513be2fa1186d385753fb7132ff2b786bf7cc8651b7d8c12dc242e3857eee143

Analysis

max time kernel
21s
max time network
17s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
24-09-2024 10:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DoomRat.exe_spiggma.exe
Size

12.1MB
MD5

9b13e58ef5dcfa319ff36e8dc040c248
SHA1

d97589619b4ba09b458888db1e93d08ff9a4d2e4
SHA256

513be2fa1186d385753fb7132ff2b786bf7cc8651b7d8c12dc242e3857eee143
SHA512

3a60282fdba5c70e0825c81b705c3d13721241605165ae28bd4fa59bdbbe2d6e4c666ce5d1a4475fc764d355eca9a6af607180bc46c7a7b938cf514e6944c9a0
SSDEEP

393216:4GV2CSQhZ2YsHFUK2Jn1+TtIiFQS2NXNsI8VbTToP:HYQZ2YwUlJn1QtIm28IKzo

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2308	DoomRat.exe_spiggma.exe
2308	DoomRat.exe_spiggma.exe
2308	DoomRat.exe_spiggma.exe
2308	DoomRat.exe_spiggma.exe
2308	DoomRat.exe_spiggma.exe
2308	DoomRat.exe_spiggma.exe
2308	DoomRat.exe_spiggma.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2096 wrote to memory of 2308	2096	DoomRat.exe_spiggma.exe	31
PID 2096 wrote to memory of 2308	2096	DoomRat.exe_spiggma.exe	31
PID 2096 wrote to memory of 2308	2096	DoomRat.exe_spiggma.exe	31

C:\Users\Admin\AppData\Local\Temp\DoomRat.exe_spiggma.exe
"C:\Users\Admin\AppData\Local\Temp\DoomRat.exe_spiggma.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2096
- C:\Users\Admin\AppData\Local\Temp\DoomRat.exe_spiggma.exe
  "C:\Users\Admin\AppData\Local\Temp\DoomRat.exe_spiggma.exe"
  2⤵
  - Loads dropped DLL
  PID:2308

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI20962\python312.dll

Filesize
6.6MB

MD5
cae8fa4e7cb32da83acf655c2c39d9e1

SHA1
7a0055588a2d232be8c56791642cb0f5abbc71f8

SHA256
8ad53c67c2b4db4387d5f72ee2a3ca80c40af444b22bf41a6cfda2225a27bb93

SHA512
db2190da2c35bceed0ef91d7553ff0dea442286490145c3d0e89db59ba1299b0851e601cc324b5f7fd026414fc73755e8eff2ef5fb5eeb1c54a9e13e7c66dd0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20962\ucrtbase.dll

Filesize
1.1MB

MD5
a9f5b06fae677c9eb5be8b37d5fb1cb9

SHA1
5c37b880a1479445dd583f85c58a8790584f595d

SHA256
4e9e93fd6486571e1b5dce381fa536fb6c5593584d3330368ccd47ee6107bf52

SHA512
5d7664716fa52f407d56771862262317ac7f4a03f31f209333c3eea7f1c8cf3d5dbafc1942122948d19208d023df220407014f47e57694e70480a878822b779a

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI20962\api-ms-win-core-file-l1-2-0.dll

Filesize
22KB

MD5
852904535068e569e2b157f3bca0c08f

SHA1
c79b4d109178f4ab8c19ab549286eee4edf6eddb

SHA256
202b77cd363fce7c09d9a59b5779f701767c8734cc17bbe8b9ece5a0619f2225

SHA512
3e814678c7aa0d3d3a637ce3048e3b472dbb01b2e2a5932e5b257aa76bf8de8117a38e2a352daff66939a73c1b971b302f5635ea1d826b8a3afa49f9b543a541

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI20962\api-ms-win-core-file-l2-1-0.dll

Filesize
22KB

MD5
cdfc83e189bda0ac9eab447671754e87

SHA1
cf597ee626366738d0ea1a1d8be245f26abbea72

SHA256
f4811f251c49c9ae75f9fe25890bacede852e4f1bfdc6685f49096253a43f007

SHA512
659ee46e210fcad6c778988a164ce3f69a137d05fb2699ff662540cbb281b38719017f1049d5189fafdae06c07a48d3d29dd98e11c1cae5d47768c243af37fe9

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI20962\api-ms-win-core-localization-l1-2-0.dll

Filesize
22KB

MD5
f1d0595773886d101e684e772118d1ef

SHA1
290276053a75cbeb794441965284b18311ab355d

SHA256
040e1572da9a980392184b1315f27ebcdaf07a0d94ddf49cbd0d499f7cdb099a

SHA512
db57f4ae78f7062cfe392d6829c5975be91d0062ff06725c45c06a74e04ade8bcaf709cfebeba8146fb4396206141aa49572968ea240aa1cba909e43985dc3ee

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI20962\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
22KB

MD5
e26a5e364a76bf00feaab920c535adbb

SHA1
411eaf1ca1d8f1aebcd816d93933561c927f2754

SHA256
b3c0356f64e583c8aca3b1284c6133540a8a12f94b74568fb78ddc36eac6ab15

SHA512
333e42eeea07a46db46f222e27429facaaf2ce8a433f0c39f5d5c72e67d894c813d3cf77880434f6373e0d8fffa3ef96d5f37e38dd4775491f3da2b569e9df59

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI20962\api-ms-win-core-timezone-l1-1-0.dll

Filesize
22KB

MD5
566232dabd645dcd37961d7ec8fde687

SHA1
88a7a8c777709ae4b6d47bed6678d0192eb3bc3f

SHA256
1290d332718c47961052ebc97a3a71db2c746a55c035a32b72e5ff00eb422f96

SHA512
e5d549c461859445006a4083763ce855adbb72cf9a0bcb8958daa99e20b1ca8a82dec12e1062787e2ae8aee94224b0c92171a4d99ed348b94eab921ede205220

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads