528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08bab

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
04/02/2025, 20:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
Size

1.8MB
MD5

d5286bcb69ae114d57f8101160778cf0
SHA1

54bf22d16959b65b609848783930f18a7aa1b36a
SHA256

528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08bab
SHA512

ef727277090ebdd09ea3adbcd321b811341275a769ea8f5661feb0c8a0733af45a80785095ab6b762212f97bd441bc79401da77fd65b1e9b3c24ac4965f785dd
SSDEEP

768:tms+cAXJpB2TgpZnjJHet/OxJ+oFEZEdq:tNrAX5NjJHP+oFE2dq

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Intelx386\Lolita Pack 20 Pics.exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\a pelo.exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\Silent Hill.exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\GameCube Emulator.exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\Puta come mierda.exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\Hentai.exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\ContaWin 2000 (full version).exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\3D Studio R8 (It's Work!!).exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\mugen (full).exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\Chenoa en cueros.exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\RM2GBA.exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\WAV2MP3.exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\Pedofilia pack 37 pics.exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\WinRar v6.11 (with crack).exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\German extreme violation.mpg.exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\WinRar 4 (with crack).exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\Fuck my fat ass.avi.exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\Pack sex very hot nude young girl porn erotic private pussy rape clitoris suck chicas fotos culos tetas coños mamadas corridas sister hermana amigas friends lesbianas mujeres desnudas putas guarras hentai.exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\WinAce 3.85 (with Serial).exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\Download Accelerator Plus (DAP) (full version with serial).exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\Solo para Maricas.exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\Update Photoshop 8.0 to Photoshop 9.5 (It´s Work!).exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\MSN messenger 6.3.exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\Mazinkaiser pack fondos de escritorio.exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\Capitulos ineditos de DragonBall Z jamas emitidos.exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\Visual C.exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\Shinchan screen saver.scr	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\WinAmp skings and plugins.exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\RealOne Player (Full version).exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\WinZip 9.exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\3D Movie Maker.exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\GBAEmu.exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\Dont Touch.exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\Winamp 3 (full version).exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\BsPlayer v3.exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\Simpsons pack guiones (Temporada 2004).exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\Pack Photoshop CS 8 plugins.exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\PSEmu.exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\Resident Evil for GameCube.exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\FlashGet Max acceleration (Experimental).exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\Winamp 3.5 (full version).exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\Update Photoshop 7.0 to Photoshop 9.16 (It´s Work!).exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\Hacha Profesional Edition.exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\Pack 50 Juegos PS2.exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\Pack 25 Juegos GameCube.exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\Visual Studio (full).exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\Sexo con una menor.exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\Dont Download.exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\Matrix Wallpapers.exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\Winamp 5.0 (full version).exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\Juegos JAVA para NOKIA.exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\VMIntel386.exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\No lo Descargues.exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\Terminator 3 Wallpapers.exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\Hentai Evangelion Poker.exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\Mazinkaiser comics pack.exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\Follada brutal coño roto.exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\Nero 7.5.1.0 (cracked!).exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\DivX 7.2 freeware.exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\Hentai Shizuka clit.exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\Visual Basic 6.exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\humor.exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\VirtualDub 2.1.4.exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
File created	C:\Windows\Intelx386\Pack Tonos y Logos para Nokia.exe	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2836	2324	WerFault.exe	29

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2324 wrote to memory of 2836	2324	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe	30
PID 2324 wrote to memory of 2836	2324	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe	30
PID 2324 wrote to memory of 2836	2324	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe	30
PID 2324 wrote to memory of 2836	2324	528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe	30

C:\Users\Admin\AppData\Local\Temp\528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe
"C:\Users\Admin\AppData\Local\Temp\528d61e8d0ca7cee796b6bb999eec10b61b8191d8c05aee2ecfc6946e6f08babN.exe"
1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2324
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 88
  2⤵
  - Program crash
  PID:2836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Intelx386\Update Photoshop 8.0 to Photoshop 9.5 (It´s Work!).exe

Filesize
3.6MB

MD5
d9f2b6296164b58ee0939865bed83cc8

SHA1
6181f9a8b3ff23e733903d1cce334e34ac5959e9

SHA256
fa820b4725e5538ae38c78fb5dd310b621e7665fe72e50e33dc92da1c7141623

SHA512
9130cd504ccb4e6b7b95096dfb88135e3751c1436fa556d0d238283be5b0403be581fc78c2d4731915d490f818154331fc4a064859646d2ccc2fe196e7366162

Download Submit