Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/10/2024, 17:42

General

  • Target

    8dba599b863e224fe8a0d5a839bfddbc6a43823fff895678668168394852fb49N.exe

  • Size

    29KB

  • MD5

    24268a0e51c2b27e1977d137d52d2fc0

  • SHA1

    42ab9419bb16f371352e3350ee5d7d859f279c90

  • SHA256

    8dba599b863e224fe8a0d5a839bfddbc6a43823fff895678668168394852fb49

  • SHA512

    9e5ffc6c565d390adc5555c81d87424e5e90cdf29f6998642eab54d567559815680ef75a31fafb1ab3819a8e8506c84e256cf76bb3116e00add8c0785ed9038d

  • SSDEEP

    768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/0OI:AEwVs+0jNDY1qi/q2

Malware Config

Signatures

  • Detects MyDoom family 8 IoCs
  • MyDoom

    MyDoom is a Worm that is written in C++.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • UPX packed file 24 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Windows directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8dba599b863e224fe8a0d5a839bfddbc6a43823fff895678668168394852fb49N.exe
    "C:\Users\Admin\AppData\Local\Temp\8dba599b863e224fe8a0d5a839bfddbc6a43823fff895678668168394852fb49N.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3844
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      PID:4552

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3DWZNJ32\72BLSBWB.htm

    Filesize

    153KB

    MD5

    e35eb77d62de84192138612f2504ce77

    SHA1

    3d343b9054d9c08a624c04fb4d02ddc8f3d392c9

    SHA256

    720e41c0a10b0738e63ff0cc8ad03690eaf1f63d54e88c1436bb03835094a8fc

    SHA512

    a6cdd229e8a649b2f13708ab42fa80debd70c9785e82e40609985f380a8271315a8c42c28e477a96983ca62001ecdbf13223c57e9a87b6b4ee1a7ffc445f50bb

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OIPZWEW8\search[2].htm

    Filesize

    25B

    MD5

    8ba61a16b71609a08bfa35bc213fce49

    SHA1

    8374dddcc6b2ede14b0ea00a5870a11b57ced33f

    SHA256

    6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1

    SHA512

    5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OIPZWEW8\search[3].htm

    Filesize

    119KB

    MD5

    d3ca7e7a8fb8f14854c845e073bcb779

    SHA1

    53aff0da7a902d5e01b065a07f1833feb0ef4996

    SHA256

    68958d22ff1755cad5aa41cd32191e9646290b4f3831a25dee90cd4ccb371885

    SHA512

    98ae6c8fcbc21667caae0a5176ee1b399444f3c8c2b3409f40c3df2f23d5aba80ecba50cc60d2045335654b4bb4c74eb88f67e8541380812d95ce83e5508dc7c

  • C:\Users\Admin\AppData\Local\Temp\tmp24FB.tmp

    Filesize

    29KB

    MD5

    f0024fc25b30fc9751a4c8a5d1f7bb68

    SHA1

    e3aad6c61642d2b173e943a53e173f22d010802c

    SHA256

    cdd91bfec1b4095b54614891e00f8956f9d6472cf4fde13139bd0b99adecbbf6

    SHA512

    a40464ce7a4890dcaf5d4c54bb5c765aacdb33ff4d201d0c97561bdd44de7c5c768a7bb8fd8eeaf798bb81ea05ef0798b6a91cc3d3536ddb1d67f97e8001f787

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    320B

    MD5

    2b96f4b1b69f1b6c5103bf6c4b477e47

    SHA1

    b7a2980380ad183b588a6168504e929dd83160b4

    SHA256

    4da54bf66567409eaab0b3323eb314880b9a0c92cbaa419ccdf9f5d95bf1ba8f

    SHA512

    5eb8cd2bcf25de8540f0f8f2a13f42f64b027129f6f74ccb6df86bd58093c6c8008bb079e8204ab470f3daf755cde5ea5e48fc9a68ab33bee1007c7e3d82ea10

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    320B

    MD5

    ab6dd5478a363247d4779e93e8849c47

    SHA1

    e34a85caf20723181eb9ab407d5fc5b629026009

    SHA256

    f6932482f92b35ba5b3ff8dec2071de51924c3c3611970bf71c14c6c2e7e4c40

    SHA512

    a30d007bf6162a3d33d2f1beb53fc7f69ee81a4c5c4684997c836f4755f47f07d79d9007f6e7c67e7c115b51c6530087551bae4f64cb32f2b9eb013cdaded27e

  • C:\Windows\services.exe

    Filesize

    8KB

    MD5

    b0fe74719b1b647e2056641931907f4a

    SHA1

    e858c206d2d1542a79936cb00d85da853bfc95e2

    SHA256

    bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

    SHA512

    9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

  • memory/3844-268-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/3844-27-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/3844-258-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/3844-32-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/3844-256-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/3844-0-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/3844-295-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/3844-13-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/3844-299-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/4552-21-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4552-33-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4552-257-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4552-28-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4552-259-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4552-264-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4552-26-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4552-269-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4552-16-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4552-15-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4552-296-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4552-5-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4552-300-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB