mydoom | 9e18cd3cd094fc7ec5dc092f65f636bcf62696e5ce66446ff22ca4e5ff1bba7d

Resubmissions

09-12-2024 01:59

241209-cee3faxpaw 10

09-12-2024 01:32

241209-byfmmssldk 10

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
09-12-2024 01:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9e18cd3cd094fc7ec5dc092f65f636bcf62696e5ce66446ff22ca4e5ff1bba7d.exe
Size

29KB
MD5

8f64565d433db7a1d282957a9370790c
SHA1

065f47a7d678b285809cb7c54e1e6497e85bd353
SHA256

9e18cd3cd094fc7ec5dc092f65f636bcf62696e5ce66446ff22ca4e5ff1bba7d
SHA512

125f75683c9c51ec1388737032fb5ced200b9559198830c46de9e16d24c821f42f5e83fe3d4d4705eaad20920ef2a1d176752d5c6cb5e6718010e82cd90cfee8
SSDEEP

768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/pO:AEwVs+0jNDY1qi/qc

Score

10^/10

mydoom discovery persistence upx worm

Malware Config

Signatures

Detects MyDoom family 9 IoCs

resource	yara_rule
behavioral1/memory/2492-16-0x0000000000500000-0x0000000000510200-memory.dmp	family_mydoom
behavioral1/memory/2492-41-0x0000000000500000-0x0000000000510200-memory.dmp	family_mydoom
behavioral1/memory/2492-43-0x0000000000500000-0x0000000000510200-memory.dmp	family_mydoom
behavioral1/memory/2492-70-0x0000000000500000-0x0000000000510200-memory.dmp	family_mydoom
behavioral1/memory/2492-75-0x0000000000500000-0x0000000000510200-memory.dmp	family_mydoom
behavioral1/memory/2492-77-0x0000000000500000-0x0000000000510200-memory.dmp	family_mydoom
behavioral1/memory/2492-82-0x0000000000500000-0x0000000000510200-memory.dmp	family_mydoom
behavioral1/memory/2492-87-0x0000000000500000-0x0000000000510200-memory.dmp	family_mydoom
behavioral1/memory/2492-306-0x0000000000500000-0x0000000000510200-memory.dmp	family_mydoom

MyDoom
MyDoom is a Worm that is written in C++.
worm mydoom
Mydoom family
mydoom

Executes dropped EXE 1 IoCs

pid	Process
2352	services.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe"	9e18cd3cd094fc7ec5dc092f65f636bcf62696e5ce66446ff22ca4e5ff1bba7d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe"	services.exe

UPX packed file 28 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2492-0-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/2492-4-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/files/0x0008000000015d81-7.dat	upx
behavioral1/memory/2492-16-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/2352-19-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2352-20-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2352-25-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2352-30-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2352-32-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2352-37-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2492-41-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/2352-42-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2492-43-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/2352-44-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/files/0x0005000000004ed7-57.dat	upx
behavioral1/memory/2492-70-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/2352-71-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2492-75-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/2352-76-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2492-77-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/2352-78-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2492-82-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/2352-83-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2492-87-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/2352-88-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2352-90-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2492-306-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/2352-307-0x0000000000400000-0x0000000000408000-memory.dmp	upx

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\services.exe	9e18cd3cd094fc7ec5dc092f65f636bcf62696e5ce66446ff22ca4e5ff1bba7d.exe
File opened for modification	C:\Windows\java.exe	9e18cd3cd094fc7ec5dc092f65f636bcf62696e5ce66446ff22ca4e5ff1bba7d.exe
File created	C:\Windows\java.exe	9e18cd3cd094fc7ec5dc092f65f636bcf62696e5ce66446ff22ca4e5ff1bba7d.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9e18cd3cd094fc7ec5dc092f65f636bcf62696e5ce66446ff22ca4e5ff1bba7d.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	services.exe

Modifies system certificate store 2 TTPs 4 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	9e18cd3cd094fc7ec5dc092f65f636bcf62696e5ce66446ff22ca4e5ff1bba7d.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	9e18cd3cd094fc7ec5dc092f65f636bcf62696e5ce66446ff22ca4e5ff1bba7d.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	9e18cd3cd094fc7ec5dc092f65f636bcf62696e5ce66446ff22ca4e5ff1bba7d.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	9e18cd3cd094fc7ec5dc092f65f636bcf62696e5ce66446ff22ca4e5ff1bba7d.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2492 wrote to memory of 2352	2492	9e18cd3cd094fc7ec5dc092f65f636bcf62696e5ce66446ff22ca4e5ff1bba7d.exe	30
PID 2492 wrote to memory of 2352	2492	9e18cd3cd094fc7ec5dc092f65f636bcf62696e5ce66446ff22ca4e5ff1bba7d.exe	30
PID 2492 wrote to memory of 2352	2492	9e18cd3cd094fc7ec5dc092f65f636bcf62696e5ce66446ff22ca4e5ff1bba7d.exe	30
PID 2492 wrote to memory of 2352	2492	9e18cd3cd094fc7ec5dc092f65f636bcf62696e5ce66446ff22ca4e5ff1bba7d.exe	30

C:\Users\Admin\AppData\Local\Temp\9e18cd3cd094fc7ec5dc092f65f636bcf62696e5ce66446ff22ca4e5ff1bba7d.exe
"C:\Users\Admin\AppData\Local\Temp\9e18cd3cd094fc7ec5dc092f65f636bcf62696e5ce66446ff22ca4e5ff1bba7d.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:2492
- C:\Windows\services.exe
  "C:\Windows\services.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  PID:2352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6becc438c4b96df5478200441f0f5c35

SHA1
91ec5b2e479d2eda3f7328fc24f3054293ef623b

SHA256
a2470020b8947561b4443f615768646543a86726df0f7da07782804252788357

SHA512
c1173e1475f79b68ddcd3be7ecc1966a12fce34aa3645e3037ad7e9d8dea9dbb36c6b1382612ceb297e40e52dda5f5399bfacbc286a716ac7f6b3ebb857fb7fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
10a5eda4ff2f67bc6830b3598d6c24dd

SHA1
1bc2048960cd86612f120f24186333c5b737c4d4

SHA256
ad0a0720cbf2c7e356e66c34ef473b51e887f7a3221ee27797f40c673474aafb

SHA512
05a543c04c71b136d05f0d98949b3e785a36e55d69743cd004eb8ef80a7b5bd7347ec900d105138c42a62b167b53e49f9bac873d55bc88e542ab03db550b8364

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9f5250b73a91842d838721d2de24ae69

SHA1
5e20191702caf969ab956e3e1f8b834b8a19b58a

SHA256
170af44ef06f7e7225195618dbe78b41039dbc09fd15253ebbaa374f10d7d629

SHA512
5a80085b0e3f3488beda167a5ba885c62a66cf1f16a57118cb0ceaa594f0eb51a6fafaed77d9c4b8b9a1b633bf11f1b23892b5e3950bf31daa8e2c18ad6d5819

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2748b89f8167c78a2e5c9ce783e088f2

SHA1
86d603f80b145d66e1af8750e0c85659b95653f5

SHA256
19dd8dc8eeb8bea0df37ef5f5a817d05f77b1c1c4eb8753f1a72f838b24e51b8

SHA512
cebf8de722121e420b1809e12c2e96f34652a36bd445eab67500a5a4ca579bb07d24ff8ebe873009e9e3ffebb05ea4adf47c8d68f09bb56a4cc355190f3f9f85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9GP4P3HF\search[2].htm

Filesize
25B

MD5
8ba61a16b71609a08bfa35bc213fce49

SHA1
8374dddcc6b2ede14b0ea00a5870a11b57ced33f

SHA256
6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1

SHA512
5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC9FF.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCABE.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\mnpNka.log

Filesize
320B

MD5
a7e558cee1817ef961722f53f36b025e

SHA1
7d92a5f3b244ce6b5dc26acbd857ff3398e9f608

SHA256
50018ff7f4523f6c36f291d8a05b9d8b966d6abecdb88a6d52c7acb7bfa8f24e

SHA512
6079669f5b9e9c9a2443ced19048b01d45a85b3e7fcdfae1f0c7fc653a5d2d0291b458fc2997d259aa168307d28430e0738aea1c51cb92f5f503e15c544f8008

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpC1EB.tmp

Filesize
29KB

MD5
33486ae8f2e0b73bef6b4e31fb25b547

SHA1
eaaa906563dfdab840814cff8fbaac99988e3b46

SHA256
09853950c8ef3b333dc97c0480e2ce46b7b848b93dfa1b336a49590cf671c240

SHA512
a1b41f70950663b393b01c474e81d8cf81c12f80ea45f836dc89f37064e2502fb78f5265d6a6fbdbfe334d9819e0b358b0bea619dd42216c9c0acad7a22cf3bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\zincite.log

Filesize
352B

MD5
2bcc77cdc6f2d838bcb4395a6a69b9d6

SHA1
67b17cad2bd00e080e08d265f18d06e9c333604e

SHA256
3723b9900818562ce3dd391d2746df9fd495f37f69bba3070f60e33d5cb68014

SHA512
1360cb2a9c58217d94a1e954a705d64646874f4eefcd631ce9f42a591fa8a80bcc42916ccc967d563c4473611f3737df5470a917c5b3a5cdb11a7fdd176bf8b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\zincite.log

Filesize
352B

MD5
614f63765805738ea5f7eaab54b07b3e

SHA1
ccfb30d70ddb13eaca6a9fed33aec17c98fedc8d

SHA256
d9bdbfd1c81372767ae3462fdc017a3ec0f7fd6e907e9fd1ac698c1cf14a3fa3

SHA512
4e628a82a35555f4ae1a8f288c5ec2c3228fa7a8460e1e2b1ce70e5080941a6ea2aeecdc52934725ebc3ddb473f64a258bfef95aa31f70e875f1e2cf56d762fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\zincite.log

Filesize
352B

MD5
cf78a0eac76b723c4ead5e9cb1a1e4aa

SHA1
9fe74c0aca355937f96844f44fabcbf7fa4ca8e9

SHA256
3d5c05dcc58ca18a960df4fb40ac8b47d885ae24c56e29357736e34129b3428f

SHA512
7480023cf48da8aecabc0aaf869b4e6c32f906f5d86f050f71ec18f1167e80668a66de40c019eb3da2e8cc043d31f34c3515949f74c53b7054bc45ea613ab61c

Download Submit
C:\Windows\services.exe

Filesize
8KB

MD5
b0fe74719b1b647e2056641931907f4a

SHA1
e858c206d2d1542a79936cb00d85da853bfc95e2

SHA256
bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

SHA512
9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

Download Submit
memory/2352-90-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2352-83-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2352-44-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2352-42-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2352-307-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2352-37-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2352-19-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2352-71-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2352-20-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2352-76-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2352-25-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2352-78-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2352-30-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2352-32-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2352-88-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2492-70-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/2492-0-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/2492-43-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/2492-82-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/2492-77-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/2492-75-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/2492-87-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/2492-17-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2492-16-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/2492-8-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2492-4-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2492-306-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/2492-41-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads