Overview

overview

10

Static

static

3

dec558ed05...18.exe

windows7-x64

10

dec558ed05...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    10-12-2024 22:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dec558ed05a4e33c7f71769d3832f107_JaffaCakes118.exe

  • Size

    195KB

  • MD5

    dec558ed05a4e33c7f71769d3832f107

  • SHA1

    073eb35eba241a631f900a67d10d794b25eeb28c

  • SHA256

    0e49b327e35f3e2c1328649d0752fa3fbe79b0aee1a875fbf36306a9fb587bd9

  • SHA512

    f7107ae2e184117c66cd3c63096f49852b6e578e51565ac3fe2a25a56a45901ce48df292aa7414f76df4dccdfdfcb5f48f103b29458ae7a1bf6867ea87dce91d

  • SSDEEP

    6144:Y1c6jL5pvnBYCLbb8Q5AGKgICNILqDe6x:Y1c6jL5pKCfZuyIQeg

Score
10/10
mydoomdiscoveryevasionpersistenceworm

Malware Config

Signatures

  • Detects MyDoom family 1 IoCs
  • Modifies firewall policy service 3 TTPs 1 IoCs
    evasion
  • MyDoom

    MyDoom is a Worm that is written in C++.

    wormmydoom
  • Mydoom family
    mydoom
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Suspicious use of WriteProcessMemory 21 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dec558ed05a4e33c7f71769d3832f107_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\dec558ed05a4e33c7f71769d3832f107_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2220
    • C:\Users\Admin\AppData\Local\Temp\dec558ed05a4e33c7f71769d3832f107_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\dec558ed05a4e33c7f71769d3832f107_JaffaCakes118.exe
      2⤵
      • Modifies firewall policy service
      • Loads dropped DLL
      • Adds Run key to start application
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of WriteProcessMemory
      PID:1868
      • C:\Windows\SysWOW64\retinascan.exe
        "C:\Windows\system32\retinascan.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2724
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 88
          4⤵
          • Loads dropped DLL
          • Program crash
          PID:2720
      • C:\Windows\SysWOW64\notepad.exe
        notepad C:\Users\Admin\AppData\Local\Temp\Message
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2540

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Message
    Filesize

    4KB

    MD5

    f87af49e8598bf7e127f21c9d04402a5

    SHA1

    1457d2ea368565224faa346aad1e37bce68a51de

    SHA256

    0ac03de88d8d313353ca2c9d9d1516e3742315017f55dd7168c4d4b3516d8f64

    SHA512

    3843f243d7e997ecbf09a5abdd387c12fcefde8bb548a1213235b133eec8d0e5c159e323b999749c7c563315ed1237284f4eadb0ad6e6b7daa406d1e488bf05f

    Download Submit

  • \Windows\SysWOW64\retinascan.exe
    Filesize

    53KB

    MD5

    8dff6ed5e52b67460e5ce81e9be4121d

    SHA1

    958a03f9ecc0ccc3695257b388838ac75d631f9d

    SHA256

    202cbe47018c1ef372496552697e650126411943061ccd1008b6faa28a02c3bb

    SHA512

    a65eba95bfa01bd974ed05048936622bfa72e566e4befabf4a6a754d33c54f2cc035d311ef985bda5d4c613e24e6fbe616d18bdc20d52bccc86e5552d1716446

    Download Submit

  • memory/1868-10-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1868-4-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1868-12-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1868-7-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1868-8-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1868-2-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1868-0-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1868-13-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1868-25-0x0000000000330000-0x0000000000342000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1868-30-0x0000000000330000-0x0000000000342000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1868-57-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1868-38-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1868-41-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1868-46-0x0000000000330000-0x0000000000342000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1868-47-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1868-52-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2724-32-0x0000000000400000-0x0000000000412000-memory.dmp

    Filesize

    72KB

    Download