Overview
overview
10Static
static
10Ultimate-D...AT.dll
windows7-x64
3Ultimate-D...AT.dll
windows10-2004-x64
3Ultimate-D...rp.exe
windows7-x64
6Ultimate-D...rp.exe
windows10-2004-x64
6Ultimate-D...eR.exe
windows7-x64
7Ultimate-D...eR.exe
windows10-2004-x64
7Ultimate-D...ub.exe
windows7-x64
3Ultimate-D...ub.exe
windows10-2004-x64
3Ultimate-D...eg.exe
windows7-x64
3Ultimate-D...eg.exe
windows10-2004-x64
3Ultimate-D...ib.exe
windows7-x64
1Ultimate-D...ib.exe
windows10-2004-x64
3Ultimate-D...eR.exe
windows7-x64
7Ultimate-D...eR.exe
windows10-2004-x64
7Ultimate-D...ub.exe
windows7-x64
3Ultimate-D...ub.exe
windows10-2004-x64
3Ultimate-D...60.exe
windows7-x64
1Ultimate-D...60.exe
windows10-2004-x64
3Ultimate-D...m3.exe
windows7-x64
6Ultimate-D...m3.exe
windows10-2004-x64
6Ultimate-D...42.exe
windows7-x64
3Ultimate-D...42.exe
windows10-2004-x64
3Ultimate-D...er.exe
windows7-x64
7Ultimate-D...er.exe
windows10-2004-x64
7Ultimate-D...rp.dll
windows7-x64
1Ultimate-D...rp.dll
windows10-2004-x64
1Ultimate-D...ox.exe
windows7-x64
3Ultimate-D...ox.exe
windows10-2004-x64
3Ultimate-D...it.dll
windows7-x64
1Ultimate-D...it.dll
windows10-2004-x64
1Ultimate-D...er.exe
windows7-x64
7Ultimate-D...er.exe
windows10-2004-x64
7Analysis
-
max time kernel
143s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
01-01-2025 04:04
Behavioral task
behavioral1
Sample
Ultimate-DDoS-Attack-Tools-Pack/BBHH-Ultra DoS/COMCAT.dll
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral2
Sample
Ultimate-DDoS-Attack-Tools-Pack/BBHH-Ultra DoS/COMCAT.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Ultimate-DDoS-Attack-Tools-Pack/DaRKDDoSeR+5.6/CefSharp.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral4
Sample
Ultimate-DDoS-Attack-Tools-Pack/DaRKDDoSeR+5.6/CefSharp.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Ultimate-DDoS-Attack-Tools-Pack/DaRKDDoSeR+5.6/DaRKDDoSeR.exe
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral6
Sample
Ultimate-DDoS-Attack-Tools-Pack/DaRKDDoSeR+5.6/DaRKDDoSeR.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Ultimate-DDoS-Attack-Tools-Pack/DaRKDDoSeR+5.6/Stub.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral8
Sample
Ultimate-DDoS-Attack-Tools-Pack/DaRKDDoSeR+5.6/Stub.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Ultimate-DDoS-Attack-Tools-Pack/DaRKDDoSeR+5.6/ffmpeg.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral10
Sample
Ultimate-DDoS-Attack-Tools-Pack/DaRKDDoSeR+5.6/ffmpeg.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Ultimate-DDoS-Attack-Tools-Pack/DaRKDDoSeR+5.6/lib.exe
Resource
win7-20241023-en
windows7-x64
Behavioral task
behavioral12
Sample
Ultimate-DDoS-Attack-Tools-Pack/DaRKDDoSeR+5.6/lib.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Ultimate-DDoS-Attack-Tools-Pack/Dark DDoser 5.6/DaRKDDoSeR.exe
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral14
Sample
Ultimate-DDoS-Attack-Tools-Pack/Dark DDoser 5.6/DaRKDDoSeR.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Ultimate-DDoS-Attack-Tools-Pack/Dark DDoser 5.6/Stub.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral16
Sample
Ultimate-DDoS-Attack-Tools-Pack/Dark DDoser 5.6/Stub.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Ultimate-DDoS-Attack-Tools-Pack/Dark DDoser 5.6/ldap60.exe
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral18
Sample
Ultimate-DDoS-Attack-Tools-Pack/Dark DDoser 5.6/ldap60.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Ultimate-DDoS-Attack-Tools-Pack/Dark DDoser 5.6/nssdbm3.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral20
Sample
Ultimate-DDoS-Attack-Tools-Pack/Dark DDoser 5.6/nssdbm3.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Ultimate-DDoS-Attack-Tools-Pack/Dark DDoser 5.6/vcruntime142.exe
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral22
Sample
Ultimate-DDoS-Attack-Tools-Pack/Dark DDoser 5.6/vcruntime142.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Ultimate-DDoS-Attack-Tools-Pack/Dos Attacker Alpha 1.1/Black Mamba Dos Attacker.exe
Resource
win7-20241023-en
windows7-x64
Behavioral task
behavioral24
Sample
Ultimate-DDoS-Attack-Tools-Pack/Dos Attacker Alpha 1.1/Black Mamba Dos Attacker.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Ultimate-DDoS-Attack-Tools-Pack/War Flooder/AngleSharp.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral26
Sample
Ultimate-DDoS-Attack-Tools-Pack/War Flooder/AngleSharp.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Ultimate-DDoS-Attack-Tools-Pack/War Flooder/Qt5CoreVBox.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral28
Sample
Ultimate-DDoS-Attack-Tools-Pack/War Flooder/Qt5CoreVBox.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
Ultimate-DDoS-Attack-Tools-Pack/War Flooder/WPFToolkit.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral30
Sample
Ultimate-DDoS-Attack-Tools-Pack/War Flooder/WPFToolkit.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
Ultimate-DDoS-Attack-Tools-Pack/War Flooder/War Flooder.exe
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral32
Sample
Ultimate-DDoS-Attack-Tools-Pack/War Flooder/War Flooder.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
General
-
Target
Ultimate-DDoS-Attack-Tools-Pack/BBHH-Ultra DoS/COMCAT.dll
-
Size
21KB
-
MD5
3b180da2b50b954a55fe37afba58d428
-
SHA1
c2a409311853ad4608418e790621f04155e55000
-
SHA256
96d04cdfaf4f4d7b8722b139a15074975d4c244302f78034b7be65df1a92fd03
-
SHA512
cf94ad749d91169078b8829288a2fc8de86ec2fe83d89dc27d54d03c73c0deca66b5d83abbeaa1ff09d0acac4c4352be6502945b5187ecde952cbb08037d07e8
-
SSDEEP
384:23Fob3slaN3oF1fHICOoMzMv/QTIBjDVquODJXsUW7ftWs6:Yo7s28JnOxzMv/QsBjRqugXspd
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regsvr32.exe -
Modifies registry class 15 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories\{40FC6ED8-2438-11CF-A3DB-080036F12502} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories\{40FC6ED9-2438-11CF-A3DB-080036F12502}\409 = "_Printable Objects" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories\{40FC6ED3-2438-11CF-A3DB-080036F12502}\409 = "Embeddable Objects" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}\409 = "Controls" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories\{40FC6ED9-2438-11CF-A3DB-080036F12502} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0002E005-0000-0000-C000-000000000046} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}\409 = "Automation Objects" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories\{40FC6ED8-2438-11CF-A3DB-080036F12502}\409 = "Document Objects" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories\{40FC6ED3-2438-11CF-A3DB-080036F12502} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502} regsvr32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4212 wrote to memory of 1772 4212 regsvr32.exe 84 PID 4212 wrote to memory of 1772 4212 regsvr32.exe 84 PID 4212 wrote to memory of 1772 4212 regsvr32.exe 84
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s "C:\Users\Admin\AppData\Local\Temp\Ultimate-DDoS-Attack-Tools-Pack\BBHH-Ultra DoS\COMCAT.dll"1⤵
- Suspicious use of WriteProcessMemory
PID:4212 -
C:\Windows\SysWOW64\regsvr32.exe/s "C:\Users\Admin\AppData\Local\Temp\Ultimate-DDoS-Attack-Tools-Pack\BBHH-Ultra DoS\COMCAT.dll"2⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1772
-