Analysis
-
max time kernel
93s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
13/11/2024, 08:23
Behavioral task
behavioral1
Sample
b904ae346e3e732e2907322b35fdc731d617ee4d12f9696ec77154ae730e71f2.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
b904ae346e3e732e2907322b35fdc731d617ee4d12f9696ec77154ae730e71f2.exe
Resource
win10v2004-20241007-en
General
-
Target
b904ae346e3e732e2907322b35fdc731d617ee4d12f9696ec77154ae730e71f2.exe
-
Size
74KB
-
MD5
95a3cf12e2f420b9a1c1b4389b59ab3e
-
SHA1
015e7e784a9dab8a47ea4d663f2d47ce66e69805
-
SHA256
b904ae346e3e732e2907322b35fdc731d617ee4d12f9696ec77154ae730e71f2
-
SHA512
30decd379970ff1405b7e7fc011b2aed3a26582d83a59d770a909116df7b84d4ff1a08557280063e03d8276aa952ccd42136c08e42585f9d1a0112c23b1c6a9e
-
SSDEEP
1536:5lrsicagdzn8K2ariPOcjk+XQuPVN72NMSM8sug6hDW2PMg:5JjcF8KfCOcjk+guPVjSM8s1Z2PMg
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe" b904ae346e3e732e2907322b35fdc731d617ee4d12f9696ec77154ae730e71f2.exe -
Drops file in System32 directory 33 IoCs
description ioc Process File created C:\Windows\SysWOW64\macromd\asian getting a taste of pork.mpg.pif b904ae346e3e732e2907322b35fdc731d617ee4d12f9696ec77154ae730e71f2.exe File created C:\Windows\SysWOW64\macromd\pornstar aria giovanni .mpg.pif b904ae346e3e732e2907322b35fdc731d617ee4d12f9696ec77154ae730e71f2.exe File created C:\Windows\SysWOW64\macromd\asian studys how to strip.mpg.pif b904ae346e3e732e2907322b35fdc731d617ee4d12f9696ec77154ae730e71f2.exe File created C:\Windows\SysWOW64\macromd\babes getting their tender little asses corked.mpg.pif b904ae346e3e732e2907322b35fdc731d617ee4d12f9696ec77154ae730e71f2.exe File created C:\Windows\SysWOW64\macromd\old lady in bra and corset with dildo.mpg.pif b904ae346e3e732e2907322b35fdc731d617ee4d12f9696ec77154ae730e71f2.exe File created C:\Windows\SysWOW64\macromd\asian slut with puffy exotic lips.mpg.pif b904ae346e3e732e2907322b35fdc731d617ee4d12f9696ec77154ae730e71f2.exe File created C:\Windows\SysWOW64\macromd\sexy hot looking horny ebony teens.mpg.pif b904ae346e3e732e2907322b35fdc731d617ee4d12f9696ec77154ae730e71f2.exe File created C:\Windows\SysWOW64\macromd\babe celebrating new years naked and spreading cunt.mpg.pif b904ae346e3e732e2907322b35fdc731d617ee4d12f9696ec77154ae730e71f2.exe File created C:\Windows\SysWOW64\macromd\gangbang tryout with young slut and two studs.mpg.pif b904ae346e3e732e2907322b35fdc731d617ee4d12f9696ec77154ae730e71f2.exe File created C:\Windows\SysWOW64\macromd\neighbor boy fucking grandma after mowing her grass.mpg.pif b904ae346e3e732e2907322b35fdc731d617ee4d12f9696ec77154ae730e71f2.exe File created C:\Windows\SysWOW64\macromd\swimmingpool threesome fuck suck group sucking.mpg.pif b904ae346e3e732e2907322b35fdc731d617ee4d12f9696ec77154ae730e71f2.exe File created C:\Windows\SysWOW64\macromd\babe locking lips around her man's rod in backyard.mpg.pif b904ae346e3e732e2907322b35fdc731d617ee4d12f9696ec77154ae730e71f2.exe File created C:\Windows\SysWOW64\macromd\charlize theron naked.mpg.pif b904ae346e3e732e2907322b35fdc731d617ee4d12f9696ec77154ae730e71f2.exe File created C:\Windows\SysWOW64\macromd\honie playing in her cunt with newly bought toy.mpg.pif b904ae346e3e732e2907322b35fdc731d617ee4d12f9696ec77154ae730e71f2.exe File created C:\Windows\SysWOW64\macromd\redhead getting a group facial at a wild party.mpg.pif b904ae346e3e732e2907322b35fdc731d617ee4d12f9696ec77154ae730e71f2.exe File created C:\Windows\SysWOW64\macromd\crazy old man playing young teen.mpg.pif b904ae346e3e732e2907322b35fdc731d617ee4d12f9696ec77154ae730e71f2.exe File created C:\Windows\SysWOW64\macromd\uptown girl with great ass that should be illegal.mpg.pif b904ae346e3e732e2907322b35fdc731d617ee4d12f9696ec77154ae730e71f2.exe File created C:\Windows\SysWOW64\macromd\brutal preteen porn xxx.exe b904ae346e3e732e2907322b35fdc731d617ee4d12f9696ec77154ae730e71f2.exe File created C:\Windows\SysWOW64\macromd\MSN.exe b904ae346e3e732e2907322b35fdc731d617ee4d12f9696ec77154ae730e71f2.exe File created C:\Windows\SysWOW64\macromd\wife in kitchen preparing hot pussy for hubby's dinner.mpg.pif b904ae346e3e732e2907322b35fdc731d617ee4d12f9696ec77154ae730e71f2.exe File created C:\Windows\SysWOW64\macromd\fun slut who let dude eat her off in jacuzzi.mpg.pif b904ae346e3e732e2907322b35fdc731d617ee4d12f9696ec77154ae730e71f2.exe File created C:\Windows\SysWOW64\macromd\brunette fucking in bedroom with boyfriend.mpg.pif b904ae346e3e732e2907322b35fdc731d617ee4d12f9696ec77154ae730e71f2.exe File created C:\Windows\SysWOW64\winxcfg.exe b904ae346e3e732e2907322b35fdc731d617ee4d12f9696ec77154ae730e71f2.exe File created C:\Windows\SysWOW64\macromd\uncle fred spanking his young nieces little ass.mpg.pif b904ae346e3e732e2907322b35fdc731d617ee4d12f9696ec77154ae730e71f2.exe File created C:\Windows\SysWOW64\macromd\busty blondie with cool ass.mpg.pif b904ae346e3e732e2907322b35fdc731d617ee4d12f9696ec77154ae730e71f2.exe File created C:\Windows\SysWOW64\macromd\two dudes comparing dick sizes.mpg.pif b904ae346e3e732e2907322b35fdc731d617ee4d12f9696ec77154ae730e71f2.exe File created C:\Windows\SysWOW64\macromd\Counter Strike CD Keygen.exe b904ae346e3e732e2907322b35fdc731d617ee4d12f9696ec77154ae730e71f2.exe File created C:\Windows\SysWOW64\macromd\bad gal being tied and bound.mpg.pif b904ae346e3e732e2907322b35fdc731d617ee4d12f9696ec77154ae730e71f2.exe File created C:\Windows\SysWOW64\macromd\bigger chunky girl with huge tits posing in the buff.mpg.pif b904ae346e3e732e2907322b35fdc731d617ee4d12f9696ec77154ae730e71f2.exe File created C:\Windows\SysWOW64\macromd\an older fat mom spreading wide.mpg.pif b904ae346e3e732e2907322b35fdc731d617ee4d12f9696ec77154ae730e71f2.exe File created C:\Windows\SysWOW64\macromd\hot blonde fucking and sucking cum.mpg.pif b904ae346e3e732e2907322b35fdc731d617ee4d12f9696ec77154ae730e71f2.exe File created C:\Windows\SysWOW64\macromd\prego housewifes large hole .mpg.pif b904ae346e3e732e2907322b35fdc731d617ee4d12f9696ec77154ae730e71f2.exe File created C:\Windows\SysWOW64\macromd\little brown cup-cake with plump boobs and sweet beaver.mpg.pif b904ae346e3e732e2907322b35fdc731d617ee4d12f9696ec77154ae730e71f2.exe -
resource yara_rule behavioral2/memory/1112-0-0x0000000000400000-0x0000000000467000-memory.dmp upx behavioral2/files/0x0007000000023ca6-6.dat upx behavioral2/memory/1112-34-0x0000000000400000-0x0000000000467000-memory.dmp upx -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language b904ae346e3e732e2907322b35fdc731d617ee4d12f9696ec77154ae730e71f2.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\b904ae346e3e732e2907322b35fdc731d617ee4d12f9696ec77154ae730e71f2.exe"C:\Users\Admin\AppData\Local\Temp\b904ae346e3e732e2907322b35fdc731d617ee4d12f9696ec77154ae730e71f2.exe"1⤵
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
PID:1112
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD5e047a74483968d5ace5797a4dc02684a
SHA1478029ba9dc1ce5da00360241882235cf87021ba
SHA256c2ba8bcec18ec15f0abbdd92f70d48f421774635f55133609873f31a53c6257c
SHA512b8ac145e56e0394cf0ae75dec40f18e4641dae64a289a9e02143996d9c07011e0fc7010ab5707ec58bae4a9419bdd9892d090a1c2e43fec2c4a1cbaa3f84f6b9