Analysis
-
max time kernel
120s -
max time network
115s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
06-12-2024 13:30
General
-
Target
f4944126a2092e26c0493c5006505d68d635f42f1104bd44551b09de4a6b340c.exe
-
Size
29KB
-
MD5
e4035da1f21dacb3b8e2467809d3b3e3
-
SHA1
c73ffe42b84b9a8613694a2c4af70952b0dd02bd
-
SHA256
f4944126a2092e26c0493c5006505d68d635f42f1104bd44551b09de4a6b340c
-
SHA512
6477203fb06430505fca61937907d66028fecf51684c6ea287f591096725491dfd76e89b8a4ad7363f4eec72a50bd86bbed19c3c0c30ee07794d4aabc2def971
-
SSDEEP
768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/c:AEwVs+0jNDY1qi/qE
Malware Config
Signatures
-
Detects MyDoom family 8 IoCs
-
MyDoom
MyDoom is a Worm that is written in C++.
-
Mydoom family
-
Executes dropped EXE 1 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Windows directory 3 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f4944126a2092e26c0493c5006505d68d635f42f1104bd44551b09de4a6b340c.exe"C:\Users\Admin\AppData\Local\Temp\f4944126a2092e26c0493c5006505d68d635f42f1104bd44551b09de4a6b340c.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\services.exe"C:\Windows\services.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
29KB
MD5100830ce6b450e236c596ca486ac2578
SHA117c6abb0875b760120339f3a2b52b32c5de0123a
SHA2564d36f33ed74af090cd7df5ace54e4299cb2a16d7ae057720d43878720210c2f0
SHA51236535392817cb898ed0a25e9151d08bd92e22d8d49611ecc97a1c2ec811005f8fc7b3cc99cd58b0a918c27848945c430c51561fe77629623cffa1560c95d7960
-
Filesize
352B
MD557f6c7bafb6218c4bd46906e550dcb6f
SHA18a024902710f27605e1a1fb0a76c825883ed977b
SHA2569719f62e19277841ca32740fd8f0ad98f8acc0d4ab1e808c4a21816771808a04
SHA51283dc725aee78f1712fd70d871dcb5ece8027dd365b6df3ce2a8d7e9b34b08f1f832a82224300046d81f11034442b908cf7d5c4222d6ea3289db76c5d6884f9d6
-
Filesize
8KB
MD5b0fe74719b1b647e2056641931907f4a
SHA1e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA5129c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB