Overview
overview
10Static
static
10VirusSign....9d.exe
windows10-ltsc 2021-x64
10VirusSign....1a.exe
windows10-ltsc 2021-x64
10VirusSign....ee.exe
windows10-ltsc 2021-x64
VirusSign....d1.exe
windows10-ltsc 2021-x64
10VirusSign....a2.exe
windows10-ltsc 2021-x64
10VirusSign....4c.exe
windows10-ltsc 2021-x64
10VirusSign....90.exe
windows10-ltsc 2021-x64
10VirusSign....c7.exe
windows10-ltsc 2021-x64
VirusSign....36.exe
windows10-ltsc 2021-x64
8VirusSign....f8.exe
windows10-ltsc 2021-x64
10VirusSign....33.exe
windows10-ltsc 2021-x64
10VirusSign....f5.exe
windows10-ltsc 2021-x64
10VirusSign....19.exe
windows10-ltsc 2021-x64
8VirusSign....ab.exe
windows10-ltsc 2021-x64
10VirusSign....5f.exe
windows10-ltsc 2021-x64
10VirusSign....11.exe
windows10-ltsc 2021-x64
10VirusSign....5c.exe
windows10-ltsc 2021-x64
VirusSign....a0.exe
windows10-ltsc 2021-x64
8VirusSign....ae.exe
windows10-ltsc 2021-x64
10VirusSign....b2.exe
windows10-ltsc 2021-x64
10VirusSign....7d.exe
windows10-ltsc 2021-x64
10VirusSign....96.exe
windows10-ltsc 2021-x64
7VirusSign....e4.exe
windows10-ltsc 2021-x64
8VirusSign....3a.exe
windows10-ltsc 2021-x64
10VirusSign....47.exe
windows10-ltsc 2021-x64
10VirusSign....19.dll
windows10-ltsc 2021-x64
8VirusSign....50.exe
windows10-ltsc 2021-x64
10VirusSign....e1.exe
windows10-ltsc 2021-x64
8VirusSign....9b.exe
windows10-ltsc 2021-x64
10VirusSign....33.exe
windows10-ltsc 2021-x64
10VirusSign....b9.exe
windows10-ltsc 2021-x64
10VirusSign....08.exe
windows10-ltsc 2021-x64
10Analysis
-
max time kernel
150s -
max time network
175s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20250207-en -
resource tags
arch:x64arch:x86image:win10ltsc2021-20250207-enlocale:en-usos:windows10-ltsc 2021-x64system -
submitted
10/02/2025, 04:34
Static task
static1
Behavioral task
behavioral1
Sample
VirusSign.2023.11.29/03ceea0ec59f89c49ba4357a83738d9d.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral2
Sample
VirusSign.2023.11.29/03d13a90719878d7a335bd8c5a0e4e1a.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral3
Sample
VirusSign.2023.11.29/03d2ad6a5f199b691d36e45d27801cee.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral4
Sample
VirusSign.2023.11.29/03d5f6bace8c6a0a2d14ef775d3c02d1.exe
Resource
win10ltsc2021-20250128-en
Behavioral task
behavioral5
Sample
VirusSign.2023.11.29/03ed3d089e222fe691a1ce1ad04450a2.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral6
Sample
VirusSign.2023.11.29/03f25db066e67c1882cf9aed07a1694c.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral7
Sample
VirusSign.2023.11.29/03f939a6959a4bd81c622c3a2d8b8690.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral8
Sample
VirusSign.2023.11.29/042177a10a1a4cfd26c2caef9272e0c7.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral9
Sample
VirusSign.2023.11.29/042994e2bb89b9bc57e079d144152b36.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral10
Sample
VirusSign.2023.11.29/0445405bb7106522c0b2157809e4d5f8.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral11
Sample
VirusSign.2023.11.29/045d80d0973c5d854927b589b123f733.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral12
Sample
VirusSign.2023.11.29/047c2b7237010e343732b699d4b346f5.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral13
Sample
VirusSign.2023.11.29/047c7fed39ef255fecdd70e9a870ae19.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral14
Sample
VirusSign.2023.11.29/0483b1eb3211b96e7272d3dea3753eab.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral15
Sample
VirusSign.2023.11.29/0483de1a0d30f46fbff309fc8d87275f.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral16
Sample
VirusSign.2023.11.29/0491a5abd0712b38f24778e1346c0811.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral17
Sample
VirusSign.2023.11.29/04a2bc0c567a80f57b48e246b635045c.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral18
Sample
VirusSign.2023.11.29/04b493b52f4b83a142a4979585575ea0.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral19
Sample
VirusSign.2023.11.29/04c187920db980d8db16c5acb58049ae.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral20
Sample
VirusSign.2023.11.29/04cdfdef32e604c59822bff2f7412eb2.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral21
Sample
VirusSign.2023.11.29/04d04a21b82309118775bdaff8a4d67d.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral22
Sample
VirusSign.2023.11.29/04d25950be48329252ec8b3d53535596.exe
Resource
win10ltsc2021-20250128-en
Behavioral task
behavioral23
Sample
VirusSign.2023.11.29/04f06e5d9023ab4d69946c84cdc79ee4.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral24
Sample
VirusSign.2023.11.29/04f43cc6be15c60aeb943bbe5bd3973a.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral25
Sample
VirusSign.2023.11.29/0517d55470df3590c88f39d41a416047.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral26
Sample
VirusSign.2023.11.29/053bfcaa44a2c180bee9c2547b910919.dll
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral27
Sample
VirusSign.2023.11.29/054c96f764aef24cbdccec3be12e2350.exe
Resource
win10ltsc2021-20250128-en
Behavioral task
behavioral28
Sample
VirusSign.2023.11.29/0563721a9ecf7d25f720e2069e24c7e1.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral29
Sample
VirusSign.2023.11.29/05639c84db366253210163a5c6c5f69b.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral30
Sample
VirusSign.2023.11.29/0576f4bbcb57c686dbfc66760a969b33.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral31
Sample
VirusSign.2023.11.29/05777e787a0105c14320a2426794b5b9.exe
Resource
win10ltsc2021-20250207-en
General
-
Target
VirusSign.2023.11.29/04c187920db980d8db16c5acb58049ae.exe
-
Size
29KB
-
MD5
04c187920db980d8db16c5acb58049ae
-
SHA1
80eb023fdc6fd7b7b0e576348afe0d7485007490
-
SHA256
901cb61d59c7292bc8dae4a997c10fc46908f7cdb1bffe7b4df7a868459aec88
-
SHA512
bf50729baa724759d57bf9d64d6d9453d03557dc0dc9e7998cff04a0a132b5133f651130bf39e2b6b0e56301b7e627e5a55101461bf5755fbcdfdf3cefd42f6b
-
SSDEEP
768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/T:AEwVs+0jNDY1qi/qr
Malware Config
Signatures
-
Detects MyDoom family 6 IoCs
resource yara_rule behavioral19/memory/1164-12-0x0000000000500000-0x0000000000510200-memory.dmp family_mydoom behavioral19/memory/1164-49-0x0000000000500000-0x0000000000510200-memory.dmp family_mydoom behavioral19/memory/1164-81-0x0000000000500000-0x0000000000510200-memory.dmp family_mydoom behavioral19/memory/1164-135-0x0000000000500000-0x0000000000510200-memory.dmp family_mydoom behavioral19/memory/1164-150-0x0000000000500000-0x0000000000510200-memory.dmp family_mydoom behavioral19/memory/1164-168-0x0000000000500000-0x0000000000510200-memory.dmp family_mydoom -
Mydoom family
-
Downloads MZ/PE file 1 IoCs
flow pid Process 29 3612 Process not Found -
Executes dropped EXE 1 IoCs
pid Process 3660 services.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" 04c187920db980d8db16c5acb58049ae.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" services.exe -
resource yara_rule behavioral19/memory/1164-0-0x0000000000500000-0x0000000000510200-memory.dmp upx behavioral19/files/0x0008000000027f49-4.dat upx behavioral19/memory/3660-5-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral19/memory/1164-12-0x0000000000500000-0x0000000000510200-memory.dmp upx behavioral19/memory/3660-14-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral19/memory/3660-15-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral19/memory/3660-20-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral19/memory/3660-25-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral19/memory/3660-27-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral19/memory/3660-33-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral19/memory/3660-38-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral19/memory/3660-40-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral19/memory/3660-45-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral19/memory/1164-49-0x0000000000500000-0x0000000000510200-memory.dmp upx behavioral19/memory/3660-50-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral19/files/0x000900000002873f-66.dat upx behavioral19/memory/1164-81-0x0000000000500000-0x0000000000510200-memory.dmp upx behavioral19/memory/3660-82-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral19/memory/1164-135-0x0000000000500000-0x0000000000510200-memory.dmp upx behavioral19/memory/3660-136-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral19/memory/1164-150-0x0000000000500000-0x0000000000510200-memory.dmp upx behavioral19/memory/3660-151-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral19/memory/3660-164-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral19/memory/1164-168-0x0000000000500000-0x0000000000510200-memory.dmp upx behavioral19/memory/3660-169-0x0000000000400000-0x0000000000408000-memory.dmp upx -
Drops file in Windows directory 3 IoCs
description ioc Process File created C:\Windows\services.exe 04c187920db980d8db16c5acb58049ae.exe File opened for modification C:\Windows\java.exe 04c187920db980d8db16c5acb58049ae.exe File created C:\Windows\java.exe 04c187920db980d8db16c5acb58049ae.exe -
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 04c187920db980d8db16c5acb58049ae.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language services.exe -
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs
Adversaries may check for Internet connectivity on compromised systems.
pid Process 2788 MicrosoftEdgeUpdate.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1164 wrote to memory of 3660 1164 04c187920db980d8db16c5acb58049ae.exe 84 PID 1164 wrote to memory of 3660 1164 04c187920db980d8db16c5acb58049ae.exe 84 PID 1164 wrote to memory of 3660 1164 04c187920db980d8db16c5acb58049ae.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\VirusSign.2023.11.29\04c187920db980d8db16c5acb58049ae.exe"C:\Users\Admin\AppData\Local\Temp\VirusSign.2023.11.29\04c187920db980d8db16c5acb58049ae.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1164 -
C:\Windows\services.exe"C:\Windows\services.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
PID:3660
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTI0QjlEQTUtQjc3Mi00MUUwLTk1REQtRjU2NkJBMTc5NDI3fSIgdXNlcmlkPSJ7OTk5NUVGQjAtM0I5NC00M0Y4LUFGNjUtQjNBNTczQ0I4Q0NGfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7OEY1RTg4RjgtQzdCQi00QkVDLTlEMzktQTQ3Qzk1NkNBNUUyfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NC40NTI5IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iMTI1IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMiIgaW5zdGFsbGRhdGV0aW1lPSIxNzM4OTM1NDE3IiBvb2JlX2luc3RhbGxfdGltZT0iMTMzODM0MDc5NTg5MzQwMDAwIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjE3OTg2MiIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTM5Mjg1NzI0MSIvPjwvYXBwPjwvcmVxdWVzdD41⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:2788
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
305B
MD5157431349a057954f4227efc1383ecad
SHA169ccc939e6b36aa1fabb96ad999540a5ab118c48
SHA2568553409a8a3813197c474a95d9ae35630e2a67f8e6f9f33b3f39ef4c78a8bfac
SHA5126405adcfa81b53980f448c489c1d13506d874d839925bffe5826479105cbf5ba194a7bdb93095585441c79c58de42f1dab1138b3d561011dc60f4b66d11e9284
-
Filesize
25B
MD58ba61a16b71609a08bfa35bc213fce49
SHA18374dddcc6b2ede14b0ea00a5870a11b57ced33f
SHA2566aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1
SHA5125855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1
-
Filesize
29KB
MD5524fb42cb45aa0aac3e845b8f6440636
SHA1c68715be14f8ccb6c502eb326cc7bdb84cb93459
SHA2561b133d3097dfe7bf1f1f3783041e8a27fed2338d8d2b53e183fe30a445dc9c2a
SHA5127d9891016f982fd4cf233597e0c65689da6304fac2875a3fd44c0358cb87b5ee07b9d7f516f813903ce5a5db1e00da0e629ec3f37fc2500db231e6043d37da77
-
Filesize
29KB
MD536a2c8065f8e7249fae028f1ac0b142a
SHA1f85dc81aaaef87a1b466abdd72d797f678e78a87
SHA256128e4a2952883f074d98c311a1e8d07c8d1225850ba83c2b2761aad8e1a40987
SHA51204df44cf80dc790869ed5859c0e988aa3624908e3feac62b02de272d3982e4d038e6c1109e57595eefbd3740e4a49bfec2409b22377ee00a03831164c4238f03
-
Filesize
320B
MD58fce3b0d5072f4bff301365b23aa6bac
SHA166f8f3c82b56e29217ad13e946bd38f25a3b9d29
SHA256d2a24a6c690f18595e3588ebcca6ed5f81a8967d8432a7e15267aa7bfb6aec06
SHA5120037654c4c80127cb12a9e8dc59e1e53980f532f65c3aa393edb253309712f18311ec36b571416af695e57ff93ae108179cda0e415e5320468b508e97a3a9740
-
Filesize
320B
MD51e048c9e37e867312b562e09cde88912
SHA1fc84e1f47eca5a408227ad69534a6e924fd6a39a
SHA2567f56f5ff5fc609050b5b26b12ded819b3eab6c2893e3fcbdbde67eacf44e5f28
SHA51227a3d09d121c1bf3b6539a78c7f8ebe1a577a1b3e38cbe05f62afb430c59119d23eb8c91296e3467165c6eefaf1a10b4f82e6ca4a3459ae6f3a36e914cca9fca
-
Filesize
320B
MD507e57c84765b74be47240d5ae6fb3d58
SHA117322ee64ecce4239956466290d7b6c1119a0da2
SHA256173dc1261ebe47bffba46a3f85378e9a404c797ee266922d1f03fb584ac640b6
SHA51220872ebc6b855d392d93f4753a6b7271335cbb8b6d8006976269374bb3f7098a77f441ac0fb7642eb7c8bf36ebf116bb9ed57e46ec450cb71a8ecf68f3833d24
-
Filesize
8KB
MD5b0fe74719b1b647e2056641931907f4a
SHA1e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA5129c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2