Overview

overview

10

Static

static

5

57dac74af2...1N.exe

windows7-x64

10

57dac74af2...1N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-12-2024 19:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    57dac74af2bed7168ad697803bb3dcea0fe4e6e3ed0dbac57cfa39078bf79621N.exe

  • Size

    29KB

  • MD5

    2e9dc5875437b85bad090beea11fac40

  • SHA1

    d410efd4f475c8aef3b6d4ead404d6263b99ca7f

  • SHA256

    57dac74af2bed7168ad697803bb3dcea0fe4e6e3ed0dbac57cfa39078bf79621

  • SHA512

    aac8a68f9ffc38f2cd1d08ee9c07e9a35ca29453d5411ba507ac91a2deea99a9ad45fc3e36643548792cdd82686504d04e5ef8390a450a5fabcae8d8bba910fa

  • SSDEEP

    768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/yL:AEwVs+0jNDY1qi/qKL

Score
10/10
mydoomdiscoverypersistenceupxworm

Malware Config

Signatures

  • Detects MyDoom family 3 IoCs
  • MyDoom

    MyDoom is a Worm that is written in C++.

    wormmydoom
  • Mydoom family
    mydoom
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • UPX packed file 19 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\57dac74af2bed7168ad697803bb3dcea0fe4e6e3ed0dbac57cfa39078bf79621N.exe
    "C:\Users\Admin\AppData\Local\Temp\57dac74af2bed7168ad697803bb3dcea0fe4e6e3ed0dbac57cfa39078bf79621N.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2772
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      PID:264

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\tmp6EEF.tmp
    Filesize

    29KB

    MD5

    60a8d758c7e6d536c3a53ccf60ec21d3

    SHA1

    5199fb48707a537969e7af8db1a6782506a414ed

    SHA256

    79c0901f1e106be7009b9cb6829b11be3b62210d4fa6901d6b6098e0d79a5c35

    SHA512

    65fd75ab0e2c5c3202358dc161ec2c384547595919da55f9954b410ff40b57340c7041a4aee14929c77588c2b273b57fec1ff6c34d8e68564de40f95d0851a7f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\zincite.log
    Filesize

    352B

    MD5

    65aa32401a7414341385d19eed425d3f

    SHA1

    bfd22e99f6f794267724624a2470e57603f55802

    SHA256

    43481f2b168e33076ab42495c2cffe592efadcf2ea287c8d780fad2482ee63ca

    SHA512

    6f44cc4da3d6ecb125e0f710bf8d14990e7b77a8e0c5fe4c8173af1d3964fd67e71402e12e44581bcf2e3f2ee98230c269674aa89c83e93b4014606a5e2acc37

    Download Submit

  • C:\Windows\services.exe
    Filesize

    8KB

    MD5

    b0fe74719b1b647e2056641931907f4a

    SHA1

    e858c206d2d1542a79936cb00d85da853bfc95e2

    SHA256

    bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

    SHA512

    9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

    Download Submit

  • memory/264-33-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/264-45-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/264-16-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/264-21-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/264-26-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/264-28-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/264-5-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/264-38-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/264-40-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/264-15-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/264-50-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/264-57-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/264-52-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2772-56-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/2772-51-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/2772-13-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/2772-0-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download