Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
21-12-2024 04:54
General
-
Target
c9538335efea0850c8c0d7ac5352557b75d379e1986cd3edf6f3aa98445d7211.exe
-
Size
29KB
-
MD5
8dd67b3c36b761a5085153694ba31601
-
SHA1
80572cef4c31aa01a479bde9c3a2cad7bfc09bf3
-
SHA256
c9538335efea0850c8c0d7ac5352557b75d379e1986cd3edf6f3aa98445d7211
-
SHA512
c8bdda3434babb0a2d1b25c1ae158f6e37c1a8ac5a2085add19e1b85063cfb7e14fd226c00c9841184249cf0c4d123ed906144d638a89694cdcfc81e8f948b31
-
SSDEEP
768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/H:AEwVs+0jNDY1qi/qf
Malware Config
Signatures
-
Detects MyDoom family 6 IoCs
-
MyDoom
MyDoom is a Worm that is written in C++.
-
Mydoom family
-
Executes dropped EXE 1 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Windows directory 3 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c9538335efea0850c8c0d7ac5352557b75d379e1986cd3edf6f3aa98445d7211.exe"C:\Users\Admin\AppData\Local\Temp\c9538335efea0850c8c0d7ac5352557b75d379e1986cd3edf6f3aa98445d7211.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\services.exe"C:\Windows\services.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
29KB
MD55056ca1ae90653b83a005155fcd6b10a
SHA14005041ddf382974b3ce9bf291ddc1570cd2c763
SHA256b9a9e7d16b56b40bef09ffc476f693a299d5398401742188d4871d6452d2f3ee
SHA51258ab94a10d068f08b9647c8cce33f1c76c89c6b366a4fb998d92396214bd436386f6cec1ed130cebbd77aed2bbdfb892fc0dcf34df57800c99514d3963cb385b
-
Filesize
320B
MD54e6f88bc5bd58168fa01f9325eea71df
SHA1a10cf96e657b2e1909d08417ff6df39d19a0deae
SHA2567e7cb95b50ff5e8d9419edc450eb507af6a0cf005b5c4c3eca44082d63125807
SHA512a5323ad429b6bd60586e51c8977428af40bba5376f36025a55f98afc79ad8fbbb5161a6a3f79d0720a0dc6f0cdd70bed3b1714ebc119af544df432150d13e28d
-
Filesize
320B
MD5476af9ac001e7fc86c15cdb20fae1faa
SHA13589dcdc4be7b915a62c15bc6c4296c38e1c7dd8
SHA256ab232a09fda8209179911d4262b7c81ceed16d84a54e0d04e45cb29930eb6644
SHA5121204e5836c72f09627ae851df1a553ef253c3743bfcb4bcb89ce6ba2fccb57e9c92738a3ed4aad0b925dbd606d0678553ad393d8cc1a72f4ed573c1ccf8f35d6
-
Filesize
8KB
MD5b0fe74719b1b647e2056641931907f4a
SHA1e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA5129c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB