Overview

overview

10

Static

static

5

027c3d13bd...81.exe

windows7-x64

10

027c3d13bd...81.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    30-12-2024 14:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    027c3d13bd5381fff17ad6d43b5b7d6b9d35c6dd4501a342520cb839fb0a5a81.exe

  • Size

    29KB

  • MD5

    3fca3af6921ad52fc013177775820581

  • SHA1

    8f0e7503a7a7cd3f1e4a207acc5ae489174355b7

  • SHA256

    027c3d13bd5381fff17ad6d43b5b7d6b9d35c6dd4501a342520cb839fb0a5a81

  • SHA512

    552f11ed8204f164726700695aa97cc1f6103c40d422f92228e380567e5b210c1953f129b908167c4e2221d2da6f237c95d7b766e7bc4f64ada309c19c392379

  • SSDEEP

    768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/zhs:AEwVs+0jNDY1qi/q7+

Score
10/10
mydoomdiscoverypersistenceupxworm

Malware Config

Signatures

  • Detects MyDoom family 6 IoCs
  • MyDoom

    MyDoom is a Worm that is written in C++.

    wormmydoom
  • Mydoom family
    mydoom
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • UPX packed file 22 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\027c3d13bd5381fff17ad6d43b5b7d6b9d35c6dd4501a342520cb839fb0a5a81.exe
    "C:\Users\Admin\AppData\Local\Temp\027c3d13bd5381fff17ad6d43b5b7d6b9d35c6dd4501a342520cb839fb0a5a81.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1292
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      PID:2064

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\tmpDF3A.tmp
    Filesize

    29KB

    MD5

    7354135b0c746922fdd80d65eb71bf21

    SHA1

    116b8a193438fe0b0ac4b69908587b4859dec4b9

    SHA256

    07b0d1d7a6d6b79e096eccfeaf73e3f4bdc2b2c166ecf51ee2a65369d313f1c7

    SHA512

    94e0f14ab2715e64bffb2f0f714179b5638717066e54891f01a7117385218eca3a4cd4967f187485fcb310cf04c1474faa4bb5c7f60fba379f05993d8790c477

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\zincite.log
    Filesize

    320B

    MD5

    aa9e03e6e8d0f06435f95524919a813a

    SHA1

    27a3805ea8a4a2a85342de124ddbaf940a216823

    SHA256

    ce0724b91d9d698d30d7256d63f50be25ba6a4aa258836039fbc208b2b53d9d8

    SHA512

    fae34d2136f5c2cc9054b78799a70a2e561b4c86461886f31dbc32df7b030aeeb6f8c7df2e6c85486482242632bec55cbd08fe9edd882f286a7cdd4459863d7f

    Download Submit

  • C:\Windows\services.exe
    Filesize

    8KB

    MD5

    b0fe74719b1b647e2056641931907f4a

    SHA1

    e858c206d2d1542a79936cb00d85da853bfc95e2

    SHA256

    bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

    SHA512

    9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

    Download Submit

  • memory/1292-61-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/1292-42-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/1292-67-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/1292-65-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/1292-0-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/1292-4-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1292-16-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1292-15-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/1292-40-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/2064-31-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2064-41-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2064-43-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2064-36-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2064-29-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2064-24-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2064-62-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2064-19-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2064-66-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2064-18-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2064-68-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2064-73-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download