Analysis

  • max time kernel
    120s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    11-12-2024 07:56

General

  • Target

    c6f81d9e11a4646b9307abfdf48e3e71a7b9c3acd9a9fdd535166aa02bb2907cN.exe

  • Size

    29KB

  • MD5

    8a5e80827a6672b4cc9154e0f1f6b3a0

  • SHA1

    87ac9d1c691e6865d391b1fc1f470f721aebaad7

  • SHA256

    c6f81d9e11a4646b9307abfdf48e3e71a7b9c3acd9a9fdd535166aa02bb2907c

  • SHA512

    de386c8b7e027d7df735457fd7280044bf7eb35212d855c2ccab7bcc4c79f94472fa939f66a4e6c3cc0ba1b872e2d16a927db6913364bee4e3ebcf3ae88dde85

  • SSDEEP

    768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/Hd:AEwVs+0jNDY1qi/qPd

Malware Config

Signatures

  • Detects MyDoom family 5 IoCs
  • MyDoom

    MyDoom is a Worm that is written in C++.

  • Mydoom family
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • UPX packed file 22 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Windows directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c6f81d9e11a4646b9307abfdf48e3e71a7b9c3acd9a9fdd535166aa02bb2907cN.exe
    "C:\Users\Admin\AppData\Local\Temp\c6f81d9e11a4646b9307abfdf48e3e71a7b9c3acd9a9fdd535166aa02bb2907cN.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2676
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      PID:2792

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\tmp819E.tmp

    Filesize

    29KB

    MD5

    0b532b7bf728e47d3f657f8bbd3fab8d

    SHA1

    e4e4d75812dc8392517290b31cc3e50d557acdad

    SHA256

    3a77c206f7f901db9366b1321423db71a2f498ae2751e2d54bbc10b910b50dfd

    SHA512

    9621f45963e2740ec6f31155db7e58b0a4e0e67aedcc76fcf56dda4698abb44eab3f1cd9cabd2a5bc8982dcd280830c177bd3f41098c7ac73863f094da32e5a1

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    352B

    MD5

    0062970dd882c0185685f51baef96fa0

    SHA1

    d7b36976c0c3a82206e9dc766098ea36b9d22ed3

    SHA256

    e4fa1f74e4ee1dffee8254a21c12cde1f08f734db63ab3c6d1946b25a897d507

    SHA512

    a9afa29988f9b0ece66b8a75a658fb52da826da83c51b65734987fa8605820741ebf1a37f0868425fe6da57038f74daac7f4b4514aa72d770f357887d74e9a63

  • C:\Windows\services.exe

    Filesize

    8KB

    MD5

    b0fe74719b1b647e2056641931907f4a

    SHA1

    e858c206d2d1542a79936cb00d85da853bfc95e2

    SHA256

    bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

    SHA512

    9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

  • memory/2676-42-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2676-4-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2676-69-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2676-16-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2676-0-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2676-64-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2676-62-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2792-18-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2792-41-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2792-36-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2792-43-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2792-48-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2792-31-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2792-29-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2792-24-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2792-63-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2792-19-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2792-65-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2792-10-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2792-70-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB