5c4e60801dd978710cdce9a43bcd6e14e3fa8e6790dc981b4ad25307628b41a0

Analysis

max time kernel
1s
max time network
2s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
27-09-2024 17:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DoomRat.exe
Size

13.1MB
MD5

567b550c62dc82e09dd15b9c32e0c72e
SHA1

3397499e49714d4bd4fbb49525cf3df06ec7d5eb
SHA256

5c4e60801dd978710cdce9a43bcd6e14e3fa8e6790dc981b4ad25307628b41a0
SHA512

5156d85a00591caa08df22f5536fc4b43099774a1d05386f4890561eaf388dedc5685c6cbe5d461da3c7fb2a7fa630291bdbb0bc56fb765cc89d1c2adfafcb35
SSDEEP

393216:bGV21SQhZ2YsHFUK2Jn1+TtIiFQS2NXNsIX3WabTToj:uFQZ2YwUlJn1QtIm28Inpzo

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
1068	DoomRat.exe
1068	DoomRat.exe
1068	DoomRat.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4588 wrote to memory of 1068	4588	DoomRat.exe	83
PID 4588 wrote to memory of 1068	4588	DoomRat.exe	83

C:\Users\Admin\AppData\Local\Temp\DoomRat.exe
"C:\Users\Admin\AppData\Local\Temp\DoomRat.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4588
- C:\Users\Admin\AppData\Local\Temp\DoomRat.exe
  "C:\Users\Admin\AppData\Local\Temp\DoomRat.exe"
  2⤵
  - Loads dropped DLL
  PID:1068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI45882\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45882\_ctypes.pyd

Filesize
122KB

MD5
c8afa1ebb28828e1115c110313d2a810

SHA1
1d0d28799a5dbe313b6f4ddfdb7986d2902fa97a

SHA256
8978972cf341ccd0edf8435d63909a739df7ef29ec7dd57ed5cab64b342891f0

SHA512
4d9f41bd23b62600d1eb097d1578ba656b5e13fd2f31ef74202aa511111969bb8cfc2a8e903de73bd6e63fadaa59b078714885b8c5b8ecc5c4128ff9d06c1e56

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45882\base_library.zip

Filesize
1.3MB

MD5
763d1a751c5d47212fbf0caea63f46f5

SHA1
845eaa1046a47b5cf376b3dbefcf7497af25f180

SHA256
378a4b40f4fa4a8229c93e0afee819085251af03402ccefa3b469651e50e60b7

SHA512
bb356dd610e6035f4002671440ce96624addf9a89fd952a6419647a528a551a6ccd0eca0ee2eeb080d9aad683b5afc9415c721fa62c3bcddcb7f1923f59d9c45

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45882\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45882\python3.DLL

Filesize
66KB

MD5
8dbe9bbf7118f4862e02cd2aaf43f1ab

SHA1
935bc8c5cea4502d0facf0c49c5f2b9c138608ed

SHA256
29f173e0147390a99f541ba0c0231fdd7dfbca84d0e2e561ef352bf1ec72f5db

SHA512
938f8387dcc356012ac4a952d371664700b110f7111fcc24f5df7d79791ae95bad0dbaf77d2d6c86c820bfd48a6bdbe8858b7e7ae1a77df88e596556c7135ed4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45882\python312.dll

Filesize
5.4MB

MD5
11be2fa8380505b985c199423c7a571f

SHA1
c0aaa1e11d848e219d81c0a14cb0557f7a2b77c8

SHA256
24e5aa342d36e5b8a2e8daeb4bd1ee75213c2e4c5eb2a841314d85563a78416f

SHA512
0917368f7d91551c233c699bebc30c1aba67227d53cc78384b424753446967f15026a19865314580615ec1d519a9deb233f3d6bccee4c8168c1c2e6d55195f27

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45882\python312.dll

Filesize
3.0MB

MD5
52dc6b7b6231a68c20058c03adb0f8d1

SHA1
904d6e0a2549b8420caf81d9b5083330f0fdbf3c

SHA256
29f83ce326725266487ffe7d8c08ab33bf6ecb565861aa2a18b294c6b376a4b8

SHA512
e5e58e727dc5a7efae3bca388df8e8158cd2c2171acd205a770e152c1e160ee6dc6000afe3b4eba2edb7a775047e8cdc9406b0dd279bc4963e69dbe420036444

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45882\ucrtbase.dll

Filesize
1.1MB

MD5
a9f5b06fae677c9eb5be8b37d5fb1cb9

SHA1
5c37b880a1479445dd583f85c58a8790584f595d

SHA256
4e9e93fd6486571e1b5dce381fa536fb6c5593584d3330368ccd47ee6107bf52

SHA512
5d7664716fa52f407d56771862262317ac7f4a03f31f209333c3eea7f1c8cf3d5dbafc1942122948d19208d023df220407014f47e57694e70480a878822b779a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads