Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-12-2024 05:34

General

  • Target

    e4d211b85f29511eb9c6aec8fb2ce410dee096dbda1c0c8eed228dc4644a6cc6N.exe

  • Size

    29KB

  • MD5

    4b6f4d84b7235e5a82070c39fed9f6d0

  • SHA1

    a4c6d63b15b7d62458e08c09cbf978feb50676f7

  • SHA256

    e4d211b85f29511eb9c6aec8fb2ce410dee096dbda1c0c8eed228dc4644a6cc6

  • SHA512

    85388ad88d2ab7d34ca2b550c2224250ddea7be257adb37b7ec81044885b9ee39f6a7af60b04077ca8249b0bd0e928637e5186fa38264b8ed23374a4119cfe29

  • SSDEEP

    768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/uhQ:AEwVs+0jNDY1qi/qWm

Malware Config

Signatures

  • Detects MyDoom family 8 IoCs
  • MyDoom

    MyDoom is a Worm that is written in C++.

  • Mydoom family
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • UPX packed file 24 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Windows directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e4d211b85f29511eb9c6aec8fb2ce410dee096dbda1c0c8eed228dc4644a6cc6N.exe
    "C:\Users\Admin\AppData\Local\Temp\e4d211b85f29511eb9c6aec8fb2ce410dee096dbda1c0c8eed228dc4644a6cc6N.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:700
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      PID:1532

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8B3ZU6S9\default[3].htm

    Filesize

    304B

    MD5

    cde2c6ec81201bdd39579745c69d502f

    SHA1

    e025748a7d4361b2803140ed0f0abda1797f5388

    SHA256

    a81000fc443c3c99e0e653cca135e16747e63bccebd5052ed64d7ae6f63f227f

    SHA512

    de5ca6169b2bb42a452ebd2f92c23bad3a98c01845a875336d6affe7f0192c2782b1f66f149019c0b880410c836fc45b2e9157dcccc7ad0d9e5953521a2151d4

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FGDWJGSY\search[1].htm

    Filesize

    25B

    MD5

    8ba61a16b71609a08bfa35bc213fce49

    SHA1

    8374dddcc6b2ede14b0ea00a5870a11b57ced33f

    SHA256

    6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1

    SHA512

    5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

  • C:\Users\Admin\AppData\Local\Temp\tmp4CA6.tmp

    Filesize

    29KB

    MD5

    c332b0d1eaa522012227531527ee67eb

    SHA1

    26ef2b95c9df50831d89c9f5919e0e1571f29034

    SHA256

    2541b67ee4909c66c2415826ebc28e7ed928b49a752d19b1a66d8093980b9b54

    SHA512

    66f30f1f718e2cf3037892055e3a379b2c3ec4931e5d5838539a72ef03ead34efd80f1208ac2768456b496e08d4bb33fb227173c56095f9c606ba1c7a900a5b5

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    320B

    MD5

    258176ac35e9c8a251a6f2ceaba9288d

    SHA1

    687497681de64ed1b864b004177003faa4727586

    SHA256

    7b3c7a4ba427e3774844dac68e313ea34c166d9a29c44a794ec885b7fd1e8eae

    SHA512

    4c1f52141351c3dd3de46d2d25a3da291c43994f227139d436901b237449d7b49bd0ff35e25903f48fedd3c7712d64d024f7c0a576a8c3654f774b2d054ca124

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    320B

    MD5

    216b20b0e984b2fd7911635137a1d7c1

    SHA1

    cb02842216b48661821cafef0ea4ebc825171242

    SHA256

    c0d59bc7a0ffdd741632e8497a70898cfa3a991d4ffdd95c8ef48caed80765ae

    SHA512

    4645f07163ed81be780b533bb7da8fa45ca30efd3366e9b44856a04247481f6886c6e8cb0a2619bf1c43f42d9112619bdb0c6f5bc5b3fafa933c24805da0a4e6

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    320B

    MD5

    c990a6d859aae5a49ce86f0a4ae4d76e

    SHA1

    f7220526a2d5656fcf44b399f2903e72ae347416

    SHA256

    88eaa23dbe3743073021e2d24b5f393afdb9cac7b5460162f8724d23d5b238ad

    SHA512

    9cd9083b5bfa002e786a183a4e77cc3935659c0402d9ed9f627e6405c98a0d208873b2591ec3833166cd6c999e9142c82989e1fde19081919d805e51f0f9d360

  • C:\Windows\services.exe

    Filesize

    8KB

    MD5

    b0fe74719b1b647e2056641931907f4a

    SHA1

    e858c206d2d1542a79936cb00d85da853bfc95e2

    SHA256

    bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

    SHA512

    9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

  • memory/700-13-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/700-27-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/700-154-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/700-32-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/700-145-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/700-0-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/700-186-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/700-220-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/700-122-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1532-21-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1532-124-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1532-33-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1532-146-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1532-150-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1532-28-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1532-155-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1532-26-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1532-16-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1532-187-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1532-15-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1532-7-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1532-221-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB