Overview

overview

10

Static

static

5

b9bf370e4f...90.exe

windows7-x64

10

b9bf370e4f...90.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2024 20:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b9bf370e4f86cdd24ef7a804af09fa2301395f93a910872f016d52aa83d89e90.exe

  • Size

    29KB

  • MD5

    5347530b5c88849af501a10e33b88a50

  • SHA1

    1022adf7c7cecdc484113cd2c30f0cb396ae7769

  • SHA256

    b9bf370e4f86cdd24ef7a804af09fa2301395f93a910872f016d52aa83d89e90

  • SHA512

    1cb5d184587eef63c5fb96b67398fc4c4dd605eb5f218ae81c9092a722d02dc27fc37be3f1fb17841439635a108f594e4440c226aaf0fa28075b1b5ad257fef7

  • SSDEEP

    768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/U:AEwVs+0jNDY1qi/qM

Score
10/10
mydoomdiscoverypersistenceupxworm

Malware Config

Signatures

  • Detects MyDoom family 2 IoCs
  • MyDoom

    MyDoom is a Worm that is written in C++.

    wormmydoom
  • Mydoom family
    mydoom
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • UPX packed file 18 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b9bf370e4f86cdd24ef7a804af09fa2301395f93a910872f016d52aa83d89e90.exe
    "C:\Users\Admin\AppData\Local\Temp\b9bf370e4f86cdd24ef7a804af09fa2301395f93a910872f016d52aa83d89e90.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2668
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      PID:2196

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\tmpAA17.tmp
    Filesize

    29KB

    MD5

    c1ee105fc6683df37f644fa8c38d2bf1

    SHA1

    8158f838785ce71311c9efaa5eff65e2065814af

    SHA256

    d0c7959e017625647d9c32961d89b8ade8a6a77d6d86e662650a9cf6d4b2372b

    SHA512

    439916d25fe61e35ac7a8b909f2c92240c7174d7c71e3f9318e4a2da87485643e97b4c5bf12856e0ade066dabdbefcb6d17c5437db58598bac2fc04cd9552ad4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\zincite.log
    Filesize

    320B

    MD5

    0c2a63f7757791af005ef50815ce98de

    SHA1

    12f8937db241ca9d870bc4a258f48e4cb414ef9b

    SHA256

    7a5a68e716e92ef714ac81a55c5b530706e51d3272dd43e29d3ce694d906968b

    SHA512

    eeb30a89310f0e92fb26bcf21b6f5c3c0cfa6a5c1d41075e6844b78a5dd2088efb40bc62d0998ddc2579a3d4e8a23cbf3bf3a5758feb6f289a8a8b8da8dc0486

    Download Submit

  • C:\Windows\services.exe
    Filesize

    8KB

    MD5

    b0fe74719b1b647e2056641931907f4a

    SHA1

    e858c206d2d1542a79936cb00d85da853bfc95e2

    SHA256

    bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

    SHA512

    9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

    Download Submit

  • memory/2196-53-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2196-43-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2196-18-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2196-19-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2196-24-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2196-29-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2196-31-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2196-36-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2196-41-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2196-60-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2196-48-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2196-55-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2668-54-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/2668-0-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/2668-16-0x0000000000220000-0x0000000000228000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2668-15-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/2668-3-0x0000000000220000-0x0000000000228000-memory.dmp

    Filesize

    32KB

    Download