Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-11-2024 08:23

General

  • Target

    a05674d2f64ba3c9f9e2d359b44013fe0b128a8bbc641496bbaf93dd9301da5c.exe

  • Size

    29KB

  • MD5

    696072b5525d69126b1a4c27ecdfbce7

  • SHA1

    2166e73bbfcc31f1aa8f4e28abb1a657e06b4f6d

  • SHA256

    a05674d2f64ba3c9f9e2d359b44013fe0b128a8bbc641496bbaf93dd9301da5c

  • SHA512

    965652a8f6eacade7fe5f560ae4ec151e01ad39b4dedca2477b5202bf85c8e38f4797d001d1c58f62e40f79e57449df0d26786c521b4308e5a1d7f8c1e22020c

  • SSDEEP

    768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/T5u3H:AEwVs+0jNDY1qi/qA

Malware Config

Signatures

  • Detects MyDoom family 10 IoCs
  • MyDoom

    MyDoom is a Worm that is written in C++.

  • Mydoom family
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • UPX packed file 29 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Windows directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a05674d2f64ba3c9f9e2d359b44013fe0b128a8bbc641496bbaf93dd9301da5c.exe
    "C:\Users\Admin\AppData\Local\Temp\a05674d2f64ba3c9f9e2d359b44013fe0b128a8bbc641496bbaf93dd9301da5c.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4028
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      PID:3952

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2YUS9Q6F\default[2].htm

    Filesize

    305B

    MD5

    157431349a057954f4227efc1383ecad

    SHA1

    69ccc939e6b36aa1fabb96ad999540a5ab118c48

    SHA256

    8553409a8a3813197c474a95d9ae35630e2a67f8e6f9f33b3f39ef4c78a8bfac

    SHA512

    6405adcfa81b53980f448c489c1d13506d874d839925bffe5826479105cbf5ba194a7bdb93095585441c79c58de42f1dab1138b3d561011dc60f4b66d11e9284

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2YUS9Q6F\default[4].htm

    Filesize

    311B

    MD5

    cb42662caffe525e9957c942617edf06

    SHA1

    615009db9a1a242579e639ee0fc7a2a765095bfe

    SHA256

    312bf5c9a1a122abc6361bf8ed01a44346285b962c0d273ef2de0eb796ae1b15

    SHA512

    3e6777f1f74f64fff6cb2bd1a81a6c08d9a64feeebc3deb7cacb8f0f41b23a5c59a8e6294b99c76dd386aaaf9043a1a252ac47910fe1801bdc2995f7b675692c

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6IJLDY7V\default[10].htm

    Filesize

    308B

    MD5

    5243568476eb2052b2f3b67dc9053e86

    SHA1

    b126aa6506772f9024b76580bdf28b45e3a7f051

    SHA256

    2d458622dc76eb87e44cc7db89309efdf50f99821145ae86864fd1b714cbaa80

    SHA512

    3c68cef4e3daa4bca6e8b3aa5a31874be1e4dec38fe9781c6fe4890980744527d0c6818eeb519f8e6b322118e1f08302d85972fa7da4ba8be9421aabf9a77833

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6IJLDY7V\default[5].htm

    Filesize

    302B

    MD5

    e3ce7b4e89668aaf9e0a6de317575af8

    SHA1

    a08cffbde120781baf281f4a7653980197283971

    SHA256

    e014684b9f80308ceb8807a3580fcf948923f3a1b8a3ea84982c664362feda1b

    SHA512

    9d7e129ea739ff87eca236ff117afaa09eb0f71bae9af9d22b7cadf5c8a71054c35561df744c9d335579f4b6980d2722a316b9720420003efa684ababb9ee9c4

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\H4VCA4X1\default[6].htm

    Filesize

    315B

    MD5

    14b82aec966e8e370a28053db081f4e9

    SHA1

    a0f30ebbdb4c69947d3bd41fa63ec4929dddd649

    SHA256

    202eada95ef503b303a05caf5a666f538236c7e697f5301fd178d994fa6e24cf

    SHA512

    ec04f1d86137dc4d75a47ba47bb2f2c912115372fa000cf986d13a04121aae9974011aa716c7da3893114e0d5d0e2fb680a6c2fd40a1f93f0e0bfd6fd625dfa7

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\H4VCA4X1\search[2].htm

    Filesize

    25B

    MD5

    8ba61a16b71609a08bfa35bc213fce49

    SHA1

    8374dddcc6b2ede14b0ea00a5870a11b57ced33f

    SHA256

    6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1

    SHA512

    5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W9QJOIKH\default[4].htm

    Filesize

    312B

    MD5

    c15952329e9cd008b41f979b6c76b9a2

    SHA1

    53c58cc742b5a0273df8d01ba2779a979c1ff967

    SHA256

    5d065a88f9a1fb565c2d70e87148d469dd9dcbbefea4ccc8c181745eda748ab7

    SHA512

    6aecdd949abcd2cb54e2fe3e1171ee47c247aa3980a0847b9934f506ef9b2d3180831adf6554c68b0621f9f9f3cd88767ef9487bc6e51cecd6a8857099a7b296

  • C:\Users\Admin\AppData\Local\Temp\tmp72FC.tmp

    Filesize

    29KB

    MD5

    6a0ab9ad29dcce222c703b458f12155a

    SHA1

    c29c6fdb45913def7a2035f442b46ce0bdace2e9

    SHA256

    2b26032be8b10cc86de73e4c42cad86f4b27331e8c906004ba9d80a51ebed93a

    SHA512

    5a79472a9297fc02f448eedad9988ea814ab094edaaf1f336dc10370c5df47c8d0815fd1924b49a0841ca78f6af8e7fd5ad6efdd05797db48f4d7466aad1e5f4

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    352B

    MD5

    d06cfa7dd479860b7ed4c21f49af510a

    SHA1

    cd07026f049d47bbe5b9b9a0faeaa8c81340f73c

    SHA256

    b2349368755db7b96ceb4b7d420fe1babe85d0c997ad2665a8012520ec21fbbf

    SHA512

    90eac17bd1bd340b943105f63863abe4a232bbbad3f9e6fdd3fb0fa72d0027bb9c19a88118a04f84cfcc818c3a446c1667c8103b981a9eec1a0f54802c0ec1f5

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    352B

    MD5

    0a5899f20d4059246c1e78ceb42ff46e

    SHA1

    5b9c4fc1c60b1ad9f678c53ace53f8f7573bd51f

    SHA256

    6e77fca92842cbe9006fd4abe70c6d137a784b751a597d8ed3a3dd877f5031cf

    SHA512

    9080518a433c261e26ca0bfe485b0b2fb2b6aeee55a1755a4c004715361128f173a8bd26ed77332d6c87665c8acb830fd3157fcbac3452526287125791cdd3ae

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    413B

    MD5

    4372cc9a92cff33a34faa5126f3a2e11

    SHA1

    ccb48ddb7900e3b1dc930cf81d8df2a2fefbcd4b

    SHA256

    2fd9fefb445e2e757ba82ac9a153eed610f0338bd1167ef9092f2ce855ff7975

    SHA512

    54a226f7f7f89d4816fc3d5ffa96b75532e0c30ebb445202fcb485372146ed00ce2bd2a9419e1298a4e2faa98db5c6f3cd856b79017dc7a373401e37087405a8

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    352B

    MD5

    d6018a679451f575238f075b3ecd3b6d

    SHA1

    6eeed7be1fe2091a01c6073fece528d9a65f763a

    SHA256

    d8ceadbcb8bfa040cc043677b65d168acdb3050edd97b6d6a11898d6abcdf503

    SHA512

    ad369198639c9f4a35aa15396df3a7fd99a5f75b5db2116d71c195c5c15e0cd4dda31c97ba17c703ffc5b06cc1ee8ce2e68a02fc6c3a1f6bf1f4e150a88c7282

  • C:\Windows\services.exe

    Filesize

    8KB

    MD5

    b0fe74719b1b647e2056641931907f4a

    SHA1

    e858c206d2d1542a79936cb00d85da853bfc95e2

    SHA256

    bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

    SHA512

    9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

  • memory/3952-21-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3952-26-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3952-322-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3952-109-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3952-28-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3952-285-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3952-156-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3952-33-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3952-161-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3952-166-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3952-16-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3952-168-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3952-15-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3952-257-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3952-211-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3952-7-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4028-160-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/4028-250-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/4028-210-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/4028-167-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/4028-0-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/4028-284-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/4028-155-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/4028-108-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/4028-321-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/4028-32-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/4028-13-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB