c68beb1d7340185b43dea218e90697e9272b72edd0bc11086a895cfecf8a2578

Analysis

max time kernel
15s
max time network
20s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
06/08/2024, 15:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c41a6afa1a4d0f6478be00f1d3e0fa10N.exe
Size

416KB
MD5

c41a6afa1a4d0f6478be00f1d3e0fa10
SHA1

e1d09668a8c560df8c7466028165875f9d061bfd
SHA256

c68beb1d7340185b43dea218e90697e9272b72edd0bc11086a895cfecf8a2578
SHA512

e121af722ec039bc9bf5802a5ccbb14aec4b2211b8ca9d3d61a09c9ce32572376d46df7726fe26a96b6e6c7be0edf637d9db6572f171b5ad787ff0d0b19279dc
SSDEEP

3072:LmVW8iTX/3Rfl8Xq1+0cxxsWEL02fXcIp08Moe9DESZLhnEaWE:SM7jJljxYTHYZM1v5yE

Score

7^/10

discovery persistence upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2488-3-0x0000000000400000-0x0000000000468000-memory.dmp	upx
behavioral1/files/0x0007000000018f84-6.dat	upx
behavioral1/memory/2488-34-0x0000000000400000-0x0000000000468000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	c41a6afa1a4d0f6478be00f1d3e0fa10N.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\sexy hot looking horny ebony teens.mpg.pif	c41a6afa1a4d0f6478be00f1d3e0fa10N.exe
File created	C:\Windows\SysWOW64\macromd\teen hottie geting buttfucked.mpg.pif	c41a6afa1a4d0f6478be00f1d3e0fa10N.exe
File created	C:\Windows\SysWOW64\macromd\Jenna Jameson Nude Gang Bang Forced Cum Blowjob.mpg.pif	c41a6afa1a4d0f6478be00f1d3e0fa10N.exe
File created	C:\Windows\SysWOW64\macromd\cute blonde cheerleader dancing.mpg.pif	c41a6afa1a4d0f6478be00f1d3e0fa10N.exe
File created	C:\Windows\SysWOW64\macromd\sweet teen lesbians licking snatch.mpg.pif	c41a6afa1a4d0f6478be00f1d3e0fa10N.exe
File created	C:\Windows\SysWOW64\macromd\Yahoo mail cracker.exe	c41a6afa1a4d0f6478be00f1d3e0fa10N.exe
File created	C:\Windows\SysWOW64\macromd\little brown cup-cake with plump boobs and sweet beaver.mpg.pif	c41a6afa1a4d0f6478be00f1d3e0fa10N.exe
File created	C:\Windows\SysWOW64\macromd\redhead getting a group facial at a wild party.mpg.pif	c41a6afa1a4d0f6478be00f1d3e0fa10N.exe
File created	C:\Windows\SysWOW64\macromd\horny asian warming her finger in her gash.mpg.pif	c41a6afa1a4d0f6478be00f1d3e0fa10N.exe
File created	C:\Windows\SysWOW64\macromd\ass cute honie taking off jeans.mpg.pif	c41a6afa1a4d0f6478be00f1d3e0fa10N.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	c41a6afa1a4d0f6478be00f1d3e0fa10N.exe
File created	C:\Windows\SysWOW64\macromd\two interracial lesbians licking each other.mpg.pif	c41a6afa1a4d0f6478be00f1d3e0fa10N.exe
File created	C:\Windows\SysWOW64\macromd\dude getting off in lover's mouth at party.mpg.pif	c41a6afa1a4d0f6478be00f1d3e0fa10N.exe
File created	C:\Windows\SysWOW64\macromd\gorgious babe who quit school to model pretty pink.mpg.pif	c41a6afa1a4d0f6478be00f1d3e0fa10N.exe
File created	C:\Windows\SysWOW64\macromd\blonde on couch gettin tight anal fucking.mpg.pif	c41a6afa1a4d0f6478be00f1d3e0fa10N.exe
File created	C:\Windows\SysWOW64\macromd\hot actress heather graham naked.mpg.pif	c41a6afa1a4d0f6478be00f1d3e0fa10N.exe
File created	C:\Windows\SysWOW64\macromd\XXX Porn Passwords.exe	c41a6afa1a4d0f6478be00f1d3e0fa10N.exe
File created	C:\Windows\SysWOW64\macromd\nurse in pink showing her healthy bone slot.mpg.pif	c41a6afa1a4d0f6478be00f1d3e0fa10N.exe
File created	C:\Windows\SysWOW64\macromd\horny little blonde spreading pink.mpg.pif	c41a6afa1a4d0f6478be00f1d3e0fa10N.exe
File created	C:\Windows\SysWOW64\macromd\cute young tart on a lucky dudes cum shooter.mpg.pif	c41a6afa1a4d0f6478be00f1d3e0fa10N.exe
File created	C:\Windows\SysWOW64\macromd\jessica shows us her fat fisting.mpg.pif	c41a6afa1a4d0f6478be00f1d3e0fa10N.exe
File created	C:\Windows\SysWOW64\macromd\hardcored blonde mature.mpg.pif	c41a6afa1a4d0f6478be00f1d3e0fa10N.exe
File created	C:\Windows\SysWOW64\macromd\GTA 3 Crack.exe	c41a6afa1a4d0f6478be00f1d3e0fa10N.exe
File created	C:\Windows\SysWOW64\macromd\two teenie boppers learning to eat pussy.mpg.pif	c41a6afa1a4d0f6478be00f1d3e0fa10N.exe
File created	C:\Windows\SysWOW64\macromd\crazy old man playing young teen.mpg.pif	c41a6afa1a4d0f6478be00f1d3e0fa10N.exe
File created	C:\Windows\SysWOW64\macromd\lesbian sex and strapon dildo games.mpg.pif	c41a6afa1a4d0f6478be00f1d3e0fa10N.exe
File created	C:\Windows\SysWOW64\macromd\Teen Violent Forced Gangbang.exe	c41a6afa1a4d0f6478be00f1d3e0fa10N.exe
File created	C:\Windows\SysWOW64\macromd\babe celebrating new years naked and spreading cunt.mpg.pif	c41a6afa1a4d0f6478be00f1d3e0fa10N.exe
File created	C:\Windows\SysWOW64\macromd\senior blonde fucking and suckin like a teen.mpg.pif	c41a6afa1a4d0f6478be00f1d3e0fa10N.exe
File created	C:\Windows\SysWOW64\macromd\sylvia lauren showing her assets.mpg.pif	c41a6afa1a4d0f6478be00f1d3e0fa10N.exe
File created	C:\Windows\SysWOW64\macromd\Norton antivirus 2002.exe	c41a6afa1a4d0f6478be00f1d3e0fa10N.exe
File created	C:\Windows\SysWOW64\macromd\cum hungry teen in action.mpg.pif	c41a6afa1a4d0f6478be00f1d3e0fa10N.exe
File opened for modification	C:\Windows\SysWOW64\macromd\cute blonde cheerleader dancing.mpg.pif	c41a6afa1a4d0f6478be00f1d3e0fa10N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c41a6afa1a4d0f6478be00f1d3e0fa10N.exe

C:\Users\Admin\AppData\Local\Temp\c41a6afa1a4d0f6478be00f1d3e0fa10N.exe
"C:\Users\Admin\AppData\Local\Temp\c41a6afa1a4d0f6478be00f1d3e0fa10N.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
PID:2488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\macromd\Norton antivirus 2002.exe

Filesize
86KB

MD5
563cbbd2dbbb5800840632ed4d21c6a9

SHA1
0f766d38ac77c0087b6fcf31a5395d22fa8ec2c4

SHA256
f66efff4304c7ccae192e639fff8cb57df6befc9495aecebb8eb774515785b5c

SHA512
1337b3f350fb75bfaa50aed6daf80d2d5c6fe380e8ed1e42dace88bbed1a488344d0f75729f0d3fda40a6f64a3bd8f5abbaf3bf4dce93e39f02a749a99bb09e3

Download Submit
memory/2488-3-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download
memory/2488-34-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads