Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-12-2024 06:15

General

  • Target

    d96c686e761d6b017852f7ea2ead7652e4f4322a8bb64d4fc454b46a73a698c1.exe

  • Size

    29KB

  • MD5

    b3ecb4143e1a1429c2c9593d36dd82db

  • SHA1

    dea1df7fa990490667251e174de8d3d1730d8bc9

  • SHA256

    d96c686e761d6b017852f7ea2ead7652e4f4322a8bb64d4fc454b46a73a698c1

  • SHA512

    4baacb16d18db676e2787455dbc79208b77cc0559c3325c6abcd6d7904ed6cfd115fa22478ac8f95fa1d64f5f4b24efd5b32146d4fd00fec37541772ed36a210

  • SSDEEP

    768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/Z:AEwVs+0jNDY1qi/qx

Malware Config

Signatures

  • Detects MyDoom family 7 IoCs
  • MyDoom

    MyDoom is a Worm that is written in C++.

  • Mydoom family
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • UPX packed file 23 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Windows directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d96c686e761d6b017852f7ea2ead7652e4f4322a8bb64d4fc454b46a73a698c1.exe
    "C:\Users\Admin\AppData\Local\Temp\d96c686e761d6b017852f7ea2ead7652e4f4322a8bb64d4fc454b46a73a698c1.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1596
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      PID:4404

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FQRZN8O7\default[1].htm

    Filesize

    313B

    MD5

    ffb72ab4faba49ad441ce07db37dd8b6

    SHA1

    194e13c1c32ebb6e7a1dc912261cbd58a82ff71e

    SHA256

    7bd7c3676e98ddde8e0d5b63dd22cb9379d975bcd1d68884c97565cdd8d03660

    SHA512

    517be20d2442489ce39b48dc7f9f6f13f8c45d02703fb1865071f553d36b2289f5abc26c6089fc0bfad1a41fe318bf4b5a806915c5e45898ac744b7e4ed30257

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FQRZN8O7\search[2].htm

    Filesize

    25B

    MD5

    8ba61a16b71609a08bfa35bc213fce49

    SHA1

    8374dddcc6b2ede14b0ea00a5870a11b57ced33f

    SHA256

    6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1

    SHA512

    5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TTJXD3SW\default[1].htm

    Filesize

    315B

    MD5

    14b82aec966e8e370a28053db081f4e9

    SHA1

    a0f30ebbdb4c69947d3bd41fa63ec4929dddd649

    SHA256

    202eada95ef503b303a05caf5a666f538236c7e697f5301fd178d994fa6e24cf

    SHA512

    ec04f1d86137dc4d75a47ba47bb2f2c912115372fa000cf986d13a04121aae9974011aa716c7da3893114e0d5d0e2fb680a6c2fd40a1f93f0e0bfd6fd625dfa7

  • C:\Users\Admin\AppData\Local\Temp\Crxeuokzi.log

    Filesize

    320B

    MD5

    69f60f3f5f969571f353557dbf413cf7

    SHA1

    a01f98d64efcb28c11d3927ac55b670372d2aa96

    SHA256

    70ad7ddce59dea9bd46e4416e6b849040f3bc6f9f146a4d3c3ca4621383b890f

    SHA512

    02163eaf656a7669001e526560d09278d40f686e6d26970bcabd7c6b19a097e0350c3457f11940beed899acb6109987185ac101d0c1fe68cb506517e7e939a53

  • C:\Users\Admin\AppData\Local\Temp\tmp65AC.tmp

    Filesize

    29KB

    MD5

    d3e96017e7ff6afb59dee96b7bbfc15e

    SHA1

    1a2c72fc82174d8796b9431019149e0215246d48

    SHA256

    f8bb4cfb6fa9ee4ea336a4cbf2d65df4f2eefaae856c3060f56cbb18cf01711d

    SHA512

    46e4c3fa624bedb6a8200943dbf988d106d1db86b459e572b282486c25f61de6e444a7739b2e6656a7e5cb1d594dd3332220cae3a8047bfd5dc006c0b2b70c78

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    352B

    MD5

    8b4dd1d3b642de8f465902018628302f

    SHA1

    36f6702b99a37f179707eb79d05b6621f1433a71

    SHA256

    469dd0393726a522a94f40a86d6a82f7d170ce1c8cda78beedd57897bff3586d

    SHA512

    417e36e606a8634649f6e971e59e32813c59ffc4c8645f8ae961b81d39463c6afa49898b33f3310a0deccadbbe6e05f2b20c883bc5ecdb719b630df20db430b3

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    352B

    MD5

    84b0ce80d972a62e76050c709aeb5775

    SHA1

    c04fe47280c3abc032a63f91177fc26c63c85f82

    SHA256

    e523d9f50d030cbf836bc319f4446ac1379233e87496dea7db8adf641b313bc3

    SHA512

    ce54afc031ec2e737a9ce748b5d58f25c062baf4a652846be97db32d3701d11a18d275f1169d5bd533fa75d14db9cd603913c52ae36c45522dc1de85175d1ee6

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    352B

    MD5

    9fdb6f6a97d5a9ae78df3eb748121d80

    SHA1

    388cf13a1c8398405636a446d6fcbce50b81a8b1

    SHA256

    da7820210828ba5b91498b1ab6fcd4c0b1254c2a2bb47f563f2841c6b59a7b93

    SHA512

    a72eb3620897a41308b4de5a0cbdfa7ad8cbc6e35644f18f7b7d2d2e96bdf3343dfa13e2d1a44f781f7dd159fbc3720eac9468f58862988375695f02778209c0

  • C:\Windows\services.exe

    Filesize

    8KB

    MD5

    b0fe74719b1b647e2056641931907f4a

    SHA1

    e858c206d2d1542a79936cb00d85da853bfc95e2

    SHA256

    bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

    SHA512

    9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

  • memory/1596-13-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1596-150-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1596-32-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1596-172-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1596-0-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1596-108-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1596-214-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1596-141-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/4404-21-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4404-142-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4404-109-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4404-146-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4404-33-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4404-151-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4404-28-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4404-26-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4404-173-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4404-16-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4404-15-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4404-215-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4404-6-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB