Overview

overview

10

Static

static

5

20b72fbaf3...df.exe

windows7-x64

10

20b72fbaf3...df.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    115s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    19-12-2024 10:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    20b72fbaf3566c1786e005b651e09fac199ce2a1c4cbf60acf5a79e171ba37df.exe

  • Size

    29KB

  • MD5

    208bdcfa3fefd98a0206372d43caf6a9

  • SHA1

    34c6a174b8217cd776c3cc71111d3bd446775b6a

  • SHA256

    20b72fbaf3566c1786e005b651e09fac199ce2a1c4cbf60acf5a79e171ba37df

  • SHA512

    7ed29b4ce7f19aa754054303a584de6483a7a4d2c862b47f6671b65357867a225aaf16f456bdf1049c94db9615cf46a8b3c939562f35f26df03edb163e22a467

  • SSDEEP

    768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/NhO:AEwVs+0jNDY1qi/qVw

Score
10/10
mydoomdiscoverypersistenceupxworm

Malware Config

Signatures

  • Detects MyDoom family 6 IoCs
  • MyDoom

    MyDoom is a Worm that is written in C++.

    wormmydoom
  • Mydoom family
    mydoom
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • UPX packed file 23 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\20b72fbaf3566c1786e005b651e09fac199ce2a1c4cbf60acf5a79e171ba37df.exe
    "C:\Users\Admin\AppData\Local\Temp\20b72fbaf3566c1786e005b651e09fac199ce2a1c4cbf60acf5a79e171ba37df.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2568
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      PID:2572

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\tmp6634.tmp
    Filesize

    29KB

    MD5

    5a2b9e5802f91a7d873421d8bb6a433e

    SHA1

    67c716bb201717d72c38a6bb7e73143db82f7985

    SHA256

    a3a70296a999df656c6e6edd2eb6ffa20a78fda1639bb2a48c45f5b025426b45

    SHA512

    5157e1577b5bb3f90e4f49c464a4dd28facbade9eb0c77edb28bcdcb2f0e9fcb20711169e31c5fbe5c5dced5850860e256d525fa5de580349ce270cf6a3a4838

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\zincite.log
    Filesize

    320B

    MD5

    4f311cca3c7f6323a4b826759cd8ef52

    SHA1

    f708aa2ee60b6639a7a83d787aac658213df56f0

    SHA256

    3b459d60d7e860b8f541fe6af898d48784e13b2c097c3683c2a2cfe69b87f0f5

    SHA512

    3e67591ea5f762468370855242e93f36a3ed1277fdcf029751c7af953a93266f74cc18ab0557772d447712fb75c3980a3316190ef197d5bf1e0732d6c7f1522e

    Download Submit

  • C:\Windows\services.exe
    Filesize

    8KB

    MD5

    b0fe74719b1b647e2056641931907f4a

    SHA1

    e858c206d2d1542a79936cb00d85da853bfc95e2

    SHA256

    bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

    SHA512

    9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

    Download Submit

  • memory/2568-0-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/2568-4-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2568-70-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/2568-16-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/2568-63-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/2568-58-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/2568-56-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/2568-30-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/2572-36-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2572-31-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2572-29-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2572-24-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2572-57-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2572-19-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2572-59-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2572-18-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2572-64-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2572-69-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2572-71-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2572-10-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2572-76-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download