Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-12-2024 06:20

General

  • Target

    d96c686e761d6b017852f7ea2ead7652e4f4322a8bb64d4fc454b46a73a698c1.exe

  • Size

    29KB

  • MD5

    b3ecb4143e1a1429c2c9593d36dd82db

  • SHA1

    dea1df7fa990490667251e174de8d3d1730d8bc9

  • SHA256

    d96c686e761d6b017852f7ea2ead7652e4f4322a8bb64d4fc454b46a73a698c1

  • SHA512

    4baacb16d18db676e2787455dbc79208b77cc0559c3325c6abcd6d7904ed6cfd115fa22478ac8f95fa1d64f5f4b24efd5b32146d4fd00fec37541772ed36a210

  • SSDEEP

    768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/Z:AEwVs+0jNDY1qi/qx

Malware Config

Signatures

  • Detects MyDoom family 7 IoCs
  • MyDoom

    MyDoom is a Worm that is written in C++.

  • Mydoom family
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • UPX packed file 26 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Windows directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d96c686e761d6b017852f7ea2ead7652e4f4322a8bb64d4fc454b46a73a698c1.exe
    "C:\Users\Admin\AppData\Local\Temp\d96c686e761d6b017852f7ea2ead7652e4f4322a8bb64d4fc454b46a73a698c1.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2000
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      PID:3976

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9IEW0KLU\search[2].htm

    Filesize

    25B

    MD5

    8ba61a16b71609a08bfa35bc213fce49

    SHA1

    8374dddcc6b2ede14b0ea00a5870a11b57ced33f

    SHA256

    6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1

    SHA512

    5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VKYZDMA5\default[3].htm

    Filesize

    312B

    MD5

    5431b34b55fc2e8dfe8e2e977e26e6b5

    SHA1

    87cf8feeb854e523871271b6f5634576de3e7c40

    SHA256

    3d7c76daab98368a0dd25cd184db039cdd5d1bc9bd6e9bb91b289119047f5432

    SHA512

    6f309dd924ba012486bcf0e3bafe64899007893ea9863b6f4e5428384ad23d9942c74d17c42a5cf9922a0e0fd8d61c287a2288a945a775586125d53376b9325c

  • C:\Users\Admin\AppData\Local\Temp\plqrk.log

    Filesize

    320B

    MD5

    573ee7a51b4d1b0b7fd881703b0dbedf

    SHA1

    aaeee0f4b0064863df8db7a9b93925d3bfd8fe1c

    SHA256

    d4a205bc88d0050e246f36387fa5f191ae36138523a722c64cb1a8d2db149081

    SHA512

    10f44033be67d4a63beda88d92ec0d2b3153506550438f118e9ff94fe883d41883562e9c86775bd7ed23c79cffc71382ba9651d8967637c4046b669c3b6c6c6a

  • C:\Users\Admin\AppData\Local\Temp\tmp2551.tmp

    Filesize

    29KB

    MD5

    a7e1cfa9a259f3490f3eb4aa54215271

    SHA1

    401a805c313e565c5bb5f1aa69fedff3488c0fa3

    SHA256

    208989a9280909e4596313ea11eaceca7c6cdfa878badac6015e319d78e6c193

    SHA512

    7f943f827b0f7d0cd4abc808212d099420807c3af2399bbac268db0040debd57e889570dc2964586aecb01b681939111682b90bef47c3f499fa7d016ace6c176

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    352B

    MD5

    340fde63b9c5ec44e263a01fe4536f89

    SHA1

    b600c98f19178b0eca72b14ea36f577f6c911936

    SHA256

    23f2cf6e604f61e2ec2acca47b498562d736554c2093eccd567ca8ebefbf1138

    SHA512

    2e0d51033743f820786bb13425669a4f15caee0baaddc812deade6429bb6b6c52d9216dce3216ef7f261158890f8d1f8e0d46b67a3ef3c7e7455fa9ea3a9ab42

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    352B

    MD5

    b9ac29cd3f749c15994ca4b87607536a

    SHA1

    3c6901608612e0fc01e3b6c2a6316cd9c0ebc7d1

    SHA256

    4f36c8ad79130f4c1f4cbfa621b3495738068d3f311182c678d1996ce918f363

    SHA512

    541ecab86267f925465c35af7ff5b9a366a16bb86b392d5e9f2f6ba159d45f34fb66a29d9fe47362b1d55ba4d84ee23aaf5bc4bc8c7680669aa4440d3225817e

  • C:\Windows\services.exe

    Filesize

    8KB

    MD5

    b0fe74719b1b647e2056641931907f4a

    SHA1

    e858c206d2d1542a79936cb00d85da853bfc95e2

    SHA256

    bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

    SHA512

    9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

  • memory/2000-13-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2000-164-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2000-132-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2000-0-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2000-171-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2000-201-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2000-44-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2000-49-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/3976-26-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3976-50-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3976-45-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3976-40-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3976-38-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3976-33-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3976-137-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3976-28-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3976-165-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3976-170-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3976-21-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3976-172-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3976-16-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3976-15-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3976-202-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3976-5-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB