Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

5

0b2d726163...8N.exe

windows7-x64

10

0b2d726163...8N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    115s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20/12/2024, 01:55 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0b2d7261634f2913449e6645de6eb7086e15fbd7b8feb5b22c1ea3907de89298N.exe

  • Size

    29KB

  • MD5

    1d6d6d2bf2e6f25069ff0d5643189a50

  • SHA1

    8ab59a70eb0b24cc28b09eb8bf7c917b80ff7fbf

  • SHA256

    0b2d7261634f2913449e6645de6eb7086e15fbd7b8feb5b22c1ea3907de89298

  • SHA512

    43f8c0810e1988ae585e9c9a44f923a48c5774792aa93dcad96b4ab60803e908fe393de69f1248887dcc881fb2a6e26e43381b76f6b83f531750214e992a805f

  • SSDEEP

    768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/b:AEwVs+0jNDY1qi/qT

Score
10/10
mydoomdiscoverypersistenceupxworm

Malware Config

Signatures

  • Detects MyDoom family 6 IoCs
  • MyDoom

    MyDoom is a Worm that is written in C++.

    wormmydoom
  • Mydoom family
    mydoom
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • UPX packed file 21 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0b2d7261634f2913449e6645de6eb7086e15fbd7b8feb5b22c1ea3907de89298N.exe
    "C:\Users\Admin\AppData\Local\Temp\0b2d7261634f2913449e6645de6eb7086e15fbd7b8feb5b22c1ea3907de89298N.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2488
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      PID:2460

Network

  • flag-us
    DNS
    alumni.caltech.edu
    0b2d7261634f2913449e6645de6eb7086e15fbd7b8feb5b22c1ea3907de89298N.exe
    Remote address:
    8.8.8.8:53
    Request
    alumni.caltech.edu
    IN MX
    Response
    alumni.caltech.edu
    IN MX
    alumni-caltech-edumail protectionoutlookcom
  • flag-us
    DNS
    alumni-caltech-edu.mail.protection.outlook.com
    0b2d7261634f2913449e6645de6eb7086e15fbd7b8feb5b22c1ea3907de89298N.exe
    Remote address:
    8.8.8.8:53
    Request
    alumni-caltech-edu.mail.protection.outlook.com
    IN A
    Response
    alumni-caltech-edu.mail.protection.outlook.com
    IN A
    52.101.42.18
    alumni-caltech-edu.mail.protection.outlook.com
    IN A
    52.101.9.12
    alumni-caltech-edu.mail.protection.outlook.com
    IN A
    52.101.11.9
    alumni-caltech-edu.mail.protection.outlook.com
    IN A
    52.101.41.22
  • flag-us
    DNS
    gzip.org
    0b2d7261634f2913449e6645de6eb7086e15fbd7b8feb5b22c1ea3907de89298N.exe
    Remote address:
    8.8.8.8:53
    Request
    gzip.org
    IN MX
    Response
    gzip.org
    IN MX
  • flag-us
    DNS
    gzip.org
    0b2d7261634f2913449e6645de6eb7086e15fbd7b8feb5b22c1ea3907de89298N.exe
    Remote address:
    8.8.8.8:53
    Request
    gzip.org
    IN A
    Response
    gzip.org
    IN A
    85.187.148.2
  • flag-us
    DNS
    alumni.caltech.edu
    0b2d7261634f2913449e6645de6eb7086e15fbd7b8feb5b22c1ea3907de89298N.exe
    Remote address:
    8.8.8.8:53
    Request
    alumni.caltech.edu
    IN A
    Response
    alumni.caltech.edu
    IN A
    204.13.239.180
  • 10.156.133.4:1034
    services.exe
    152 B
     3
  • 172.16.1.5:1034
    services.exe
    152 B
     3
  • 172.16.1.2:1034
    services.exe
    152 B
     3
  • 192.168.17.106:1034
    services.exe
    152 B
     3
  • 10.222.21.129:1034
    services.exe
    152 B
     3
  • 52.101.42.18:25
    alumni-caltech-edu.mail.protection.outlook.com
    0b2d7261634f2913449e6645de6eb7086e15fbd7b8feb5b22c1ea3907de89298N.exe
    152 B
     3
  • 85.187.148.2:25
    gzip.org
    0b2d7261634f2913449e6645de6eb7086e15fbd7b8feb5b22c1ea3907de89298N.exe
    152 B
     3
  • 172.16.1.137:1034
    services.exe
    152 B
     3
  • 204.13.239.180:25
    alumni.caltech.edu
    0b2d7261634f2913449e6645de6eb7086e15fbd7b8feb5b22c1ea3907de89298N.exe
    152 B
     3
  • 85.187.148.2:25
    gzip.org
    0b2d7261634f2913449e6645de6eb7086e15fbd7b8feb5b22c1ea3907de89298N.exe
    152 B
     3
  • 8.8.8.8:53
    alumni.caltech.edu
    dns
    0b2d7261634f2913449e6645de6eb7086e15fbd7b8feb5b22c1ea3907de89298N.exe
    64 B
     126 B
     1
    1

    DNS Request

    alumni.caltech.edu

  • 8.8.8.8:53
    alumni-caltech-edu.mail.protection.outlook.com
    dns
    0b2d7261634f2913449e6645de6eb7086e15fbd7b8feb5b22c1ea3907de89298N.exe
    92 B
     156 B
     1
    1

    DNS Request

    alumni-caltech-edu.mail.protection.outlook.com

    DNS Response

    52.101.42.18
    52.101.9.12
    52.101.11.9
    52.101.41.22

  • 8.8.8.8:53
    gzip.org
    dns
    0b2d7261634f2913449e6645de6eb7086e15fbd7b8feb5b22c1ea3907de89298N.exe
    54 B
     70 B
     1
    1

    DNS Request

    gzip.org

  • 8.8.8.8:53
    gzip.org
    dns
    0b2d7261634f2913449e6645de6eb7086e15fbd7b8feb5b22c1ea3907de89298N.exe
    54 B
     70 B
     1
    1

    DNS Request

    gzip.org

    DNS Response

    85.187.148.2

  • 8.8.8.8:53
    alumni.caltech.edu
    dns
    0b2d7261634f2913449e6645de6eb7086e15fbd7b8feb5b22c1ea3907de89298N.exe
    64 B
     80 B
     1
    1

    DNS Request

    alumni.caltech.edu

    DNS Response

    204.13.239.180

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\tmp211B.tmp
    Filesize

    29KB

    MD5

    71ffc7e6f490854a5437d7a23e2673f8

    SHA1

    67159bfbf6a0574b0aa4afe6d9b236404dfdd464

    SHA256

    588092fab9253263d5dcbaa42ebb8df1682da342577a4acee5d3bd70e63db3ae

    SHA512

    8dca875ea3c25d8c48b838bc06240549ebfe834ab2993e54aa4dd84082654c1bcbcfad2b7f7f1eb1ba6e8d5d8db0e4cbaa1836dc1639b4fecd35176e85406817

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\zincite.log
    Filesize

    320B

    MD5

    3892126e65f7fd1f143b23e048124cd8

    SHA1

    1544502e52bba2d1ef969977d133051980cc297c

    SHA256

    e9b33f5485a48f87d1e34e3cfab315dd243e2e2b11aa473d1e096c8176c7f832

    SHA512

    cf9599deac1a60247467a96a36df931b0eb4316e9076683eb551f796ec9e896ffa32fa42fb57abaa4b62e61a3b80bb52aad09ea929898cd3b02fc89d2cf53a91

    Download Submit

  • C:\Windows\services.exe
    Filesize

    8KB

    MD5

    b0fe74719b1b647e2056641931907f4a

    SHA1

    e858c206d2d1542a79936cb00d85da853bfc95e2

    SHA256

    bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

    SHA512

    9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

    Download Submit

  • memory/2460-37-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2460-44-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2460-80-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2460-19-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2460-20-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2460-25-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2460-30-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2460-32-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2460-75-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2460-42-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2460-73-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2460-49-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2488-16-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/2488-9-0x0000000000220000-0x0000000000228000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2488-4-0x0000000000220000-0x0000000000228000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2488-72-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/2488-43-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/2488-74-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/2488-2-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/2488-79-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/2488-17-0x0000000000220000-0x0000000000228000-memory.dmp

    Filesize

    32KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.