afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc

Analysis

max time kernel
140s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/06/2024, 16:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
Size

1.7MB
MD5

9b498248ab50c937b3856df49b1e3eb3
SHA1

1a665590b48cea768bf9c59cbe9c67ee385bb858
SHA256

afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc
SHA512

0e140d18d612434e0b67785cd73b0e35b9db8368b908f51811fc8748f137b64e5396461823650fa8a6933206cafa79d7cebfc6b270e5d7bc3b8ea4078033e762
SSDEEP

768:lVmgjRHX5LT0WgvGwT2WLXpd8PWZ5A9XpXDhoqBNEDxI3QK2LUcFZ34asjmY44mT:lvEWgG4LXpd9ZSVpXVDNE9I3KUofYUV

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\VMIntel386 = "C:\\Windows\\Intelx386\\VMIntel386.exe 256mb 32bit"	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Intelx386\PSEmu.exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\Winamp 3.5 (full version).exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\Mazinkaiser comics pack.exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\WAV2MP3.exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\Dont Download.exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\FlashGet Max acceleration (Experimental).exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\Winamp 3 (full version).exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\No lo Descargues.exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\Winamp 5.0 (full version).exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\RM2GBA.exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\Matrix Wallpapers.exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\VMIntel386.exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\WinRar 4 (with crack).exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\Simpsons pack guiones (Temporada 2004).exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\Juegos JAVA para NOKIA.exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\WinAce 3.85 (with Serial).exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\VirtualDub 2.1.4.exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\Hacha Profesional Edition.exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\GameCube Emulator.exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\Pedofilia pack 37 pics.exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\Lolita Pack 20 Pics.exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\Dont Touch.exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\ContaWin 2000 (full version).exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\mugen (full).exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\Solo para Maricas.exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\WinRar v6.11 (with crack).exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\GBAEmu.exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\WinAmp skings and plugins.exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\Mazinkaiser pack fondos de escritorio.exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\BsPlayer v3.exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\3D Studio R8 (It's Work!!).exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\Nero 7.5.1.0 (cracked!).exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\3D Movie Maker.exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\Pack 50 Juegos PS2.exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\Hentai.exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\RealOne Player (Full version).exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\MSN messenger 6.3.exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\Capitulos ineditos de DragonBall Z jamas emitidos.exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\Pack 25 Juegos GameCube.exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\Shinchan screen saver.scr	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\Chenoa en cueros.exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\DivX 7.2 freeware.exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\Pack Photoshop CS 8 plugins.exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\Resident Evil for GameCube.exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\German extreme violation.mpg.exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\Terminator 3 Wallpapers.exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\a pelo.exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\Update Photoshop 8.0 to Photoshop 9.5 (It´s Work!).exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\WinZip 9.exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\Silent Hill.exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\Visual Basic 6.exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\Visual C.exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\Follada brutal coño roto.exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\Hentai Shizuka clit.exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\Update Photoshop 7.0 to Photoshop 9.16 (It´s Work!).exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\Visual Studio (full).exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\Fuck my fat ass.avi.exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\Sexo con una menor.exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\humor.exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\Hentai Evangelion Poker.exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\Pack sex very hot nude young girl porn erotic private pussy rape clitoris suck chicas fotos culos tetas coños mamadas corridas sister hermana amigas friends lesbianas mujeres desnudas putas guarras hentai.exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\Download Accelerator Plus (DAP) (full version with serial).exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\Puta come mierda.exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
File created	C:\Windows\Intelx386\Pack Tonos y Logos para Nokia.exe	afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe

C:\Users\Admin\AppData\Local\Temp\afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe
"C:\Users\Admin\AppData\Local\Temp\afbc012e56a0cb33398c2ed02635ee54b54d4f5480a58c9962a5c7ced4c572bc.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
PID:1540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Intelx386\Update Photoshop 8.0 to Photoshop 9.5 (It´s Work!).exe

Filesize
3.5MB

MD5
10066c6aacecfda11b414df7c71fe1e0

SHA1
5fad0e3e5c68bc3791c1e7a44065052a3cf48b42

SHA256
68d571877cc08bd4c6bdbee142528000cb4f8966cafb3d7ae1b3a238fc82ff13

SHA512
430694cfdded9a4162f0213ec96a018dda1fbe942179b6dbba5cd3d4457cd46d0ca7112f35ca29b4deff09af98c2719ca105cfb904270fbe9b22311490962e61

Download Submit
memory/1540-6-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download
memory/1540-2-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download
memory/1540-3-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download
memory/1540-4-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download
memory/1540-5-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download
memory/1540-0-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download
memory/1540-7-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download
memory/1540-8-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download
memory/1540-10-0x0000000000401000-0x0000000000407000-memory.dmp

Filesize
24KB

Download
memory/1540-9-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download
memory/1540-1-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download
memory/1540-75-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads