64dbef2a82943ec8cf9ad97177cafe53808586e7a3b39984a1bfd9f5c9b76ea5

Resubmissions

23/10/2024, 16:32

241023-t17s1szejg 7

10/10/2024, 17:44

241010-wbglmstdnr 10

Analysis

max time kernel
1439s
max time network
1447s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
23/10/2024, 16:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DoomRatBuilder.exe
Size

13.1MB
MD5

5a25fdddbf9c2a2108d6c70478da999f
SHA1

d9c9aad0605a76a443ec1e13fcfdbf2f67e667a4
SHA256

64dbef2a82943ec8cf9ad97177cafe53808586e7a3b39984a1bfd9f5c9b76ea5
SHA512

47a8b80758dcec95671dfd72e41fccb78f9ed04f17f7c7a5089d3237f7094d5029bc10b853da97d6c2e8b5de8bcba09618821e2a4d5d2ae15b6b8e9e6eebe191
SSDEEP

393216:7GV21SQhZ2YsHFUK2Jn1+TtIiFQS2NXNsIX3WabTToj:OFQZ2YwUlJn1QtIm28Inpzo

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 14 IoCs

pid	Process
2792	DoomRatBuilder.exe
2792	DoomRatBuilder.exe
2792	DoomRatBuilder.exe
2792	DoomRatBuilder.exe
2792	DoomRatBuilder.exe
2792	DoomRatBuilder.exe
2792	DoomRatBuilder.exe
960	DoomRatBuilder.exe
960	DoomRatBuilder.exe
960	DoomRatBuilder.exe
960	DoomRatBuilder.exe
960	DoomRatBuilder.exe
960	DoomRatBuilder.exe
960	DoomRatBuilder.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	2276	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2276	AUDIODG.EXE
Token: 33	2276	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2276	AUDIODG.EXE

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2108 wrote to memory of 2792	2108	DoomRatBuilder.exe	31
PID 2108 wrote to memory of 2792	2108	DoomRatBuilder.exe	31
PID 2108 wrote to memory of 2792	2108	DoomRatBuilder.exe	31
PID 296 wrote to memory of 960	296	DoomRatBuilder.exe	38
PID 296 wrote to memory of 960	296	DoomRatBuilder.exe	38
PID 296 wrote to memory of 960	296	DoomRatBuilder.exe	38

C:\Users\Admin\AppData\Local\Temp\DoomRatBuilder.exe
"C:\Users\Admin\AppData\Local\Temp\DoomRatBuilder.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2108
- C:\Users\Admin\AppData\Local\Temp\DoomRatBuilder.exe
  "C:\Users\Admin\AppData\Local\Temp\DoomRatBuilder.exe"
  2⤵
  - Loads dropped DLL
  PID:2792

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:3060

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x454
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2276

C:\Users\Admin\AppData\Local\Temp\DoomRatBuilder.exe
"C:\Users\Admin\AppData\Local\Temp\DoomRatBuilder.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:296
- C:\Users\Admin\AppData\Local\Temp\DoomRatBuilder.exe
  "C:\Users\Admin\AppData\Local\Temp\DoomRatBuilder.exe"
  2⤵
  - Loads dropped DLL
  PID:960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI21082\api-ms-win-core-file-l1-2-0.dll

Filesize
22KB

MD5
852904535068e569e2b157f3bca0c08f

SHA1
c79b4d109178f4ab8c19ab549286eee4edf6eddb

SHA256
202b77cd363fce7c09d9a59b5779f701767c8734cc17bbe8b9ece5a0619f2225

SHA512
3e814678c7aa0d3d3a637ce3048e3b472dbb01b2e2a5932e5b257aa76bf8de8117a38e2a352daff66939a73c1b971b302f5635ea1d826b8a3afa49f9b543a541

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21082\api-ms-win-core-localization-l1-2-0.dll

Filesize
22KB

MD5
f1d0595773886d101e684e772118d1ef

SHA1
290276053a75cbeb794441965284b18311ab355d

SHA256
040e1572da9a980392184b1315f27ebcdaf07a0d94ddf49cbd0d499f7cdb099a

SHA512
db57f4ae78f7062cfe392d6829c5975be91d0062ff06725c45c06a74e04ade8bcaf709cfebeba8146fb4396206141aa49572968ea240aa1cba909e43985dc3ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21082\python312.dll

Filesize
6.6MB

MD5
cae8fa4e7cb32da83acf655c2c39d9e1

SHA1
7a0055588a2d232be8c56791642cb0f5abbc71f8

SHA256
8ad53c67c2b4db4387d5f72ee2a3ca80c40af444b22bf41a6cfda2225a27bb93

SHA512
db2190da2c35bceed0ef91d7553ff0dea442286490145c3d0e89db59ba1299b0851e601cc324b5f7fd026414fc73755e8eff2ef5fb5eeb1c54a9e13e7c66dd0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21082\ucrtbase.dll

Filesize
1.1MB

MD5
a9f5b06fae677c9eb5be8b37d5fb1cb9

SHA1
5c37b880a1479445dd583f85c58a8790584f595d

SHA256
4e9e93fd6486571e1b5dce381fa536fb6c5593584d3330368ccd47ee6107bf52

SHA512
5d7664716fa52f407d56771862262317ac7f4a03f31f209333c3eea7f1c8cf3d5dbafc1942122948d19208d023df220407014f47e57694e70480a878822b779a

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21082\api-ms-win-core-file-l2-1-0.dll

Filesize
22KB

MD5
cdfc83e189bda0ac9eab447671754e87

SHA1
cf597ee626366738d0ea1a1d8be245f26abbea72

SHA256
f4811f251c49c9ae75f9fe25890bacede852e4f1bfdc6685f49096253a43f007

SHA512
659ee46e210fcad6c778988a164ce3f69a137d05fb2699ff662540cbb281b38719017f1049d5189fafdae06c07a48d3d29dd98e11c1cae5d47768c243af37fe9

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21082\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
22KB

MD5
e26a5e364a76bf00feaab920c535adbb

SHA1
411eaf1ca1d8f1aebcd816d93933561c927f2754

SHA256
b3c0356f64e583c8aca3b1284c6133540a8a12f94b74568fb78ddc36eac6ab15

SHA512
333e42eeea07a46db46f222e27429facaaf2ce8a433f0c39f5d5c72e67d894c813d3cf77880434f6373e0d8fffa3ef96d5f37e38dd4775491f3da2b569e9df59

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21082\api-ms-win-core-timezone-l1-1-0.dll

Filesize
22KB

MD5
566232dabd645dcd37961d7ec8fde687

SHA1
88a7a8c777709ae4b6d47bed6678d0192eb3bc3f

SHA256
1290d332718c47961052ebc97a3a71db2c746a55c035a32b72e5ff00eb422f96

SHA512
e5d549c461859445006a4083763ce855adbb72cf9a0bcb8958daa99e20b1ca8a82dec12e1062787e2ae8aee94224b0c92171a4d99ed348b94eab921ede205220

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads