Overview
overview
10Static
static
10VirusSign....9d.exe
windows10-ltsc 2021-x64
10VirusSign....1a.exe
windows10-ltsc 2021-x64
10VirusSign....ee.exe
windows10-ltsc 2021-x64
VirusSign....d1.exe
windows10-ltsc 2021-x64
10VirusSign....a2.exe
windows10-ltsc 2021-x64
10VirusSign....4c.exe
windows10-ltsc 2021-x64
10VirusSign....90.exe
windows10-ltsc 2021-x64
10VirusSign....c7.exe
windows10-ltsc 2021-x64
VirusSign....36.exe
windows10-ltsc 2021-x64
8VirusSign....f8.exe
windows10-ltsc 2021-x64
10VirusSign....33.exe
windows10-ltsc 2021-x64
10VirusSign....f5.exe
windows10-ltsc 2021-x64
10VirusSign....19.exe
windows10-ltsc 2021-x64
8VirusSign....ab.exe
windows10-ltsc 2021-x64
10VirusSign....5f.exe
windows10-ltsc 2021-x64
10VirusSign....11.exe
windows10-ltsc 2021-x64
10VirusSign....5c.exe
windows10-ltsc 2021-x64
VirusSign....a0.exe
windows10-ltsc 2021-x64
8VirusSign....ae.exe
windows10-ltsc 2021-x64
10VirusSign....b2.exe
windows10-ltsc 2021-x64
10VirusSign....7d.exe
windows10-ltsc 2021-x64
10VirusSign....96.exe
windows10-ltsc 2021-x64
7VirusSign....e4.exe
windows10-ltsc 2021-x64
8VirusSign....3a.exe
windows10-ltsc 2021-x64
10VirusSign....47.exe
windows10-ltsc 2021-x64
10VirusSign....19.dll
windows10-ltsc 2021-x64
8VirusSign....50.exe
windows10-ltsc 2021-x64
10VirusSign....e1.exe
windows10-ltsc 2021-x64
8VirusSign....9b.exe
windows10-ltsc 2021-x64
10VirusSign....33.exe
windows10-ltsc 2021-x64
10VirusSign....b9.exe
windows10-ltsc 2021-x64
10VirusSign....08.exe
windows10-ltsc 2021-x64
10Analysis
-
max time kernel
150s -
max time network
188s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20250207-en -
resource tags
arch:x64arch:x86image:win10ltsc2021-20250207-enlocale:en-usos:windows10-ltsc 2021-x64system -
submitted
10/02/2025, 04:34
Static task
static1
Behavioral task
behavioral1
Sample
VirusSign.2023.11.29/03ceea0ec59f89c49ba4357a83738d9d.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral2
Sample
VirusSign.2023.11.29/03d13a90719878d7a335bd8c5a0e4e1a.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral3
Sample
VirusSign.2023.11.29/03d2ad6a5f199b691d36e45d27801cee.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral4
Sample
VirusSign.2023.11.29/03d5f6bace8c6a0a2d14ef775d3c02d1.exe
Resource
win10ltsc2021-20250128-en
Behavioral task
behavioral5
Sample
VirusSign.2023.11.29/03ed3d089e222fe691a1ce1ad04450a2.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral6
Sample
VirusSign.2023.11.29/03f25db066e67c1882cf9aed07a1694c.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral7
Sample
VirusSign.2023.11.29/03f939a6959a4bd81c622c3a2d8b8690.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral8
Sample
VirusSign.2023.11.29/042177a10a1a4cfd26c2caef9272e0c7.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral9
Sample
VirusSign.2023.11.29/042994e2bb89b9bc57e079d144152b36.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral10
Sample
VirusSign.2023.11.29/0445405bb7106522c0b2157809e4d5f8.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral11
Sample
VirusSign.2023.11.29/045d80d0973c5d854927b589b123f733.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral12
Sample
VirusSign.2023.11.29/047c2b7237010e343732b699d4b346f5.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral13
Sample
VirusSign.2023.11.29/047c7fed39ef255fecdd70e9a870ae19.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral14
Sample
VirusSign.2023.11.29/0483b1eb3211b96e7272d3dea3753eab.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral15
Sample
VirusSign.2023.11.29/0483de1a0d30f46fbff309fc8d87275f.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral16
Sample
VirusSign.2023.11.29/0491a5abd0712b38f24778e1346c0811.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral17
Sample
VirusSign.2023.11.29/04a2bc0c567a80f57b48e246b635045c.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral18
Sample
VirusSign.2023.11.29/04b493b52f4b83a142a4979585575ea0.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral19
Sample
VirusSign.2023.11.29/04c187920db980d8db16c5acb58049ae.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral20
Sample
VirusSign.2023.11.29/04cdfdef32e604c59822bff2f7412eb2.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral21
Sample
VirusSign.2023.11.29/04d04a21b82309118775bdaff8a4d67d.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral22
Sample
VirusSign.2023.11.29/04d25950be48329252ec8b3d53535596.exe
Resource
win10ltsc2021-20250128-en
Behavioral task
behavioral23
Sample
VirusSign.2023.11.29/04f06e5d9023ab4d69946c84cdc79ee4.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral24
Sample
VirusSign.2023.11.29/04f43cc6be15c60aeb943bbe5bd3973a.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral25
Sample
VirusSign.2023.11.29/0517d55470df3590c88f39d41a416047.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral26
Sample
VirusSign.2023.11.29/053bfcaa44a2c180bee9c2547b910919.dll
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral27
Sample
VirusSign.2023.11.29/054c96f764aef24cbdccec3be12e2350.exe
Resource
win10ltsc2021-20250128-en
Behavioral task
behavioral28
Sample
VirusSign.2023.11.29/0563721a9ecf7d25f720e2069e24c7e1.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral29
Sample
VirusSign.2023.11.29/05639c84db366253210163a5c6c5f69b.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral30
Sample
VirusSign.2023.11.29/0576f4bbcb57c686dbfc66760a969b33.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral31
Sample
VirusSign.2023.11.29/05777e787a0105c14320a2426794b5b9.exe
Resource
win10ltsc2021-20250207-en
General
-
Target
VirusSign.2023.11.29/03d13a90719878d7a335bd8c5a0e4e1a.exe
-
Size
29KB
-
MD5
03d13a90719878d7a335bd8c5a0e4e1a
-
SHA1
9cb377718876d2c63c7dca22ab2cf99db12578f6
-
SHA256
9256e4d607cc1e19d787472563b5862818027538515cea37da7aca75e4be8414
-
SHA512
310db916e24a4c92c1291367fc1e96c8cf56d9b243bbdc59bc452c1a4539bfb2f61b1d146c487319fa7aa20ec72d32d166f502f880b171de654acb034538ab7c
-
SSDEEP
768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/mJW:AEwVs+0jNDY1qi/qz
Malware Config
Signatures
-
Detects MyDoom family 5 IoCs
resource yara_rule behavioral2/memory/4084-12-0x0000000000500000-0x0000000000510200-memory.dmp family_mydoom behavioral2/memory/4084-55-0x0000000000500000-0x0000000000510200-memory.dmp family_mydoom behavioral2/memory/4084-95-0x0000000000500000-0x0000000000510200-memory.dmp family_mydoom behavioral2/memory/4084-150-0x0000000000500000-0x0000000000510200-memory.dmp family_mydoom behavioral2/memory/4084-164-0x0000000000500000-0x0000000000510200-memory.dmp family_mydoom -
Mydoom family
-
Downloads MZ/PE file 1 IoCs
flow pid Process 18 3240 Process not Found -
Executes dropped EXE 1 IoCs
pid Process 1772 services.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" 03d13a90719878d7a335bd8c5a0e4e1a.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" services.exe -
resource yara_rule behavioral2/memory/4084-0-0x0000000000500000-0x0000000000510200-memory.dmp upx behavioral2/files/0x000b000000027e31-4.dat upx behavioral2/memory/1772-5-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral2/memory/4084-12-0x0000000000500000-0x0000000000510200-memory.dmp upx behavioral2/memory/1772-14-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral2/memory/1772-15-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral2/memory/1772-20-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral2/memory/1772-25-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral2/memory/1772-27-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral2/memory/1772-32-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral2/memory/1772-37-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral2/memory/1772-39-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral2/memory/1772-44-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral2/memory/1772-49-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral2/memory/1772-51-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral2/memory/4084-55-0x0000000000500000-0x0000000000510200-memory.dmp upx behavioral2/memory/1772-56-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral2/files/0x000b0000000286c1-78.dat upx behavioral2/memory/4084-95-0x0000000000500000-0x0000000000510200-memory.dmp upx behavioral2/memory/1772-96-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral2/memory/4084-150-0x0000000000500000-0x0000000000510200-memory.dmp upx behavioral2/memory/1772-151-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral2/memory/4084-164-0x0000000000500000-0x0000000000510200-memory.dmp upx behavioral2/memory/1772-165-0x0000000000400000-0x0000000000408000-memory.dmp upx -
Drops file in Windows directory 3 IoCs
description ioc Process File created C:\Windows\services.exe 03d13a90719878d7a335bd8c5a0e4e1a.exe File opened for modification C:\Windows\java.exe 03d13a90719878d7a335bd8c5a0e4e1a.exe File created C:\Windows\java.exe 03d13a90719878d7a335bd8c5a0e4e1a.exe -
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 03d13a90719878d7a335bd8c5a0e4e1a.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language services.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4084 wrote to memory of 1772 4084 03d13a90719878d7a335bd8c5a0e4e1a.exe 89 PID 4084 wrote to memory of 1772 4084 03d13a90719878d7a335bd8c5a0e4e1a.exe 89 PID 4084 wrote to memory of 1772 4084 03d13a90719878d7a335bd8c5a0e4e1a.exe 89
Processes
-
C:\Users\Admin\AppData\Local\Temp\VirusSign.2023.11.29\03d13a90719878d7a335bd8c5a0e4e1a.exe"C:\Users\Admin\AppData\Local\Temp\VirusSign.2023.11.29\03d13a90719878d7a335bd8c5a0e4e1a.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4084 -
C:\Windows\services.exe"C:\Windows\services.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
PID:1772
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
25B
MD58ba61a16b71609a08bfa35bc213fce49
SHA18374dddcc6b2ede14b0ea00a5870a11b57ced33f
SHA2566aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1
SHA5125855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1
-
Filesize
29KB
MD512a19dfac3cbdc8e99daceb12c831fea
SHA12b0ccef9eec73ec6a980889e2d4bb7083f0fca1b
SHA256de952ac43d921bf6522dc6796f6a492bb1acccf573ce9e00906626b00c4f963b
SHA51247f689482ec7cc40b32534b17eddad1924d9905a42ffc2521a626cd6b48fb350b0299c7da6291392be857252f27a2d2a1670430ed86c881f88f748705ec4293a
-
Filesize
320B
MD59912abddfd948ed1857e9381d60bf42f
SHA17996570b089be15e5db2f7463bd2e85fb33a54f7
SHA256144c234e85be191e238e3590b553f0251cd8b144c237357aa7511b6080c728ba
SHA5124246c3c50acb004d88f16b784769e6c0663e96116329560721674ce75effedb8d3fddb70bb7eb000d2b84398b2e0f3d516be9c9fa5eb00dedbce8a3e721ed65a
-
Filesize
320B
MD548ff17149dbd962a083a9169e8de1c6f
SHA1f43bf6fb931fcdcf480f9096975404144c39959c
SHA25689673ec8d4bdb11b13f402754b7c313c21da1a69b337073b49f2e6d3eb75ed91
SHA5124018640512d96b19833aabe557f81d597a5163d86c7dadfcc128f1f38f8629b4a14fb1dea41148a9636a9c58a5b0ad0db800190b0bd29f6531c37f3bf87e9d9f
-
Filesize
8KB
MD5b0fe74719b1b647e2056641931907f4a
SHA1e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA5129c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2