Analysis

  • max time kernel
    120s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    11-12-2024 08:09

General

  • Target

    2cf8c7f3b82ddc4e81891a49b6b7c1b12f28602c1e0d83af66de76755081646c.exe

  • Size

    29KB

  • MD5

    2ec90742ca53582c17706a84c16a0af5

  • SHA1

    5d4c98c8fb675c2c062f5f521db615c2b169b7be

  • SHA256

    2cf8c7f3b82ddc4e81891a49b6b7c1b12f28602c1e0d83af66de76755081646c

  • SHA512

    70e5a6e0c6bfb4e1355c7c1a3a5b0df6ea7203be56bc7023976236b9adc50f4c52bd68646e8377b1108d5d52b7e513c38fda08de5637ab99a54c22b9ccb95a7e

  • SSDEEP

    768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/tG:AEwVs+0jNDY1qi/qc

Malware Config

Signatures

  • Detects MyDoom family 7 IoCs
  • MyDoom

    MyDoom is a Worm that is written in C++.

  • Mydoom family
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • UPX packed file 23 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Windows directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2cf8c7f3b82ddc4e81891a49b6b7c1b12f28602c1e0d83af66de76755081646c.exe
    "C:\Users\Admin\AppData\Local\Temp\2cf8c7f3b82ddc4e81891a49b6b7c1b12f28602c1e0d83af66de76755081646c.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2352
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      PID:2356

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\tmp89FA.tmp

    Filesize

    29KB

    MD5

    236b183361889c38846fdeb012a28358

    SHA1

    52b7ae3889581760074ba7d35d4524a06c969274

    SHA256

    054d4033974d36ba76883e297609065d5d874974db739f53606cf3901634431f

    SHA512

    b8c70484668abf339482d5a232f092b770a55f008c47bcf47e46c3706c6e3dc934bada595362fdbbdd9c599948d0a53b579af6d86f0d377ab97ae889ca9fb30b

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    352B

    MD5

    dffeea1ecff4a0f78cf32768d7806b07

    SHA1

    755607f5587b5f63a647302406d37f7c27b03d03

    SHA256

    5a4ac85ad3670945fd36b57726fb628d0e946884ce2e4c86d239a9803eb483af

    SHA512

    3ce262b5b128d8961896c352316ddb8e5e6c13e47823154ec53919f063078a3f75bfafa6b1f4da019dbe705beb2aa1e79408023049fd37f5d90473564925c299

  • C:\Windows\services.exe

    Filesize

    8KB

    MD5

    b0fe74719b1b647e2056641931907f4a

    SHA1

    e858c206d2d1542a79936cb00d85da853bfc95e2

    SHA256

    bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

    SHA512

    9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

  • memory/2352-62-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2352-4-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2352-74-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2352-67-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2352-0-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2352-58-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2352-34-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2352-15-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2352-39-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2356-40-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2356-35-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2356-17-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2356-30-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2356-59-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2356-28-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2356-63-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2356-23-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2356-68-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2356-70-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2356-18-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2356-75-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB