bca3d46da26e029e76fc963ba453611a98d06eec67b2ae310e67b1b14cd6456a

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2024, 04:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bca3d46da26e029e76fc963ba453611a98d06eec67b2ae310e67b1b14cd6456aN.exe
Size

164KB
MD5

5090c9d2479523c8dbd91b5115305ef0
SHA1

f5bdf73c020a87d01897b3d8e331ad724c928def
SHA256

bca3d46da26e029e76fc963ba453611a98d06eec67b2ae310e67b1b14cd6456a
SHA512

45723235fd1a2639bd1615d59c4cda3c7baca1bad17a7ad29e2cb3ddd12a7d83fa9e673d468d52b4b65669f2e9a8a6ae2383c415984c4ecb127a3d09e77f1696
SSDEEP

3072:jmVW8iTX/3RfldjjXq1+0cxxsWEL02fXcIp08MoePBYgMcnH5VckgZ:aM7jJlRexYTHYZMPBFfcp

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	bca3d46da26e029e76fc963ba453611a98d06eec67b2ae310e67b1b14cd6456aN.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\little dicks on gay male tricks.mpg.pif	bca3d46da26e029e76fc963ba453611a98d06eec67b2ae310e67b1b14cd6456aN.exe
File created	C:\Windows\SysWOW64\macromd\XXX Porn Passwords.exe	bca3d46da26e029e76fc963ba453611a98d06eec67b2ae310e67b1b14cd6456aN.exe
File created	C:\Windows\SysWOW64\macromd\Teen Violent Forced Gangbang.exe	bca3d46da26e029e76fc963ba453611a98d06eec67b2ae310e67b1b14cd6456aN.exe
File created	C:\Windows\SysWOW64\macromd\14 year old on beach.mpg.exe	bca3d46da26e029e76fc963ba453611a98d06eec67b2ae310e67b1b14cd6456aN.exe
File created	C:\Windows\SysWOW64\macromd\black dude gettin it with two white hoes.mpg.pif	bca3d46da26e029e76fc963ba453611a98d06eec67b2ae310e67b1b14cd6456aN.exe
File created	C:\Windows\SysWOW64\macromd\hot babes having too much fun at nude beach party.mpg.pif	bca3d46da26e029e76fc963ba453611a98d06eec67b2ae310e67b1b14cd6456aN.exe
File created	C:\Windows\SysWOW64\macromd\sexy hot looking horny ebony teens.mpg.pif	bca3d46da26e029e76fc963ba453611a98d06eec67b2ae310e67b1b14cd6456aN.exe
File created	C:\Windows\SysWOW64\macromd\cute young tart on a lucky dudes cum shooter.mpg.pif	bca3d46da26e029e76fc963ba453611a98d06eec67b2ae310e67b1b14cd6456aN.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	bca3d46da26e029e76fc963ba453611a98d06eec67b2ae310e67b1b14cd6456aN.exe
File created	C:\Windows\SysWOW64\macromd\Hotmail Hacker.exe	bca3d46da26e029e76fc963ba453611a98d06eec67b2ae310e67b1b14cd6456aN.exe
File created	C:\Windows\SysWOW64\macromd\15 year old on beach.mpg.exe	bca3d46da26e029e76fc963ba453611a98d06eec67b2ae310e67b1b14cd6456aN.exe
File created	C:\Windows\SysWOW64\macromd\busty asian babe with a hairy box.mpg.pif	bca3d46da26e029e76fc963ba453611a98d06eec67b2ae310e67b1b14cd6456aN.exe
File created	C:\Windows\SysWOW64\macromd\leggy babe posing in pink panties.mpg.pif	bca3d46da26e029e76fc963ba453611a98d06eec67b2ae310e67b1b14cd6456aN.exe
File created	C:\Windows\SysWOW64\macromd\fine babe spreading sweet ass and luscious cunt.mpg.pif	bca3d46da26e029e76fc963ba453611a98d06eec67b2ae310e67b1b14cd6456aN.exe
File created	C:\Windows\SysWOW64\macromd\AIM Account Hacker.exe	bca3d46da26e029e76fc963ba453611a98d06eec67b2ae310e67b1b14cd6456aN.exe
File created	C:\Windows\SysWOW64\macromd\two teen lesbians with dildo having fun.mpg.pif	bca3d46da26e029e76fc963ba453611a98d06eec67b2ae310e67b1b14cd6456aN.exe
File created	C:\Windows\SysWOW64\macromd\redhead getting a group facial at a wild party.mpg.pif	bca3d46da26e029e76fc963ba453611a98d06eec67b2ae310e67b1b14cd6456aN.exe
File created	C:\Windows\SysWOW64\macromd\showing some hot girls share cock.mpg.pif	bca3d46da26e029e76fc963ba453611a98d06eec67b2ae310e67b1b14cd6456aN.exe
File created	C:\Windows\SysWOW64\macromd\jenna jameson sex scene huge dick blowjob.scr	bca3d46da26e029e76fc963ba453611a98d06eec67b2ae310e67b1b14cd6456aN.exe
File created	C:\Windows\SysWOW64\macromd\pigtail black babe with pretty boy.mpg.pif	bca3d46da26e029e76fc963ba453611a98d06eec67b2ae310e67b1b14cd6456aN.exe
File created	C:\Windows\SysWOW64\macromd\asian getting a taste of pork.mpg.pif	bca3d46da26e029e76fc963ba453611a98d06eec67b2ae310e67b1b14cd6456aN.exe
File created	C:\Windows\SysWOW64\macromd\beautiful babes extending love and compassion.mpg.pif	bca3d46da26e029e76fc963ba453611a98d06eec67b2ae310e67b1b14cd6456aN.exe
File created	C:\Windows\SysWOW64\macromd\15 year old webcam.mpg.pif	bca3d46da26e029e76fc963ba453611a98d06eec67b2ae310e67b1b14cd6456aN.exe
File created	C:\Windows\SysWOW64\macromd\babe celebrating new years naked and spreading cunt.mpg.pif	bca3d46da26e029e76fc963ba453611a98d06eec67b2ae310e67b1b14cd6456aN.exe
File created	C:\Windows\SysWOW64\macromd\blonde doing dildo outdoors.mpg.pif	bca3d46da26e029e76fc963ba453611a98d06eec67b2ae310e67b1b14cd6456aN.exe
File created	C:\Windows\SysWOW64\macromd\horny asian warming her finger in her gash.mpg.pif	bca3d46da26e029e76fc963ba453611a98d06eec67b2ae310e67b1b14cd6456aN.exe
File created	C:\Windows\SysWOW64\macromd\blowjob girl getting a sloppy facial.mpg.pif	bca3d46da26e029e76fc963ba453611a98d06eec67b2ae310e67b1b14cd6456aN.exe
File created	C:\Windows\SysWOW64\macromd\chicks eating hot meaty pussy.mpg.pif	bca3d46da26e029e76fc963ba453611a98d06eec67b2ae310e67b1b14cd6456aN.exe
File created	C:\Windows\SysWOW64\macromd\Britney spears nude.exe	bca3d46da26e029e76fc963ba453611a98d06eec67b2ae310e67b1b14cd6456aN.exe
File created	C:\Windows\SysWOW64\macromd\Pamela Anderson And Tommy Lee Home Video (Part 1).mpg.exe	bca3d46da26e029e76fc963ba453611a98d06eec67b2ae310e67b1b14cd6456aN.exe
File created	C:\Windows\SysWOW64\macromd\blonde with titts and cunt sending chills thru cock.mpg.pif	bca3d46da26e029e76fc963ba453611a98d06eec67b2ae310e67b1b14cd6456aN.exe
File created	C:\Windows\SysWOW64\macromd\young teen slut with a huge cock in her mouth.mpg.pif	bca3d46da26e029e76fc963ba453611a98d06eec67b2ae310e67b1b14cd6456aN.exe
File created	C:\Windows\SysWOW64\macromd\teen bisexual mmf threesome.mpg.pif	bca3d46da26e029e76fc963ba453611a98d06eec67b2ae310e67b1b14cd6456aN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bca3d46da26e029e76fc963ba453611a98d06eec67b2ae310e67b1b14cd6456aN.exe

C:\Users\Admin\AppData\Local\Temp\bca3d46da26e029e76fc963ba453611a98d06eec67b2ae310e67b1b14cd6456aN.exe
"C:\Users\Admin\AppData\Local\Temp\bca3d46da26e029e76fc963ba453611a98d06eec67b2ae310e67b1b14cd6456aN.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
PID:3064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\macromd\XXX Porn Passwords.exe

Filesize
71KB

MD5
4905ee89f6f227908da00c010b3a5109

SHA1
7fd52617c7c73ed0028f40df6386cd1b27f9e845

SHA256
3144f8b13e1e54f3e513e90912b9942f65c1dd77f10d3f84f491b980bb1b91fe

SHA512
47958a548f219b04d028bbcd56d8f5dee87b9c8e917e7dbfd14b1ab0851956e48ba3d26f6dd57c92500a403af2db49ab945862d68df9ddd58ca7729d10e27220

Download Submit
memory/3064-33-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads