Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-12-2024 14:35

General

  • Target

    95f95981296cfb24133b2c9b4e089630409df80a4c5e0bdcedaa4db91fca0f4dN.exe

  • Size

    29KB

  • MD5

    f61dbaa03cc6a9b0a51cd76d3181cc00

  • SHA1

    1b414131bffc995cc9d4028046c622940a1d20a0

  • SHA256

    95f95981296cfb24133b2c9b4e089630409df80a4c5e0bdcedaa4db91fca0f4d

  • SHA512

    2e8cdd45cbfaca6f53f850dd195210fa7f522d81ea3154b1ebe96f5fccc8e6adb6a2abda6d7dc86de91af2c946efe9ccfe21800cd1fb2667d9ae6a58deb907be

  • SSDEEP

    768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/ZK:AEwVs+0jNDY1qi/q0

Malware Config

Signatures

  • Detects MyDoom family 7 IoCs
  • MyDoom

    MyDoom is a Worm that is written in C++.

  • Mydoom family
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • UPX packed file 23 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Windows directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\95f95981296cfb24133b2c9b4e089630409df80a4c5e0bdcedaa4db91fca0f4dN.exe
    "C:\Users\Admin\AppData\Local\Temp\95f95981296cfb24133b2c9b4e089630409df80a4c5e0bdcedaa4db91fca0f4dN.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3588
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      PID:4472

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9IEW0KLU\default[2].htm

    Filesize

    312B

    MD5

    c15952329e9cd008b41f979b6c76b9a2

    SHA1

    53c58cc742b5a0273df8d01ba2779a979c1ff967

    SHA256

    5d065a88f9a1fb565c2d70e87148d469dd9dcbbefea4ccc8c181745eda748ab7

    SHA512

    6aecdd949abcd2cb54e2fe3e1171ee47c247aa3980a0847b9934f506ef9b2d3180831adf6554c68b0621f9f9f3cd88767ef9487bc6e51cecd6a8857099a7b296

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\L6PPXFHA\default[1].htm

    Filesize

    315B

    MD5

    14b82aec966e8e370a28053db081f4e9

    SHA1

    a0f30ebbdb4c69947d3bd41fa63ec4929dddd649

    SHA256

    202eada95ef503b303a05caf5a666f538236c7e697f5301fd178d994fa6e24cf

    SHA512

    ec04f1d86137dc4d75a47ba47bb2f2c912115372fa000cf986d13a04121aae9974011aa716c7da3893114e0d5d0e2fb680a6c2fd40a1f93f0e0bfd6fd625dfa7

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\L6PPXFHA\default[6].htm

    Filesize

    310B

    MD5

    2a8026547dafd0504845f41881ed3ab4

    SHA1

    bedb776ce5eb9d61e602562a926d0fe182d499db

    SHA256

    231fe7c979332b82ceccc3b3c0c2446bc2c3cab5c46fb7687c4bb579a8bba7ce

    SHA512

    1f6fa43fc0cf5cbdb22649a156f36914b2479a93d220bf0e23a32c086da46dd37e8f3a789e7a405abef0782e7b3151087d253c63c6cefcad10fd47c699fbcf97

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VKYZDMA5\default[1].htm

    Filesize

    302B

    MD5

    e3ce7b4e89668aaf9e0a6de317575af8

    SHA1

    a08cffbde120781baf281f4a7653980197283971

    SHA256

    e014684b9f80308ceb8807a3580fcf948923f3a1b8a3ea84982c664362feda1b

    SHA512

    9d7e129ea739ff87eca236ff117afaa09eb0f71bae9af9d22b7cadf5c8a71054c35561df744c9d335579f4b6980d2722a316b9720420003efa684ababb9ee9c4

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VKYZDMA5\search[2].htm

    Filesize

    25B

    MD5

    8ba61a16b71609a08bfa35bc213fce49

    SHA1

    8374dddcc6b2ede14b0ea00a5870a11b57ced33f

    SHA256

    6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1

    SHA512

    5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

  • C:\Users\Admin\AppData\Local\Temp\plqrk.log

    Filesize

    320B

    MD5

    63fb51dc7f97a6bf1860cbe7bb206138

    SHA1

    108f596a153c3f117c469ea511a918eb17d74383

    SHA256

    1dcd72a295c9eedba8de55456cbbc24c164c0b820a19fd59f4796c5c41668836

    SHA512

    27e9dcb18a8f7b3fb9338e800de85ce639a0c00398e4775198259fea5916c5132af3a1f1cbf5d3eeb51bd4b1190887daed7f841fac30c7724ee37aa26ce3b11e

  • C:\Users\Admin\AppData\Local\Temp\tmp465D.tmp

    Filesize

    29KB

    MD5

    bbb09298b11d80d810eef8be1abb0830

    SHA1

    739984021570c8ca003abe2966d5ccb607f406f3

    SHA256

    a292903d02e6756eefc26c36a358a74aca09379eb66e8b8b7e012d03d49bf895

    SHA512

    04a8d673e6a2ea8139cf6746a63d4cbbf037c98f66526e0b0c57b8d572cca68d323c070f69aebd4d930ba1d27ecb555051159cf43b3f6ba712a28f68f719dc7c

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    352B

    MD5

    06143a379c09490399d0c73af664ed13

    SHA1

    29ef1abe7fef8530a23bd62abe7e67d5f02dd662

    SHA256

    8c27889ab239a1c6a4165449f3d3acd9ac863193ce65eae012603b170d01a5ba

    SHA512

    fb6bf9355fc1a48ae051d08a592d4820e4d0f644f313fc1fc7ed5935dcb20b3c047a53c55b3afe337811e1f0b1ab548b24ed90c32e523948e50517e2fe5bd067

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    352B

    MD5

    0c58d5c15998d55c0f713508de326ef6

    SHA1

    825b1877dd6ad245e3d47c715c385a3504031c88

    SHA256

    dec8c8a7928fb3673f514a713276fab889779f3dfaa49d5b59b3622b2764d027

    SHA512

    2ce5fd16a5578a7890259cba904afc196e754d0107ae08996316f8d5671d8ea981792e7a7083c7d4340882b79037227342783106951fcc8c51e052a73a75f470

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    352B

    MD5

    d36778f04991360f76b476ad29c9bab1

    SHA1

    f180797560483a575513122db6549b98b6701601

    SHA256

    c30a969c8c009ee094df365e8e558cece9028accf1de5517d8a0e6d875a0d2dd

    SHA512

    a7fedfe489d22bb664901bbf11b19f5bf6c88a19ca88d428f879fcdc243dfead1dc0b3f8907560203857c22921e059a78f54c1a643101b08b99100326433e898

  • C:\Windows\services.exe

    Filesize

    8KB

    MD5

    b0fe74719b1b647e2056641931907f4a

    SHA1

    e858c206d2d1542a79936cb00d85da853bfc95e2

    SHA256

    bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

    SHA512

    9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

  • memory/3588-32-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/3588-175-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/3588-211-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/3588-117-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/3588-0-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/3588-13-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/3588-153-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/3588-162-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/4472-26-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4472-158-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4472-154-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4472-163-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4472-118-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4472-33-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4472-176-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4472-28-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4472-212-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4472-21-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4472-16-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4472-15-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4472-5-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB