Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

5

b2bc421c92...bN.exe

windows7-x64

10

b2bc421c92...bN.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/01/2025, 10:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b2bc421c922fc4241a6d02d9317137855b82b6859995f086ba46a9beb1176d2bN.exe

  • Size

    29KB

  • MD5

    48a24afd1d288487cf1f4eb28a5cc4a0

  • SHA1

    1f844cd02c7f98bd3965223cadd0ab16e475a26f

  • SHA256

    b2bc421c922fc4241a6d02d9317137855b82b6859995f086ba46a9beb1176d2b

  • SHA512

    134541aeadb0afd4b248a4470b5d5d25e75425b4c4fa415290bf9c5f2247c8180147dcc2f1508af1aba34d125bcabfcc2d34212c13db899fd314bac8b5573dbc

  • SSDEEP

    768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/Dh3:AEwVs+0jNDY1qi/qbV

Score
10/10
mydoomdiscoverypersistenceupxworm

Malware Config

Signatures

  • Detects MyDoom family 5 IoCs
  • MyDoom

    MyDoom is a Worm that is written in C++.

    wormmydoom
  • Mydoom family
    mydoom
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • UPX packed file 21 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b2bc421c922fc4241a6d02d9317137855b82b6859995f086ba46a9beb1176d2bN.exe
    "C:\Users\Admin\AppData\Local\Temp\b2bc421c922fc4241a6d02d9317137855b82b6859995f086ba46a9beb1176d2bN.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:5008
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      PID:3232

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\tmpDCB1.tmp
    Filesize

    29KB

    MD5

    b96271ead272b274c464857e9770a2e5

    SHA1

    dbe7421e6416779176180310491bb89af01d586e

    SHA256

    3c7b8089865414d4f519200defd89d89d2ef2a442409889f3b17c00c48c817a5

    SHA512

    df70f284c9ce6d216961d062e0f13bab8707f3f445b8687a4edba3a67e21be7e3020029e3d5b4321f4e3ff4b312519c7bcf30580e4fde6d456efe6f8f8dfb15c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\zincite.log
    Filesize

    320B

    MD5

    ebb49dcb3bcfc0626df7f0d59d45178b

    SHA1

    2ccfd67efad464edd93d43156721057e9317e9a8

    SHA256

    260e4705b709f032d3f69bb0abcf87b2413efaed5d079a452465a5baccf96b2c

    SHA512

    d5e977c0ff541e3887cf424ddf32d8a096cbcec8d5673df38d64ea268bfadb78339e1f1927fe3397a1865eeb098e0c504148c8379979b4ad5e1d0c456c82ab8a

    Download Submit

  • C:\Windows\services.exe
    Filesize

    8KB

    MD5

    b0fe74719b1b647e2056641931907f4a

    SHA1

    e858c206d2d1542a79936cb00d85da853bfc95e2

    SHA256

    bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

    SHA512

    9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

    Download Submit

  • memory/3232-33-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3232-40-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3232-16-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3232-21-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3232-26-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3232-28-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3232-137-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3232-38-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3232-132-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3232-15-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3232-130-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3232-45-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3232-7-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/5008-13-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/5008-129-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/5008-44-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/5008-131-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/5008-39-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/5008-0-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download