Overview
overview
10Static
static
7Mydoom/00b...f7.exe
windows11-21h2-x64
1Mydoom/055...81.exe
windows11-21h2-x64
Mydoom/0b7...c5.exe
windows11-21h2-x64
8Mydoom/0d5...64.exe
windows11-21h2-x64
10Mydoom/176...9c.exe
windows11-21h2-x64
7Mydoom/1fe...81.exe
windows11-21h2-x64
7Mydoom/233...98.exe
windows11-21h2-x64
7Mydoom/252...03.exe
windows11-21h2-x64
7Mydoom/2af...b2.exe
windows11-21h2-x64
7Mydoom/3d9...64.exe
windows11-21h2-x64
7Mydoom/3db...e5.exe
windows11-21h2-x64
7Mydoom/493...dc.exe
windows11-21h2-x64
7Mydoom/4d6...08.exe
windows11-21h2-x64
7Mydoom/564...2a.exe
windows11-21h2-x64
7Mydoom/6c3...4c.exe
windows11-21h2-x64
7Mydoom/6c3...c3.exe
windows11-21h2-x64
7Mydoom/771...20.exe
windows11-21h2-x64
7Mydoom/7bc...61.exe
windows11-21h2-x64
7Mydoom/8e9...88.exe
windows11-21h2-x64
7Mydoom/9a7...60.exe
windows11-21h2-x64
7Mydoom/9e0...f3.exe
windows11-21h2-x64
7Mydoom/Myd...06.exe
windows11-21h2-x64
10Mydoom/Myd...5c.exe
windows11-21h2-x64
6Mydoom/Myd...fc.exe
windows11-21h2-x64
10Mydoom/Myd...59.exe
windows11-21h2-x64
1Mydoom/Myd...64.exe
windows11-21h2-x64
7Mydoom/Myd...76.exe
windows11-21h2-x64
10Mydoom/a9a...0f.exe
windows11-21h2-x64
7Mydoom/b4a...95.exe
windows11-21h2-x64
7Mydoom/c03...ef.exe
windows11-21h2-x64
8Mydoom/c45...24.exe
windows11-21h2-x64
7Mydoom/d42...06.exe
windows11-21h2-x64
7Analysis
-
max time kernel
29s -
max time network
31s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
10/06/2024, 17:27
Behavioral task
behavioral1
Sample
Mydoom/00b9b6cf27deeda8de99d1719ef724808afa92080026df8dd17159be8ea420f7.exe
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral2
Sample
Mydoom/05500734fe07ac2b5bc89aa12b090203c4b74851cb0d62bd388f27ec6d6caa81.exe
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral3
Sample
Mydoom/0b75e2fadffc45dff940e58f5b6f8d99832426bb880f432f98d853308b29c9c5.exe
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral4
Sample
Mydoom/0d5fa75218e5eb97fccbcf36d3bbd9cd77247260977f69c50deb29399ee0e464.exe
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral5
Sample
Mydoom/1760c5727e5568d3b18a1cbf0d50c311613699af8233c96fb3eee197f438ce9c.exe
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral6
Sample
Mydoom/1fe99fb7c527a90826896e695f23e712375358df3c7aa9163af6b96d872a9f81.exe
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral7
Sample
Mydoom/23361735678f37d77510b22306c727a987f84c87143bb0062f3d76413c36fc98.exe
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral8
Sample
Mydoom/2522b83852588bc0f7f620f9b4fe3a9337b9608be335d3958d190275f333df03.exe
Resource
win11-20240419-en
windows11-21h2-x64
Behavioral task
behavioral9
Sample
Mydoom/2af6bc16f25822d6d2f1429bc15f3d47f6c0bcb026ba387249d173fc753919b2.exe
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral10
Sample
Mydoom/3d9f9c162e130c197301adb5a4e141f2e1ae8a19c85b457c429e8410a5c91464.exe
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral11
Sample
Mydoom/3db846a796caa001666df8f7cae709fff02f984711b0e70e0e79c457d631b4e5.exe
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral12
Sample
Mydoom/493813116f32ad6f455676cd54e32a2167ece845038202614cbb49e126f5afdc.exe
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral13
Sample
Mydoom/4d61a61265cdd942cff973609170529eaf19579b5d17e64deccbd6f6f1fdfa08.exe
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral14
Sample
Mydoom/5642f8bd3bc151349ded1a3c160c037c26194c9da2b7ace5d8ca11cddb57612a.exe
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral15
Sample
Mydoom/6c37d14d5ad674e4c0fa8df0a999be6b27399936c9ff16f7fb30b802addb7b4c.exe
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral16
Sample
Mydoom/6c3c9af653a28977257ce971ed701b1b893cdf67d5c57baa44a9d76c28675dc3.exe
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral17
Sample
Mydoom/77186e57b2eeb3ed4b56cfe280d5eeea3155d9502217cda824600bc93d365320.exe
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral18
Sample
Mydoom/7bca70a81cc9e1067e99e313802a4cc095f79bbc3a1aa86b7b3b9eabf3748e61.exe
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral19
Sample
Mydoom/8e934dcd46eb57d42712d097deab6ce00ef1ce2db87d03f8d3d8e8c10da7e088.exe
Resource
win11-20240419-en
windows11-21h2-x64
Behavioral task
behavioral20
Sample
Mydoom/9a75c8e353df060ec927ada5990402b57764275f2a860d9cf500a661ec3de060.exe
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral21
Sample
Mydoom/9e067453f09c5cbfa4c5a74fe3e70d7d8e66a25057e6c35240dce5a40ec31bf3.exe
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral22
Sample
Mydoom/Mydoom Ransomwares/1a174a556ce8e7a22c66f515ae1591f775bb673e989d5a39334f901edccf5406.exe
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral23
Sample
Mydoom/Mydoom Ransomwares/1fb613ee3b0e7f96f5dea029aae31b86340b0724e88f84a76b386af84d1cf95c.exe
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral24
Sample
Mydoom/Mydoom Ransomwares/5458f18e36de21d20b713f7acd8575fc8a86330c466e1b9dc6f41bc81f3e79fc.exe
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral25
Sample
Mydoom/Mydoom Ransomwares/84ee7e5c055fd25204ca4969940292b03da9d45b5048cbb7f7ba8528b88a2859.exe
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral26
Sample
Mydoom/Mydoom Ransomwares/cc3b570fa8f87354f06a20d8873c45087684c217f1b434b3b0048acd96fe3e64.exe
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral27
Sample
Mydoom/Mydoom Ransomwares/dd286a4d79d0f4c2b906073c7f46680252ca09c1c39b0dc12c92097c56662876.exe
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral28
Sample
Mydoom/a9a89ed0d139fbc436794f5d3a8e58c547247039d8c86767b1e2f2bce40e390f.exe
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral29
Sample
Mydoom/b4ab8f5c8b97307b328ba30fdefdbe4341c4e2c576729fdb5c7329d5b07bb695.exe
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral30
Sample
Mydoom/c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef.exe
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral31
Sample
Mydoom/c45a330cf80c33977658649596d4867301e928381c5fc37ec3edabfad2251324.exe
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral32
Sample
Mydoom/d42fc4dabd9a9e74156d1a856cb542ed2e0796d2d7c6b976c0ac5421a87f9806.exe
Resource
win11-20240426-en
windows11-21h2-x64
General
-
Target
Mydoom/3d9f9c162e130c197301adb5a4e141f2e1ae8a19c85b457c429e8410a5c91464.exe
-
Size
41KB
-
MD5
3e67d212278e1af5be913d236399fcf6
-
SHA1
f993125ed4af1de6a551a6e0843a6d124cd46f27
-
SHA256
3d9f9c162e130c197301adb5a4e141f2e1ae8a19c85b457c429e8410a5c91464
-
SHA512
f7e6394c9f9fdd6a03c72aaece5b4911cb821680a632f94b622b12d94cff9873d93b2c6604016524bdab4dd6e4b70b532c440f6b296138677be19e078ad23ec7
-
SSDEEP
768:/eMc5VwWt1jDkbXdnTOyQxHFO+IxX2P5LIbbcPYir2lAqcdF0i09sy:/q5VwWDjDkdTRqHFOn8tIbbeYiuZIFSl
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.
resource yara_rule behavioral10/files/0x000500000002a961-10.dat acprotect -
Executes dropped EXE 2 IoCs
pid Process 3808 ctfmen.exe 4092 smnss.exe -
Loads dropped DLL 2 IoCs
pid Process 1296 3d9f9c162e130c197301adb5a4e141f2e1ae8a19c85b457c429e8410a5c91464.exe 4092 smnss.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ctfmen = "C:\\Windows\\system32\\ctfmen.exe" 3d9f9c162e130c197301adb5a4e141f2e1ae8a19c85b457c429e8410a5c91464.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ctfmen = "C:\\Windows\\system32\\ctfmen.exe" smnss.exe -
Maps connected drives based on registry 3 TTPs 6 IoCs
Disk information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum smnss.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 smnss.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\1 smnss.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum 3d9f9c162e130c197301adb5a4e141f2e1ae8a19c85b457c429e8410a5c91464.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 3d9f9c162e130c197301adb5a4e141f2e1ae8a19c85b457c429e8410a5c91464.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\1 3d9f9c162e130c197301adb5a4e141f2e1ae8a19c85b457c429e8410a5c91464.exe -
Drops file in System32 directory 12 IoCs
description ioc Process File created C:\Windows\SysWOW64\shervans.dll 3d9f9c162e130c197301adb5a4e141f2e1ae8a19c85b457c429e8410a5c91464.exe File created C:\Windows\SysWOW64\grcopy.dll 3d9f9c162e130c197301adb5a4e141f2e1ae8a19c85b457c429e8410a5c91464.exe File opened for modification C:\Windows\SysWOW64\grcopy.dll 3d9f9c162e130c197301adb5a4e141f2e1ae8a19c85b457c429e8410a5c91464.exe File opened for modification C:\Windows\SysWOW64\shervans.dll 3d9f9c162e130c197301adb5a4e141f2e1ae8a19c85b457c429e8410a5c91464.exe File opened for modification C:\Windows\SysWOW64\satornas.dll 3d9f9c162e130c197301adb5a4e141f2e1ae8a19c85b457c429e8410a5c91464.exe File created C:\Windows\SysWOW64\zipfi.dll smnss.exe File created C:\Windows\SysWOW64\ctfmen.exe 3d9f9c162e130c197301adb5a4e141f2e1ae8a19c85b457c429e8410a5c91464.exe File opened for modification C:\Windows\SysWOW64\ctfmen.exe 3d9f9c162e130c197301adb5a4e141f2e1ae8a19c85b457c429e8410a5c91464.exe File created C:\Windows\SysWOW64\zipfiaq.dll smnss.exe File created C:\Windows\SysWOW64\smnss.exe smnss.exe File created C:\Windows\SysWOW64\smnss.exe 3d9f9c162e130c197301adb5a4e141f2e1ae8a19c85b457c429e8410a5c91464.exe File created C:\Windows\SysWOW64\satornas.dll 3d9f9c162e130c197301adb5a4e141f2e1ae8a19c85b457c429e8410a5c91464.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\7-Zip\Lang\eu.txt smnss.exe File opened for modification C:\Program Files\7-Zip\Lang\kaa.txt smnss.exe File opened for modification C:\Program Files\7-Zip\Lang\ku-ckb.txt smnss.exe File opened for modification C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml smnss.exe File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond-TrebuchetMs.xml smnss.exe File opened for modification C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml smnss.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\EXCEL.VisualElementsManifest.xml smnss.exe File opened for modification C:\Program Files\7-Zip\Lang\cy.txt smnss.exe File opened for modification C:\Program Files\7-Zip\Lang\de.txt smnss.exe File opened for modification C:\Program Files\7-Zip\Lang\ga.txt smnss.exe File opened for modification C:\Program Files\7-Zip\Lang\is.txt smnss.exe File opened for modification C:\Program Files\7-Zip\Lang\pt-br.txt smnss.exe File opened for modification C:\Program Files\7-Zip\Lang\ro.txt smnss.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml smnss.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml smnss.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack_eula.txt smnss.exe File opened for modification C:\Program Files\7-Zip\Lang\gu.txt smnss.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml smnss.exe File opened for modification C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml smnss.exe File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial Black-Arial.xml smnss.exe File opened for modification C:\Program Files\7-Zip\Lang\hy.txt smnss.exe File opened for modification C:\Program Files\7-Zip\Lang\id.txt smnss.exe File opened for modification C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt smnss.exe File opened for modification C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml smnss.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer2019_eula.txt smnss.exe File opened for modification C:\Program Files\7-Zip\History.txt smnss.exe File opened for modification C:\Program Files\7-Zip\Lang\be.txt smnss.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\Content.xml smnss.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml smnss.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml smnss.exe File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue.xml smnss.exe File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Green Yellow.xml smnss.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentlogon.xml smnss.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml smnss.exe File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Schoolbook.xml smnss.exe File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Tw Cen MT.xml smnss.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub_eula.txt smnss.exe File opened for modification C:\Program Files\7-Zip\Lang\bg.txt smnss.exe File opened for modification C:\Program Files\7-Zip\Lang\uz.txt smnss.exe File opened for modification C:\Program Files\Microsoft Office\FileSystemMetadata.xml smnss.exe File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Corbel.xml smnss.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml smnss.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml smnss.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipssve.xml smnss.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\server\Xusage.txt smnss.exe File opened for modification C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml smnss.exe File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Violet II.xml smnss.exe File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow.xml smnss.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml smnss.exe File opened for modification C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml smnss.exe File opened for modification C:\Program Files\Microsoft Office\root\Integration\C2RManifest.excelmui.msi.16.en-us.xml smnss.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense2019_eula.txt smnss.exe File opened for modification C:\Program Files\7-Zip\Lang\hi.txt smnss.exe File opened for modification C:\Program Files\7-Zip\Lang\it.txt smnss.exe File opened for modification C:\Program Files\7-Zip\Lang\lij.txt smnss.exe File opened for modification C:\Program Files\7-Zip\Lang\mk.txt smnss.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml smnss.exe File opened for modification C:\Program Files\Microsoft Office\root\Integration\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml smnss.exe File opened for modification C:\Program Files\7-Zip\Lang\gl.txt smnss.exe File opened for modification C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml smnss.exe File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue II.xml smnss.exe File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Violet.xml smnss.exe File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Slipstream.xml smnss.exe File opened for modification C:\Program Files\7-Zip\Lang\th.txt smnss.exe -
Modifies registry class 6 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} 3d9f9c162e130c197301adb5a4e141f2e1ae8a19c85b457c429e8410a5c91464.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32\ = "C:\\Windows\\SysWow64\\shervans.dll" 3d9f9c162e130c197301adb5a4e141f2e1ae8a19c85b457c429e8410a5c91464.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32\ = "C:\\Windows\\SysWow64\\shervans.dll" smnss.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 3d9f9c162e130c197301adb5a4e141f2e1ae8a19c85b457c429e8410a5c91464.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node 3d9f9c162e130c197301adb5a4e141f2e1ae8a19c85b457c429e8410a5c91464.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID 3d9f9c162e130c197301adb5a4e141f2e1ae8a19c85b457c429e8410a5c91464.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 4092 smnss.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 1296 wrote to memory of 3808 1296 3d9f9c162e130c197301adb5a4e141f2e1ae8a19c85b457c429e8410a5c91464.exe 77 PID 1296 wrote to memory of 3808 1296 3d9f9c162e130c197301adb5a4e141f2e1ae8a19c85b457c429e8410a5c91464.exe 77 PID 1296 wrote to memory of 3808 1296 3d9f9c162e130c197301adb5a4e141f2e1ae8a19c85b457c429e8410a5c91464.exe 77 PID 3808 wrote to memory of 4092 3808 ctfmen.exe 78 PID 3808 wrote to memory of 4092 3808 ctfmen.exe 78 PID 3808 wrote to memory of 4092 3808 ctfmen.exe 78
Processes
-
C:\Users\Admin\AppData\Local\Temp\Mydoom\3d9f9c162e130c197301adb5a4e141f2e1ae8a19c85b457c429e8410a5c91464.exe"C:\Users\Admin\AppData\Local\Temp\Mydoom\3d9f9c162e130c197301adb5a4e141f2e1ae8a19c85b457c429e8410a5c91464.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1296 -
C:\Windows\SysWOW64\ctfmen.exectfmen.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3808 -
C:\Windows\SysWOW64\smnss.exeC:\Windows\system32\smnss.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Maps connected drives based on registry
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4092
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD558e287b04e88c601b064ca8ac422fe97
SHA167c07888ace004acdd8a4b63c20fda2ef21525dc
SHA256cc5256fe4f97a0c5b46632a1e3dc8df8c0f8767926136e6a36d1b4b8206af0f0
SHA51266dbc37f376b9a98b3e969eb03b994e05fb269720305225ab822c26003ada028cd7fc5e6e865bbbd8cde24d87d03638c331a2202f30c9a7a929f3b3f874f4b8b
-
Filesize
41KB
MD5c6d5efae8042a4364f84e9559e0268cd
SHA176fdb4dd52f2627bd9de30da9475a0f4e741ce5b
SHA2565dcda2a76a2ec2928605efc21be5b6b3ccbc2a34397256022b454ef49af92ad3
SHA512bcf3447ffc5cadec204ca32f9d56c44435009c5d1ffc0042c1fb91ba6b14e2c85bbbde4b0a2da80dc6908327149e4f41c56027c3e3d5dcb4775c48934602b242
-
Filesize
183B
MD532272cac7eb27aa343a534659b139871
SHA1a3a3cf772c898147122a42faca803d46bd8c8ae3
SHA256b4fbcc778a843b95e4cad57edfb8a80bc821edf108aa3bfd3139f4f1704b4f2b
SHA512e24389dd6e08c1ff15233fe827464a3b406b8f249f59a3dd87f5b9c1cf7e1835ac2dd743327fa3b9fa3598a44a45dbc5b75541cbec5fe965f2aad557d22fe65c
-
Filesize
8KB
MD509b1b148683bff62a592fa7e80516394
SHA1d2c002ab2f3a9b72f3f21ad47c1fb9b1c06db5e3
SHA25688f200100cbf70c9006b9a779bdf31aeb0c5a32b724068ae41e3c7eff249f41f
SHA51257fb78c01dc8905d4ec0c8f31fc7530139f8a91f279c9ebbcfad3803d50a1b4176c9e33111847707c39cb5efbf8a0a103693d3e68893d5c5e91951ce26f5aaa9