Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
03/07/2024, 20:52
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe
Resource
win7-20240508-en
windows7-x64
9 signatures
150 seconds
Behavioral task
behavioral2
Sample
3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
10 signatures
150 seconds
General
-
Target
3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe
-
Size
1.9MB
-
MD5
95eeea1082c8e911b40544907c1c60e0
-
SHA1
4265d2dfc0196bc54cf16f28eaf5c123394b9cf3
-
SHA256
3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e
-
SHA512
da57287dc9621973d7640296d6504d668c3dde20b3112e7bfe0b1f5954d7c2edb2aff91c550fccbd425b1cefac3abb6fd01c578c9bcba069565abc68979c8807
-
SSDEEP
24576:oW9dDhgbq/SdR9mJB8z3I1rvgThJA8hFRBi7Q46SgiCtS7Qczg52rhtcGP/iaAwD:V9J0QfJB8z36TOJJZB7fU7Qn521CkirI
Score
7/10
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe -
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\E: 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File opened (read-only) \??\Q: 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File opened (read-only) \??\V: 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File opened (read-only) \??\Z: 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File opened (read-only) \??\I: 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File opened (read-only) \??\R: 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File opened (read-only) \??\T: 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File opened (read-only) \??\W: 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File opened (read-only) \??\Y: 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File opened (read-only) \??\A: 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File opened (read-only) \??\H: 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File opened (read-only) \??\N: 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File opened (read-only) \??\S: 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File opened (read-only) \??\U: 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File opened (read-only) \??\M: 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File opened (read-only) \??\O: 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File opened (read-only) \??\P: 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File opened (read-only) \??\B: 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File opened (read-only) \??\G: 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File opened (read-only) \??\J: 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File opened (read-only) \??\K: 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File opened (read-only) \??\L: 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File opened (read-only) \??\X: 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe -
Drops file in System32 directory 10 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\Temp\animal public .mpeg.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\SysWOW64\FxsTmp\horse gang bang [milf] wifey (Sylvia,Sarah).mpg.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\SysWOW64\IME\shared\fetish licking titts (Sonja).mpeg.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\beast horse masturbation hole (Curtney).rar.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\SysWOW64\config\systemprofile\african porn girls feet .rar.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish horse full movie boobs penetration .rar.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\System32\LogFiles\Fax\Incoming\german action sperm [free] titts .mpeg.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\SysWOW64\config\systemprofile\swedish porn [bangbus] .mpeg.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\SysWOW64\FxsTmp\gay big (Curtney,Curtney).mpg.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\SysWOW64\IME\shared\beast beast [bangbus] ash .zip.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe -
Drops file in Program Files directory 15 IoCs
description ioc Process File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\american nude voyeur (Jenna).mpg.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Program Files\Windows Journal\Templates\black blowjob gay [milf] titts (Gina,Kathrin).rar.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Program Files (x86)\Common Files\microsoft shared\indian hardcore voyeur legs black hairunshaved .avi.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Program Files (x86)\Google\Temp\japanese horse hardcore girls hairy .rar.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Program Files\Windows Sidebar\Shared Gadgets\kicking beast catfight .zip.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Program Files (x86)\Google\Update\Download\animal [milf] feet fishy .avi.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\japanese gang bang blowjob girls shoes .rar.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\beastiality animal [milf] .rar.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Program Files (x86)\Microsoft Office\Templates\indian sperm kicking full movie legs ash (Britney).avi.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\american action animal public vagina mistress (Tatjana).mpg.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\french animal porn lesbian 40+ .mpeg.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Program Files\Common Files\Microsoft Shared\black blowjob girls vagina .avi.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Program Files\DVD Maker\Shared\black fucking beastiality [free] boots .zip.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\lesbian uncut .mpeg.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\swedish fucking fetish [milf] blondie .avi.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\canadian horse porn masturbation sweet (Karin).mpg.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\french cum animal masturbation upskirt (Curtney,Sonja).mpeg.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\handjob [milf] .mpeg.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\hardcore horse lesbian femdom (Jenna,Jenna).rar.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\american horse girls .rar.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\french handjob full movie nipples (Sonja).mpg.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\black xxx gay uncut feet .mpeg.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\InstallTemp\malaysia kicking lesbian hot (!) feet redhair .mpeg.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\action uncut .mpeg.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\horse several models hole (Sandy,Christine).rar.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\action uncut (Anniston,Sylvia).avi.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\handjob beast sleeping .avi.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\african fetish handjob girls castration .rar.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\horse fetish hidden hole (Gina).zip.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\horse public young .rar.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\lingerie lesbian hot (!) young .mpg.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\indian trambling [free] blondie .rar.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\malaysia kicking trambling [bangbus] .mpeg.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\sperm public .zip.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\black blowjob hidden .avi.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\tyrkish blowjob sleeping hole hairy .mpeg.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\tyrkish gang bang cumshot girls young .rar.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\indian nude bukkake lesbian leather (Jenna).mpg.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\german fucking fetish sleeping (Janette,Britney).rar.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\black nude porn hot (!) granny .avi.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\mssrv.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\canadian cum lingerie [bangbus] redhair .avi.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\danish lingerie [free] wifey .zip.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\blowjob full movie legs blondie (Sonja,Samantha).mpg.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\canadian gang bang uncut ash balls .mpeg.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\beastiality hot (!) 50+ .mpg.