Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16-12-2024 23:54

General

  • Target

    77a48a207b6422159d34da82f3f51e1d06ae410442b1ac8c63cd1c3e2e67d051.exe

  • Size

    29KB

  • MD5

    120c9a26d054883386ffff27829ada18

  • SHA1

    ec30b77106ae777e32c0efd6babf57e75026b14e

  • SHA256

    77a48a207b6422159d34da82f3f51e1d06ae410442b1ac8c63cd1c3e2e67d051

  • SHA512

    a416884e3b9c7a9fd44acfc6607d78a1ed766e165e3fe701713d09a2f6110644d3093b5febbf0a67be0ab0f2f6fddbf1fafc953285b4121709efe6343ca542c9

  • SSDEEP

    768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9//L:AEwVs+0jNDY1qi/q7

Malware Config

Signatures

  • Detects MyDoom family 9 IoCs
  • MyDoom

    MyDoom is a Worm that is written in C++.

  • Mydoom family
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • UPX packed file 28 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Windows directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies system certificate store 2 TTPs 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\77a48a207b6422159d34da82f3f51e1d06ae410442b1ac8c63cd1c3e2e67d051.exe
    "C:\Users\Admin\AppData\Local\Temp\77a48a207b6422159d34da82f3f51e1d06ae410442b1ac8c63cd1c3e2e67d051.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies system certificate store
    • Suspicious use of WriteProcessMemory
    PID:1848
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      PID:2176

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    63a05fc9d93edf1a44090761a3acad62

    SHA1

    b1e736275b4699aefd9af6ebbcd0f351bed05c4c

    SHA256

    3df7c95d932380a1d5ae5fd7af8f1f84213616797d0c528db50738eede742ff0

    SHA512

    a5b51c7faf70b1c1700e3b334698d25cbde372a25f1b37195bb6f8d9ba2c57d90b6a5d525a763f3451671b249a30c0db085317edb5f128ca9ec224897a0c3ac8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fa13dea75439f2bef892564fced09591

    SHA1

    0dd493287bd10353c0665959edeb9c3671407151

    SHA256

    4bf8baeebf8fd6c00f49a1559588c52cf0d41203abcf9b855f492c3c135ab9bc

    SHA512

    b6ac2bb70fcbcce03d88fddf6af31d588a4da6586a2be92db8607b10ddf20b9b14616ae94bed2b1b160fefacb487717dce35cd5c0f782a4b8d7b262c9ec4d2f0

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EB0KZ1Y4\search[1].htm

    Filesize

    25B

    MD5

    8ba61a16b71609a08bfa35bc213fce49

    SHA1

    8374dddcc6b2ede14b0ea00a5870a11b57ced33f

    SHA256

    6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1

    SHA512

    5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

  • C:\Users\Admin\AppData\Local\Temp\CabF300.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarF303.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • C:\Users\Admin\AppData\Local\Temp\tmpEAFD.tmp

    Filesize

    29KB

    MD5

    b79952ece8bd16ea543eea917a2d71d0

    SHA1

    b90306bde2afc590265364986afd2413717c9e00

    SHA256

    74931428b31a1b75d65c39d3ac2e6fac9d21bcbaf8a4c6a68d14e6f7ec5abb4f

    SHA512

    67bb0ebfb7f5f80a9567079ae245aab3c3ff7f082975cb7f77853110bb19cab743b79d908fb4123c6d133be21e3c29e150eb8e251c6ad7086d862acc1bc953ce

  • C:\Users\Admin\AppData\Local\Temp\w4ihiaNhc.log

    Filesize

    320B

    MD5

    a02a8710342b04e3e0a3ae059dd99ae6

    SHA1

    1a0761e98b2557caa40ee4ee376289a299b39e57

    SHA256

    b114aeeecfe11affbdc1d316e873b226ed0324ea784d19fad899111635022daf

    SHA512

    64804837d664f6c960eb831788a7a1112e7c2eefc7afd6110a7e21a0aea1b06bd751e94a2dbff10b7063a9bdf1c1858247afb2e4a0f1624fe4d9ca04135cc34f

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    352B

    MD5

    0487d0da2a9503ba491a5a4dcbdab715

    SHA1

    d49737984f3a645856138d8c06ed35ba03ec50da

    SHA256

    97b40bf44a5123bcc184f709a9b25aa2796fcb7714700f54b990fe88bb8086a7

    SHA512

    8fa49ee71bf99f152fea58b79a879cb737871eabf0e7efaf19b3edd9c48405e96fa77fc4233e99719a00756fe20c2147647537d5a02f90df1892b16060350b40

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    352B

    MD5

    846e04794934a1e93bbb33013b521835

    SHA1

    82d5286ef5dc2b8bec84ced6d3aed020b08eed91

    SHA256

    dc5fd249f0eb683f8ac5a9c946cb85ffd27076ad33b6f33c1e61283ac114650a

    SHA512

    a226d2c5fe1e296db0eff7caa46b7fa57b446cc5dac5b57d99eae37322333802aadc45154e66ca1d534d1964d6d98eb5cba341b225a21b7af735cc788aca6093

  • C:\Windows\services.exe

    Filesize

    8KB

    MD5

    b0fe74719b1b647e2056641931907f4a

    SHA1

    e858c206d2d1542a79936cb00d85da853bfc95e2

    SHA256

    bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

    SHA512

    9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

  • memory/1848-86-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1848-19-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1848-233-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1848-9-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1848-43-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1848-10-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1848-45-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1848-17-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1848-18-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1848-0-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1848-81-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1848-69-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1848-76-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1848-74-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2176-32-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2176-87-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2176-77-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2176-20-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2176-75-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2176-22-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2176-70-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2176-89-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2176-82-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2176-27-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2176-46-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2176-44-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2176-39-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2176-11-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2176-234-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2176-34-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB