Overview

overview

10

Static

static

10

VirusSign....9d.exe

windows10-ltsc 2021-x64

10

VirusSign....1a.exe

windows10-ltsc 2021-x64

10

VirusSign....ee.exe

windows10-ltsc 2021-x64

VirusSign....d1.exe

windows10-ltsc 2021-x64

10

VirusSign....a2.exe

windows10-ltsc 2021-x64

10

VirusSign....4c.exe

windows10-ltsc 2021-x64

10

VirusSign....90.exe

windows10-ltsc 2021-x64

10

VirusSign....c7.exe

windows10-ltsc 2021-x64

VirusSign....36.exe

windows10-ltsc 2021-x64

8

VirusSign....f8.exe

windows10-ltsc 2021-x64

10

VirusSign....33.exe

windows10-ltsc 2021-x64

10

VirusSign....f5.exe

windows10-ltsc 2021-x64

10

VirusSign....19.exe

windows10-ltsc 2021-x64

8

VirusSign....ab.exe

windows10-ltsc 2021-x64

10

VirusSign....5f.exe

windows10-ltsc 2021-x64

10

VirusSign....11.exe

windows10-ltsc 2021-x64

10

VirusSign....5c.exe

windows10-ltsc 2021-x64

VirusSign....a0.exe

windows10-ltsc 2021-x64

8

VirusSign....ae.exe

windows10-ltsc 2021-x64

10

VirusSign....b2.exe

windows10-ltsc 2021-x64

10

VirusSign....7d.exe

windows10-ltsc 2021-x64

10

VirusSign....96.exe

windows10-ltsc 2021-x64

7

VirusSign....e4.exe

windows10-ltsc 2021-x64

8

VirusSign....3a.exe

windows10-ltsc 2021-x64

10

VirusSign....47.exe

windows10-ltsc 2021-x64

10

VirusSign....19.dll

windows10-ltsc 2021-x64

8

VirusSign....50.exe

windows10-ltsc 2021-x64

10

VirusSign....e1.exe

windows10-ltsc 2021-x64

8

VirusSign....9b.exe

windows10-ltsc 2021-x64

10

VirusSign....33.exe

windows10-ltsc 2021-x64

10

VirusSign....b9.exe

windows10-ltsc 2021-x64

10

VirusSign....08.exe

windows10-ltsc 2021-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    188s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20250207-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20250207-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    10/02/2025, 04:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VirusSign.2023.11.29/03d13a90719878d7a335bd8c5a0e4e1a.exe

  • Size

    29KB

  • MD5

    03d13a90719878d7a335bd8c5a0e4e1a

  • SHA1

    9cb377718876d2c63c7dca22ab2cf99db12578f6

  • SHA256

    9256e4d607cc1e19d787472563b5862818027538515cea37da7aca75e4be8414

  • SHA512

    310db916e24a4c92c1291367fc1e96c8cf56d9b243bbdc59bc452c1a4539bfb2f61b1d146c487319fa7aa20ec72d32d166f502f880b171de654acb034538ab7c

  • SSDEEP

    768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/mJW:AEwVs+0jNDY1qi/qz

Score
10/10
mydoomdiscoverypersistenceupxworm

Malware Config

Signatures

  • Detects MyDoom family 5 IoCs
  • MyDoom

    MyDoom is a Worm that is written in C++.

    wormmydoom
  • Mydoom family
    mydoom
  • Downloads MZ/PE file 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • UPX packed file 24 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\VirusSign.2023.11.29\03d13a90719878d7a335bd8c5a0e4e1a.exe
    "C:\Users\Admin\AppData\Local\Temp\VirusSign.2023.11.29\03d13a90719878d7a335bd8c5a0e4e1a.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4084
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      PID:1772

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6MD069B5\search[1].htm
    Filesize

    25B

    MD5

    8ba61a16b71609a08bfa35bc213fce49

    SHA1

    8374dddcc6b2ede14b0ea00a5870a11b57ced33f

    SHA256

    6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1

    SHA512

    5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\tmpF9AE.tmp
    Filesize

    29KB

    MD5

    12a19dfac3cbdc8e99daceb12c831fea

    SHA1

    2b0ccef9eec73ec6a980889e2d4bb7083f0fca1b

    SHA256

    de952ac43d921bf6522dc6796f6a492bb1acccf573ce9e00906626b00c4f963b

    SHA512

    47f689482ec7cc40b32534b17eddad1924d9905a42ffc2521a626cd6b48fb350b0299c7da6291392be857252f27a2d2a1670430ed86c881f88f748705ec4293a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\zincite.log
    Filesize

    320B

    MD5

    9912abddfd948ed1857e9381d60bf42f

    SHA1

    7996570b089be15e5db2f7463bd2e85fb33a54f7

    SHA256

    144c234e85be191e238e3590b553f0251cd8b144c237357aa7511b6080c728ba

    SHA512

    4246c3c50acb004d88f16b784769e6c0663e96116329560721674ce75effedb8d3fddb70bb7eb000d2b84398b2e0f3d516be9c9fa5eb00dedbce8a3e721ed65a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\zincite.log
    Filesize

    320B

    MD5

    48ff17149dbd962a083a9169e8de1c6f

    SHA1

    f43bf6fb931fcdcf480f9096975404144c39959c

    SHA256

    89673ec8d4bdb11b13f402754b7c313c21da1a69b337073b49f2e6d3eb75ed91

    SHA512

    4018640512d96b19833aabe557f81d597a5163d86c7dadfcc128f1f38f8629b4a14fb1dea41148a9636a9c58a5b0ad0db800190b0bd29f6531c37f3bf87e9d9f

    Download Submit

  • C:\Windows\services.exe
    Filesize

    8KB

    MD5

    b0fe74719b1b647e2056641931907f4a

    SHA1

    e858c206d2d1542a79936cb00d85da853bfc95e2

    SHA256

    bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

    SHA512

    9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

    Download Submit

  • memory/1772-49-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1772-56-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1772-25-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1772-27-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1772-32-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1772-37-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1772-39-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1772-44-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1772-165-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1772-51-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1772-151-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1772-20-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1772-15-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1772-14-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1772-5-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1772-96-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4084-95-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/4084-12-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/4084-150-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/4084-55-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/4084-164-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/4084-0-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download