Overview

overview

10

Static

static

5

7ad3ae9791...fc.exe

windows7-x64

10

7ad3ae9791...fc.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-12-2024 16:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe

  • Size

    29KB

  • MD5

    921834dfef5e09a6dc9de48231310c24

  • SHA1

    169de65f8a8b23a63a805992c7a38c7fad11eee9

  • SHA256

    7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc

  • SHA512

    12fc38fd3afedadac9df94ed287f92bee7b1634df8bb4782ea5e24bfda4c82ea8d9bcc6ed0fce2179224653650bb98b5ea4a9523585b8b7cddb8dcb1957e1366

  • SSDEEP

    768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/Thw:AEwVs+0jNDY1qi/q7W

Score
10/10
mydoomdiscoverypersistenceupxworm

Malware Config

Signatures

  • Detects MyDoom family 2 IoCs
  • MyDoom

    MyDoom is a Worm that is written in C++.

    wormmydoom
  • Mydoom family
    mydoom
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • UPX packed file 18 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe
    "C:\Users\Admin\AppData\Local\Temp\7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4888
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      PID:3368

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2YUS9Q6F\search[2].htm
    Filesize

    25B

    MD5

    8ba61a16b71609a08bfa35bc213fce49

    SHA1

    8374dddcc6b2ede14b0ea00a5870a11b57ced33f

    SHA256

    6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1

    SHA512

    5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\tmpBD3D.tmp
    Filesize

    29KB

    MD5

    921834dfef5e09a6dc9de48231310c24

    SHA1

    169de65f8a8b23a63a805992c7a38c7fad11eee9

    SHA256

    7ad3ae9791f9eb2a64865699518644ff46225afa298ed0fea5a0e631b275a3fc

    SHA512

    12fc38fd3afedadac9df94ed287f92bee7b1634df8bb4782ea5e24bfda4c82ea8d9bcc6ed0fce2179224653650bb98b5ea4a9523585b8b7cddb8dcb1957e1366

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\zincite.log
    Filesize

    320B

    MD5

    bf1fda362a8e5de0f59f6c2c9168ec28

    SHA1

    618b5714f1720137f26a02394a912a981e26950e

    SHA256

    39321ddd17095f504071d1c82dd297efcc4ff93ae45b898550ae8b9f73eb765e

    SHA512

    4e4a209a911959408135008f045608363eca8d51203d34ff90951f8b7ddbbb6ba8017ce801c8fc0faca946c46c04a0a89d9a884fd035898ec649772c9d65cb33

    Download Submit

  • C:\Windows\services.exe
    Filesize

    8KB

    MD5

    b0fe74719b1b647e2056641931907f4a

    SHA1

    e858c206d2d1542a79936cb00d85da853bfc95e2

    SHA256

    bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

    SHA512

    9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

    Download Submit

  • memory/3368-33-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3368-40-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3368-21-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3368-26-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3368-28-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3368-5-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3368-38-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3368-16-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3368-45-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3368-50-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3368-52-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3368-15-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3368-57-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4888-56-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/4888-13-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/4888-0-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download