Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
01/06/2024, 04:26
Behavioral task
behavioral1
Sample
e30b9228c7957082cd02f0f11098cf48f7d77bc42374198e3013d8f73bc30b80.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
e30b9228c7957082cd02f0f11098cf48f7d77bc42374198e3013d8f73bc30b80.exe
Resource
win10v2004-20240508-en
General
-
Target
e30b9228c7957082cd02f0f11098cf48f7d77bc42374198e3013d8f73bc30b80.exe
-
Size
79KB
-
MD5
4967fa17bef4f4781e8800fedb39bcf5
-
SHA1
31776d5c5511adba0169056bcdbb36d4fcfbe1df
-
SHA256
e30b9228c7957082cd02f0f11098cf48f7d77bc42374198e3013d8f73bc30b80
-
SHA512
9b185bcff679169f182e46c33c02ec86dd26f7bb0370a462b1aeef5b70dcb590f9c47ef734b8997fdaa67ec628e02a0723340c5952cb92ef4ec8a6f42b66414f
-
SSDEEP
1536:y4QQ6NSyM61l19piO+LV8YEoI/EU9RUe4mUK9VO3PA4KFTZ8m6Qkc:y4X6NSyfnpijeYEoIcq4pKyf9KFdD6QB
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/880-0-0x0000000000400000-0x0000000000464000-memory.dmp upx behavioral2/files/0x00070000000233d6-6.dat upx behavioral2/memory/880-28-0x0000000000400000-0x0000000000464000-memory.dmp upx -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe" e30b9228c7957082cd02f0f11098cf48f7d77bc42374198e3013d8f73bc30b80.exe -
Drops file in System32 directory 27 IoCs
description ioc Process File created C:\Windows\SysWOW64\winxcfg.exe e30b9228c7957082cd02f0f11098cf48f7d77bc42374198e3013d8f73bc30b80.exe File created C:\Windows\SysWOW64\macromd\14 year old on beach.mpg.exe e30b9228c7957082cd02f0f11098cf48f7d77bc42374198e3013d8f73bc30b80.exe File created C:\Windows\SysWOW64\macromd\anastasia nude.exe e30b9228c7957082cd02f0f11098cf48f7d77bc42374198e3013d8f73bc30b80.exe File created C:\Windows\SysWOW64\macromd\brutal preteen porn xxx.exe e30b9228c7957082cd02f0f11098cf48f7d77bc42374198e3013d8f73bc30b80.exe File created C:\Windows\SysWOW64\macromd\AOL, MSN, Yahoo mail password stealer.exe e30b9228c7957082cd02f0f11098cf48f7d77bc42374198e3013d8f73bc30b80.exe File created C:\Windows\SysWOW64\macromd\preteen sucking huge cock illegal.mpg.exe e30b9228c7957082cd02f0f11098cf48f7d77bc42374198e3013d8f73bc30b80.exe File created C:\Windows\SysWOW64\macromd\Free Porn.exe e30b9228c7957082cd02f0f11098cf48f7d77bc42374198e3013d8f73bc30b80.exe File created C:\Windows\SysWOW64\macromd\pamela anderson nude.exe e30b9228c7957082cd02f0f11098cf48f7d77bc42374198e3013d8f73bc30b80.exe File created C:\Windows\SysWOW64\macromd\Britney spears nude.exe e30b9228c7957082cd02f0f11098cf48f7d77bc42374198e3013d8f73bc30b80.exe File created C:\Windows\SysWOW64\macromd\16 year old on beach.exe e30b9228c7957082cd02f0f11098cf48f7d77bc42374198e3013d8f73bc30b80.exe File created C:\Windows\SysWOW64\macromd\Warcraft 3 battle.net serial generator.exe e30b9228c7957082cd02f0f11098cf48f7d77bc42374198e3013d8f73bc30b80.exe File created C:\Windows\SysWOW64\macromd\kill osama bin laden game.exe e30b9228c7957082cd02f0f11098cf48f7d77bc42374198e3013d8f73bc30b80.exe File created C:\Windows\SysWOW64\macromd\Universal Game Crack.exe e30b9228c7957082cd02f0f11098cf48f7d77bc42374198e3013d8f73bc30b80.exe File created C:\Windows\SysWOW64\macromd\OfficeXP Keygen.exe e30b9228c7957082cd02f0f11098cf48f7d77bc42374198e3013d8f73bc30b80.exe File created C:\Windows\SysWOW64\macromd\win2k serial.exe e30b9228c7957082cd02f0f11098cf48f7d77bc42374198e3013d8f73bc30b80.exe File created C:\Windows\SysWOW64\macromd\Choke on cum (sodomy, rape).mpg.exe e30b9228c7957082cd02f0f11098cf48f7d77bc42374198e3013d8f73bc30b80.exe File created C:\Windows\SysWOW64\macromd\icqcracker.exe e30b9228c7957082cd02f0f11098cf48f7d77bc42374198e3013d8f73bc30b80.exe File created C:\Windows\SysWOW64\macromd\Bondage Fetish Foot Cum.exe e30b9228c7957082cd02f0f11098cf48f7d77bc42374198e3013d8f73bc30b80.exe File created C:\Windows\SysWOW64\macromd\hot girl on the beach sucking cock and fucking guy.mpg.exe e30b9228c7957082cd02f0f11098cf48f7d77bc42374198e3013d8f73bc30b80.exe File created C:\Windows\SysWOW64\macromd\illegal porno - 15 year old raped by two men on boat.mpg.pif e30b9228c7957082cd02f0f11098cf48f7d77bc42374198e3013d8f73bc30b80.exe File created C:\Windows\SysWOW64\macromd\invisible IP.exe e30b9228c7957082cd02f0f11098cf48f7d77bc42374198e3013d8f73bc30b80.exe File created C:\Windows\SysWOW64\macromd\warcraft 3 crack.exe e30b9228c7957082cd02f0f11098cf48f7d77bc42374198e3013d8f73bc30b80.exe File created C:\Windows\SysWOW64\macromd\AIM Password Stealer.exe e30b9228c7957082cd02f0f11098cf48f7d77bc42374198e3013d8f73bc30b80.exe File created C:\Windows\SysWOW64\macromd\Windows 2000.exe e30b9228c7957082cd02f0f11098cf48f7d77bc42374198e3013d8f73bc30b80.exe File created C:\Windows\SysWOW64\macromd\Blonde and Japanese girl bukkake.mpg.exe e30b9228c7957082cd02f0f11098cf48f7d77bc42374198e3013d8f73bc30b80.exe File created C:\Windows\SysWOW64\macromd\pamela anderson naked.mpg.exe e30b9228c7957082cd02f0f11098cf48f7d77bc42374198e3013d8f73bc30b80.exe File created C:\Windows\SysWOW64\macromd\15 year old on beach.mpg.exe e30b9228c7957082cd02f0f11098cf48f7d77bc42374198e3013d8f73bc30b80.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
87KB
MD5f58d57768f679725516d8e4b5d175b33
SHA1bb17ab2f8a4aec160e30043636b08f9a5ba5cb4e
SHA256ff4503dee5e5bc853d6ae5102f49e35deaeb25840530933d3850ef28ae866f5d
SHA512e9b16d7c5714c13b15b9d3f019079910acfaceda78f377c6892a8038e552e89e8d7bc478b6c4a170d9e201a592131e5bb1aea496bf8e0102ee6a676804ccfb00