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\american fucking [milf] .mpg.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\fetish big cock .zip.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\SoftwareDistribution\Download\british horse lingerie public gorgeoushorny .mpeg.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\beastiality xxx full movie (Ashley).rar.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\porn trambling [bangbus] feet .avi.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\kicking hidden (Karin,Kathrin).avi.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\sperm beastiality sleeping circumcision .rar.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\french sperm lesbian vagina .avi.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\horse several models sweet .avi.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\canadian animal hot (!) traffic .zip.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\brasilian xxx [milf] gorgeoushorny (Britney).rar.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\black beast uncut boots .avi.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\british beast hidden (Kathrin,Britney).mpeg.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\malaysia fucking gang bang big sweet (Sonja,Britney).mpg.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\german cum handjob several models .rar.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\italian horse several models (Ashley,Liz).avi.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\hardcore [free] 40+ .zip.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\xxx trambling [bangbus] .mpeg.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\fucking full movie castration .mpeg.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\chinese porn public beautyfull .mpg.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\swedish beastiality bukkake full movie ash .rar.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\chinese cum big legs wifey .rar.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\asian handjob masturbation beautyfull (Gina,Melissa).mpeg.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\malaysia animal gang bang [milf] legs upskirt (Janette).mpg.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\black hardcore lesbian girls mistress .mpeg.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\german beast big latex .mpeg.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\swedish fucking horse lesbian hole traffic .avi.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\horse fucking public (Anniston).mpeg.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\cumshot cum full movie (Tatjana,Karin).zip.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\japanese cumshot [free] glans shoes .mpg.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\lesbian [free] boobs ejaculation .rar.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\nude [free] hairy .rar.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\japanese trambling cum big lady (Jade,Anniston).avi.exe 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2972 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 1752 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 2972 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 2272 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 2972 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 1752 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 2272 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 2972 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 1752 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 2272 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 2972 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 1752 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 2272 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 2972 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 1752 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 2272 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 2972 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 1752 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 2272 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 2972 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 1752 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 2272 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 2972 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 1752 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 2272 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 2972 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 1752 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 2272 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 2972 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 1752 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 2272 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 2972 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 1752 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 2272 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 2972 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 1752 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 2272 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 2972 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 1752 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 2272 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 2972 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 1752 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 2272 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 2972 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 1752 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 2272 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 2972 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 1752 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 2272 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 2972 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 1752 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 2272 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 2972 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 1752 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 2272 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 2972 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 1752 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 2272 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 2972 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 1752 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 2272 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 2972 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 1752 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 2272 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 2972 wrote to memory of 1752 2972 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 28 PID 2972 wrote to memory of 1752 2972 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 28 PID 2972 wrote to memory of 1752 2972 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 28 PID 2972 wrote to memory of 1752 2972 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 28 PID 1752 wrote to memory of 2272 1752 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 29 PID 1752 wrote to memory of 2272 1752 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 29 PID 1752 wrote to memory of 2272 1752 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 29 PID 1752 wrote to memory of 2272 1752 3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe"C:\Users\Admin\AppData\Local\Temp\3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe"1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2972 -
C:\Users\Admin\AppData\Local\Temp\3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe"C:\Users\Admin\AppData\Local\Temp\3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1752 -
C:\Users\Admin\AppData\Local\Temp\3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe"C:\Users\Admin\AppData\Local\Temp\3f3108d39e71c140d4ae3eecec7ab92807ae47b8a8b17763557234372185943e.exe"3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2272
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.1MB
MD535cdec4e3dccfeb0a723a2319b786eba
SHA10956c7498bb5b603fa053ff8d7b3c567446317da
SHA256b473bfbb48f4ec5c88fad3994bc3fc97beaa88c59b148c9757d40a21dcaf0fd9
SHA5124cec0e0ccda5bf3bd20c0b64ec42c4a98e4fe315e6eaffb5a9303087956dfd6d4de8cc0b584f52db351070f8bd395219b6fa11296ae50a0ee605a7d47f2318ff