
File created	C:\Windows\SysWOW64\macromd\pamela anderson naked.mpg.exe	ba1fe8d9cf509c0d00f4dad6283100c7b1c408833fd8f59baf861a6fc70e3d9c.exe

C:\Users\Admin\AppData\Local\Temp\ba1fe8d9cf509c0d00f4dad6283100c7b1c408833fd8f59baf861a6fc70e3d9c.exe
"C:\Users\Admin\AppData\Local\Temp\ba1fe8d9cf509c0d00f4dad6283100c7b1c408833fd8f59baf861a6fc70e3d9c.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:2904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\macromd\nikki nova sex scene huge dick blowjob.mpg.exe

Filesize
63KB

MD5
c3f47888ec874849e270eea3564f9c84

SHA1
81406da38f4def127676b69fb59eaf358a4b23cf

SHA256
8d737238455ef65aa90d2eb3d30767e0151235b92df8023ea3024e1df8cdc3a1

SHA512
e83fca3748206999530ee2f7c9026c8c1bbc593de741aa3c1db3c0a4aa4d48041b186d3f3e7c96ce86e599f3a9daeaf2e44827e4c64fb3c2661fbeb927e216c4

Download Submit
memory/2904-0-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/2904-28-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads