Overview

overview

10

Static

static

5

eff3426835...bN.exe

windows7-x64

10

eff3426835...bN.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    04-01-2025 11:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eff34268350cf03813fa33090de2ea8e8c41260cc919eff801352b9065abe14bN.exe

  • Size

    29KB

  • MD5

    104b1c23a763e80b0059134b79da0600

  • SHA1

    7ed8a55db7fd29a4ef94cf31d48b4a8e050b3b00

  • SHA256

    eff34268350cf03813fa33090de2ea8e8c41260cc919eff801352b9065abe14b

  • SHA512

    bc7b72fef27210066eb545f76af60f87c388dca550abd7e72a448ccc9e982a19c583483bdceac7a9afac606860db21a751cf3325cb906c62b96af3da84969254

  • SSDEEP

    768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/Ahg:AEwVs+0jNDY1qi/qIq

Score
10/10
mydoomdiscoverypersistenceupxworm

Malware Config

Signatures

  • Detects MyDoom family 5 IoCs
  • MyDoom

    MyDoom is a Worm that is written in C++.

    wormmydoom
  • Mydoom family
    mydoom
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • UPX packed file 21 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eff34268350cf03813fa33090de2ea8e8c41260cc919eff801352b9065abe14bN.exe
    "C:\Users\Admin\AppData\Local\Temp\eff34268350cf03813fa33090de2ea8e8c41260cc919eff801352b9065abe14bN.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1180
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      PID:2212

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\tmp8B7D.tmp
    Filesize

    29KB

    MD5

    6a6384021b229acb2d9808fa246cc3d4

    SHA1

    abd679a2260885c38afc67d0b776b566d2580acd

    SHA256

    d295c78a2dd1d9b496c707a850e54173e141c3490d5c43abf0d77d2a17b204aa

    SHA512

    08ad445e4ff4b68d8af5dbcb84a03b8a240ab5aac922b91ac6e44d5ecb91e72eac12242036c97e1a54b425263d5168ea818a7854aa15831487409919494facb6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\zincite.log
    Filesize

    320B

    MD5

    2970f760d7b1c6f8b82ac116994f2961

    SHA1

    adaf7d12b2f1ee1fb82c52a7a7ef62422047ddb1

    SHA256

    1832a0e9b2870db8011949cec411df138e66869596f4bff624259bec1906874f

    SHA512

    58e92c2287874c151d63c8e54b17f958de808b50acc29599f76221a29451da77a289095f570512d4dce626543c461dd99f60407eb4b0193b07fd5002b75af7e4

    Download Submit

  • C:\Windows\services.exe
    Filesize

    8KB

    MD5

    b0fe74719b1b647e2056641931907f4a

    SHA1

    e858c206d2d1542a79936cb00d85da853bfc95e2

    SHA256

    bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

    SHA512

    9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

    Download Submit

  • memory/1180-9-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1180-16-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/1180-17-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1180-70-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/1180-66-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/1180-48-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/1180-4-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1180-53-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/1180-2-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/2212-37-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2212-44-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2212-42-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2212-49-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2212-32-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2212-54-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2212-30-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2212-25-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2212-20-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2212-67-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2212-19-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2212-71-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download