Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

5

db2eac6c05...7N.exe

windows7-x64

10

db2eac6c05...7N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    14/10/2024, 18:26 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    db2eac6c057580cb31d39dd7982a99fa4a21e1aa464196bdc7129b2f52e53db7N.exe

  • Size

    29KB

  • MD5

    fbd5abde40d4e8a6af8a7dd353c80560

  • SHA1

    5a17966fd0b869aab0a4bbcfddd43f787e31ea19

  • SHA256

    db2eac6c057580cb31d39dd7982a99fa4a21e1aa464196bdc7129b2f52e53db7

  • SHA512

    e2288693de86fbcb39998468266c2e4b8c64560343bb425341f0ad949efc251d0014dfce3ddf5737c563b54374109c093edaf5e20aab903167445f1c0073d40e

  • SSDEEP

    768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/0:AEwVs+0jNDY1qi/qM

Score
10/10
mydoomdiscoverypersistenceupxworm

Malware Config

Signatures

  • Detects MyDoom family 8 IoCs
  • MyDoom

    MyDoom is a Worm that is written in C++.

    wormmydoom
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • UPX packed file 26 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\db2eac6c057580cb31d39dd7982a99fa4a21e1aa464196bdc7129b2f52e53db7N.exe
    "C:\Users\Admin\AppData\Local\Temp\db2eac6c057580cb31d39dd7982a99fa4a21e1aa464196bdc7129b2f52e53db7N.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2384
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      PID:1032

Network

  • flag-us
    DNS
    alumni.caltech.edu
    db2eac6c057580cb31d39dd7982a99fa4a21e1aa464196bdc7129b2f52e53db7N.exe
    Remote address:
    8.8.8.8:53
    Request
    alumni.caltech.edu
    IN MX
    Response
    alumni.caltech.edu
    IN MX
    alumni-caltech-edumail protectionoutlookcom
  • flag-us
    DNS
    alumni-caltech-edu.mail.protection.outlook.com
    db2eac6c057580cb31d39dd7982a99fa4a21e1aa464196bdc7129b2f52e53db7N.exe
    Remote address:
    8.8.8.8:53
    Request
    alumni-caltech-edu.mail.protection.outlook.com
    IN A
    Response
    alumni-caltech-edu.mail.protection.outlook.com
    IN A
    52.101.9.2
    alumni-caltech-edu.mail.protection.outlook.com
    IN A
    52.101.194.4
    alumni-caltech-edu.mail.protection.outlook.com
    IN A
    52.101.42.16
    alumni-caltech-edu.mail.protection.outlook.com
    IN A
    52.101.8.32
  • flag-us
    DNS
    gzip.org
    db2eac6c057580cb31d39dd7982a99fa4a21e1aa464196bdc7129b2f52e53db7N.exe
    Remote address:
    8.8.8.8:53
    Request
    gzip.org
    IN MX
    Response
    gzip.org
    IN MX
  • flag-us
    DNS
    gzip.org
    db2eac6c057580cb31d39dd7982a99fa4a21e1aa464196bdc7129b2f52e53db7N.exe
    Remote address:
    8.8.8.8:53
    Request
    gzip.org
    IN A
    Response
    gzip.org
    IN A
    85.187.148.2
  • flag-us
    DNS
    alumni.caltech.edu
    db2eac6c057580cb31d39dd7982a99fa4a21e1aa464196bdc7129b2f52e53db7N.exe
    Remote address:
    8.8.8.8:53
    Request
    alumni.caltech.edu
    IN A
    Response
    alumni.caltech.edu
    IN A
    204.13.239.180
  • flag-us
    DNS
    mx.alumni.caltech.edu
    db2eac6c057580cb31d39dd7982a99fa4a21e1aa464196bdc7129b2f52e53db7N.exe
    Remote address:
    8.8.8.8:53
    Request
    mx.alumni.caltech.edu
    IN A
    Response
  • flag-us
    DNS
    mx.gzip.org
    db2eac6c057580cb31d39dd7982a99fa4a21e1aa464196bdc7129b2f52e53db7N.exe
    Remote address:
    8.8.8.8:53
    Request
    mx.gzip.org
    IN A
    Response
  • flag-us
    DNS
    mail.alumni.caltech.edu
    db2eac6c057580cb31d39dd7982a99fa4a21e1aa464196bdc7129b2f52e53db7N.exe
    Remote address:
    8.8.8.8:53
    Request
    mail.alumni.caltech.edu
    IN A
    Response
  • flag-us
    DNS
    smtp.alumni.caltech.edu
    db2eac6c057580cb31d39dd7982a99fa4a21e1aa464196bdc7129b2f52e53db7N.exe
    Remote address:
    8.8.8.8:53
    Request
    smtp.alumni.caltech.edu
    IN A
    Response
  • flag-us
    DNS
    mail.gzip.org
    db2eac6c057580cb31d39dd7982a99fa4a21e1aa464196bdc7129b2f52e53db7N.exe
    Remote address:
    8.8.8.8:53
    Request
    mail.gzip.org
    IN A
    Response
    mail.gzip.org
    IN CNAME
    gzip.org
    gzip.org
    IN A
    85.187.148.2
  • 10.156.133.4:1034
    services.exe
    152 B
     3
  • 10.222.21.129:1034
    services.exe
    152 B
     3
  • 192.168.56.182:1034
    services.exe
    152 B
     3
  • 10.227.85.66:1034
    services.exe
    152 B
     3
  • 192.168.2.107:1034
    services.exe
    152 B
     3
  • 52.101.9.2:25
    alumni-caltech-edu.mail.protection.outlook.com
    db2eac6c057580cb31d39dd7982a99fa4a21e1aa464196bdc7129b2f52e53db7N.exe
    152 B
     3
  • 85.187.148.2:25
    gzip.org
    db2eac6c057580cb31d39dd7982a99fa4a21e1aa464196bdc7129b2f52e53db7N.exe
    152 B
     3
  • 10.37.232.110:1034
    services.exe
    152 B
     3
  • 204.13.239.180:25
    alumni.caltech.edu
    db2eac6c057580cb31d39dd7982a99fa4a21e1aa464196bdc7129b2f52e53db7N.exe
    152 B
     3
  • 85.187.148.2:25
    gzip.org
    db2eac6c057580cb31d39dd7982a99fa4a21e1aa464196bdc7129b2f52e53db7N.exe
    152 B
     3
  • 192.168.2.108:1034
    services.exe
    152 B
     3
  • 85.187.148.2:25
    mail.gzip.org
    db2eac6c057580cb31d39dd7982a99fa4a21e1aa464196bdc7129b2f52e53db7N.exe
    152 B
     3
  • 192.168.2.13:1034
    services.exe
    52 B
     1
  • 8.8.8.8:53
    alumni.caltech.edu
    dns
    db2eac6c057580cb31d39dd7982a99fa4a21e1aa464196bdc7129b2f52e53db7N.exe
    64 B
     126 B
     1
    1

    DNS Request

    alumni.caltech.edu

  • 8.8.8.8:53
    alumni-caltech-edu.mail.protection.outlook.com
    dns
    db2eac6c057580cb31d39dd7982a99fa4a21e1aa464196bdc7129b2f52e53db7N.exe
    92 B
     156 B
     1
    1

    DNS Request

    alumni-caltech-edu.mail.protection.outlook.com

    DNS Response

    52.101.9.2
    52.101.194.4
    52.101.42.16
    52.101.8.32

  • 8.8.8.8:53
    gzip.org
    dns
    db2eac6c057580cb31d39dd7982a99fa4a21e1aa464196bdc7129b2f52e53db7N.exe
    54 B
     70 B
     1
    1

    DNS Request

    gzip.org

  • 8.8.8.8:53
    gzip.org
    dns
    db2eac6c057580cb31d39dd7982a99fa4a21e1aa464196bdc7129b2f52e53db7N.exe
    54 B
     70 B
     1
    1

    DNS Request

    gzip.org

    DNS Response

    85.187.148.2

  • 8.8.8.8:53
    alumni.caltech.edu
    dns
    db2eac6c057580cb31d39dd7982a99fa4a21e1aa464196bdc7129b2f52e53db7N.exe
    64 B
     80 B
     1
    1

    DNS Request

    alumni.caltech.edu

    DNS Response

    204.13.239.180

  • 8.8.8.8:53
    mx.alumni.caltech.edu
    dns
    db2eac6c057580cb31d39dd7982a99fa4a21e1aa464196bdc7129b2f52e53db7N.exe
    67 B
     145 B
     1
    1

    DNS Request

    mx.alumni.caltech.edu

  • 8.8.8.8:53
    mx.gzip.org
    dns
    db2eac6c057580cb31d39dd7982a99fa4a21e1aa464196bdc7129b2f52e53db7N.exe
    57 B
     124 B
     1
    1

    DNS Request

    mx.gzip.org

  • 8.8.8.8:53
    mail.alumni.caltech.edu
    dns
    db2eac6c057580cb31d39dd7982a99fa4a21e1aa464196bdc7129b2f52e53db7N.exe
    69 B
     147 B
     1
    1

    DNS Request

    mail.alumni.caltech.edu

  • 8.8.8.8:53
    smtp.alumni.caltech.edu
    dns
    db2eac6c057580cb31d39dd7982a99fa4a21e1aa464196bdc7129b2f52e53db7N.exe
    69 B
     147 B
     1
    1

    DNS Request

    smtp.alumni.caltech.edu

  • 8.8.8.8:53
    mail.gzip.org
    dns
    db2eac6c057580cb31d39dd7982a99fa4a21e1aa464196bdc7129b2f52e53db7N.exe
    59 B
     89 B
     1
    1

    DNS Request

    mail.gzip.org

    DNS Response

    85.187.148.2

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\tmpF643.tmp
    Filesize

    29KB

    MD5

    3948f367caa29cc0f753f3c5de792455

    SHA1

    b0858aa4b0372c862b0ff8f2259411b6cdef4c1f

    SHA256

    c6b36dfce1bd39a34f445253162808eb6d2226d320ff1133bcc68209440fb28a

    SHA512

    b0b2a0c66c847310aca043e0c78e16790591492d2ae23783e1dffa10d28df3bc89b0ac8282acf6d6051327d5deeb84ffcfde991eb8b139b91f3ebbb47b0cb53e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\zincite.log
    Filesize

    352B

    MD5

    9a7d8d8b6339a4bcf8f1cbfa5ce25385

    SHA1

    fad2f15d90ee6e9288aacc70ecb37e2af0a240d4

    SHA256

    1382ba7437e7eb88137ce38a66316bf4649919cc12aaaf9d043017fd69eda6af

    SHA512

    78ccc560661da8188b4c78bea246e317abc52ae5d93a8e3ca2a0952dcc0038850ceffbdf43af2b0dd60d2a96690802a8ddc6fd511fb25fc935bcd4257777b1d6

    Download Submit

  • C:\Windows\services.exe
    Filesize

    8KB

    MD5

    b0fe74719b1b647e2056641931907f4a

    SHA1

    e858c206d2d1542a79936cb00d85da853bfc95e2

    SHA256

    bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

    SHA512

    9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

    Download Submit

  • memory/1032-72-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1032-53-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1032-18-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1032-19-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1032-24-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1032-29-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1032-31-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1032-36-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1032-41-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1032-43-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1032-88-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1032-48-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1032-83-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1032-81-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1032-76-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2384-3-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2384-71-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/2384-2-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/2384-75-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/2384-15-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/2384-80-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/2384-16-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2384-52-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/2384-87-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/2384-47-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.