Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

pidujaglbstbz.exe

windows7-x64

10

pidujaglbstbz.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    16s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20250207-en
  • resource tags

    arch:x64arch:x86image:win7-20250207-enlocale:en-usos:windows7-x64system
  • submitted
    19/03/2025, 05:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    pidujaglbstbz.exe

  • Size

    65KB

  • MD5

    22b8951d084b1c03c65296963c279e93

  • SHA1

    9a98bfe0bbcc1c6bd7cfb3bbb0d700f8f331f13f

  • SHA256

    c223e1c1c0e0353806b01be751ce807243fee1d69cd2c2eb15cfbe4733b46cf9

  • SHA512

    9b2badc3a7686374ea6c515c00e3b9a6f13b3404cc4ef04bd87ded8507da5350ba11ed036d2d97bb085c1bc3bb2f26630a3765451f14b2591c799db3e336bc68

  • SSDEEP

    1536:ae8SMuDd+fK3F6Xs6Xj/rPl+oIvYTjipvFK:aeRrATPUPvYvQdK

Score
10/10
mydoomdiscoverypersistenceupxworm

Malware Config

Signatures

  • Detects MyDoom family 2 IoCs
  • MyDoom

    MyDoom is a Worm that is written in C++.

    wormmydoom
  • Mydoom family
    mydoom
  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 3 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\pidujaglbstbz.exe
    "C:\Users\Admin\AppData\Local\Temp\pidujaglbstbz.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    PID:2264

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Windows\SysWOW64\mjeep.dll
    Filesize

    7KB

    MD5

    d433b8aa0441b499d8b5571202dbf41b

    SHA1

    4abcf21e528c3c2d63ce1c07ab09a62a6227dd00

    SHA256

    28a6d87fc34228cfdedb63344aeb21484db2a2cbf929e11dbc332b968e800e92

    SHA512

    f9938b918d6317505d39ce85a5ed49a3b46d56d678ae1136dced2a18b10e71f250c400e614761c58d3606b6720a81d1ea794b1cfb698cd47e326081dde562e3d

    Download Submit

  • memory/2264-0-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2264-4-0x0000000000260000-0x0000000000267000-memory.dmp

    Filesize

    28KB

    Download

  • memory/2264-9-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2264-10-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2264-11-0x0000000000260000-0x0000000000267000-memory.dmp

    Filesize

    28KB

    Download