Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

5

3edac7882c...d1.exe

windows7-x64

10

3edac7882c...d1.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2024, 14:37 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3edac7882c676105838db860ba295e52cf9b4b8c0f57bfffcfbbbdf2fad870d1.exe

  • Size

    29KB

  • MD5

    27365240150d434987cd06c1ce9c29b6

  • SHA1

    5f60689aeab4631374de7b701fc88dc58f8a9fe9

  • SHA256

    3edac7882c676105838db860ba295e52cf9b4b8c0f57bfffcfbbbdf2fad870d1

  • SHA512

    03363cb4fab0b273cc90dd867ff1584352ae81331a3bb31c1187021ee6ee27f214945b85c0e322d3b982522f8791274f59abe9f6b54d6782e24bcf1a9c7ac0fb

  • SSDEEP

    768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/yhx:AEwVs+0jNDY1qi/qKL

Score
10/10
mydoomdiscoverypersistenceupxworm

Malware Config

Signatures

  • Detects MyDoom family 7 IoCs
  • MyDoom

    MyDoom is a Worm that is written in C++.

    wormmydoom
  • Mydoom family
    mydoom
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • UPX packed file 25 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3edac7882c676105838db860ba295e52cf9b4b8c0f57bfffcfbbbdf2fad870d1.exe
    "C:\Users\Admin\AppData\Local\Temp\3edac7882c676105838db860ba295e52cf9b4b8c0f57bfffcfbbbdf2fad870d1.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1600
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      PID:2816

Network

  • flag-us
    DNS
    alumni.caltech.edu
    3edac7882c676105838db860ba295e52cf9b4b8c0f57bfffcfbbbdf2fad870d1.exe
    Remote address:
    8.8.8.8:53
    Request
    alumni.caltech.edu
    IN MX
    Response
    alumni.caltech.edu
    IN MX
    alumni-caltech-edumail protectionoutlookcom
  • flag-us
    DNS
    alumni-caltech-edu.mail.protection.outlook.com
    3edac7882c676105838db860ba295e52cf9b4b8c0f57bfffcfbbbdf2fad870d1.exe
    Remote address:
    8.8.8.8:53
    Request
    alumni-caltech-edu.mail.protection.outlook.com
    IN A
    Response
    alumni-caltech-edu.mail.protection.outlook.com
    IN A
    52.101.42.9
    alumni-caltech-edu.mail.protection.outlook.com
    IN A
    52.101.41.26
    alumni-caltech-edu.mail.protection.outlook.com
    IN A
    52.101.194.19
    alumni-caltech-edu.mail.protection.outlook.com
    IN A
    52.101.10.18
  • flag-us
    DNS
    gzip.org
    3edac7882c676105838db860ba295e52cf9b4b8c0f57bfffcfbbbdf2fad870d1.exe
    Remote address:
    8.8.8.8:53
    Request
    gzip.org
    IN MX
    Response
    gzip.org
    IN MX
  • flag-us
    DNS
    gzip.org
    3edac7882c676105838db860ba295e52cf9b4b8c0f57bfffcfbbbdf2fad870d1.exe
    Remote address:
    8.8.8.8:53
    Request
    gzip.org
    IN A
    Response
    gzip.org
    IN A
    85.187.148.2
  • flag-us
    DNS
    alumni.caltech.edu
    3edac7882c676105838db860ba295e52cf9b4b8c0f57bfffcfbbbdf2fad870d1.exe
    Remote address:
    8.8.8.8:53
    Request
    alumni.caltech.edu
    IN A
    Response
    alumni.caltech.edu
    IN A
    204.13.239.180
  • flag-us
    DNS
    mx.alumni.caltech.edu
    3edac7882c676105838db860ba295e52cf9b4b8c0f57bfffcfbbbdf2fad870d1.exe
    Remote address:
    8.8.8.8:53
    Request
    mx.alumni.caltech.edu
    IN A
    Response
  • flag-us
    DNS
    mail.alumni.caltech.edu
    3edac7882c676105838db860ba295e52cf9b4b8c0f57bfffcfbbbdf2fad870d1.exe
    Remote address:
    8.8.8.8:53
    Request
    mail.alumni.caltech.edu
    IN A
    Response
  • flag-us
    DNS
    smtp.alumni.caltech.edu
    3edac7882c676105838db860ba295e52cf9b4b8c0f57bfffcfbbbdf2fad870d1.exe
    Remote address:
    8.8.8.8:53
    Request
    smtp.alumni.caltech.edu
    IN A
    Response
  • 172.16.1.3:1034
    services.exe
    152 B
     3
  • 192.168.56.176:1034
    services.exe
    152 B
     3
  • 10.135.189.123:1034
    services.exe
    152 B
     3
  • 192.168.144.131:1034
    services.exe
    152 B
     3
  • 10.127.0.6:1034
    services.exe
  • 52.101.42.9:25
    alumni-caltech-edu.mail.protection.outlook.com
    3edac7882c676105838db860ba295e52cf9b4b8c0f57bfffcfbbbdf2fad870d1.exe
    152 B
     3
  • 85.187.148.2:25
    gzip.org
    3edac7882c676105838db860ba295e52cf9b4b8c0f57bfffcfbbbdf2fad870d1.exe
    152 B
     3
  • 10.135.150.237:1034
    services.exe
    152 B
     3
  • 204.13.239.180:25
    alumni.caltech.edu
    3edac7882c676105838db860ba295e52cf9b4b8c0f57bfffcfbbbdf2fad870d1.exe
    152 B
     3
  • 85.187.148.2:25
    gzip.org
    3edac7882c676105838db860ba295e52cf9b4b8c0f57bfffcfbbbdf2fad870d1.exe
    152 B
     3
  • 10.202.221.84:1034
    services.exe
    152 B
     3
  • 10.135.150.237:1034
    services.exe
    52 B
     1
  • 8.8.8.8:53
    alumni.caltech.edu
    dns
    3edac7882c676105838db860ba295e52cf9b4b8c0f57bfffcfbbbdf2fad870d1.exe
    64 B
     126 B
     1
    1

    DNS Request

    alumni.caltech.edu

  • 8.8.8.8:53
    alumni-caltech-edu.mail.protection.outlook.com
    dns
    3edac7882c676105838db860ba295e52cf9b4b8c0f57bfffcfbbbdf2fad870d1.exe
    92 B
     156 B
     1
    1

    DNS Request

    alumni-caltech-edu.mail.protection.outlook.com

    DNS Response

    52.101.42.9
    52.101.41.26
    52.101.194.19
    52.101.10.18

  • 8.8.8.8:53
    gzip.org
    dns
    3edac7882c676105838db860ba295e52cf9b4b8c0f57bfffcfbbbdf2fad870d1.exe
    54 B
     70 B
     1
    1

    DNS Request

    gzip.org

  • 8.8.8.8:53
    gzip.org
    dns
    3edac7882c676105838db860ba295e52cf9b4b8c0f57bfffcfbbbdf2fad870d1.exe
    54 B
     70 B
     1
    1

    DNS Request

    gzip.org

    DNS Response

    85.187.148.2

  • 8.8.8.8:53
    alumni.caltech.edu
    dns
    3edac7882c676105838db860ba295e52cf9b4b8c0f57bfffcfbbbdf2fad870d1.exe
    64 B
     80 B
     1
    1

    DNS Request

    alumni.caltech.edu

    DNS Response

    204.13.239.180

  • 8.8.8.8:53
    mx.alumni.caltech.edu
    dns
    3edac7882c676105838db860ba295e52cf9b4b8c0f57bfffcfbbbdf2fad870d1.exe
    67 B
     145 B
     1
    1

    DNS Request

    mx.alumni.caltech.edu

  • 8.8.8.8:53
    mail.alumni.caltech.edu
    dns
    3edac7882c676105838db860ba295e52cf9b4b8c0f57bfffcfbbbdf2fad870d1.exe
    69 B
     147 B
     1
    1

    DNS Request

    mail.alumni.caltech.edu

  • 8.8.8.8:53
    smtp.alumni.caltech.edu
    dns
    3edac7882c676105838db860ba295e52cf9b4b8c0f57bfffcfbbbdf2fad870d1.exe
    69 B
     147 B
     1
    1

    DNS Request

    smtp.alumni.caltech.edu

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\tmpE84E.tmp
    Filesize

    29KB

    MD5

    98b383e104addcb73ab00860f44e5eeb

    SHA1

    4533a74ec47e9bc5db6e6a733a5307fcaf425b48

    SHA256

    896ba1965a86d5aed110b7bac6e7c206c96b325616092e292482ea7e9c6631df

    SHA512

    0ac116a3b4f99d7782d39b26e026fba0b5dc5656ada443725c142a8d413853dcb4d15275127ca9e5f6292e6840da9e781a4717f0fa6a7ce4d9bed613cb27d0fb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\zincite.log
    Filesize

    320B

    MD5

    8cb2dafc663a9b6eff791b87e20d679e

    SHA1

    179c183cb399730351a03a3fe46152872e5ccc9b

    SHA256

    5c1166b908bedb0594c18f46d00a63ed8b436e02fb816617d8216d779fcb83fc

    SHA512

    a197e14d49a2de628f2fe16d28795d58df4ad1564c81761c9dfbd7a2430c4352cf0b65268b5c19eced228207b36217247dddea19602121a2269c14d8f0291d26

    Download Submit

  • C:\Windows\services.exe
    Filesize

    8KB

    MD5

    b0fe74719b1b647e2056641931907f4a

    SHA1

    e858c206d2d1542a79936cb00d85da853bfc95e2

    SHA256

    bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

    SHA512

    9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

    Download Submit

  • memory/1600-17-0x0000000000220000-0x0000000000228000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1600-16-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/1600-2-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/1600-85-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/1600-78-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/1600-73-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/1600-69-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/1600-4-0x0000000000220000-0x0000000000228000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1600-10-0x0000000000220000-0x0000000000228000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1600-48-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/2816-44-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2816-70-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2816-49-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2816-54-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2816-37-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2816-32-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2816-30-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2816-42-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2816-25-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2816-74-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2816-20-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2816-79-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2816-81-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2816-18-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2816-86-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.