Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

pidujaglbstbz.exe

windows7-x64

10

pidujaglbstbz.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    19/03/2025, 05:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    pidujaglbstbz.exe

  • Size

    65KB

  • MD5

    22b8951d084b1c03c65296963c279e93

  • SHA1

    9a98bfe0bbcc1c6bd7cfb3bbb0d700f8f331f13f

  • SHA256

    c223e1c1c0e0353806b01be751ce807243fee1d69cd2c2eb15cfbe4733b46cf9

  • SHA512

    9b2badc3a7686374ea6c515c00e3b9a6f13b3404cc4ef04bd87ded8507da5350ba11ed036d2d97bb085c1bc3bb2f26630a3765451f14b2591c799db3e336bc68

  • SSDEEP

    1536:ae8SMuDd+fK3F6Xs6Xj/rPl+oIvYTjipvFK:aeRrATPUPvYvQdK

Score
10/10
mydoomdiscoverypersistenceupxworm

Malware Config

Signatures

  • Detects MyDoom family 15 IoCs
  • MyDoom

    MyDoom is a Worm that is written in C++.

    wormmydoom
  • Mydoom family
    mydoom
  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Drops file in System32 directory 3 IoCs
  • UPX packed file 20 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\pidujaglbstbz.exe
    "C:\Users\Admin\AppData\Local\Temp\pidujaglbstbz.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    PID:2488

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Common Files\System\ado\de-DE\zkpxnwsq.exe
    Filesize

    65KB

    MD5

    22b8951d084b1c03c65296963c279e93

    SHA1

    9a98bfe0bbcc1c6bd7cfb3bbb0d700f8f331f13f

    SHA256

    c223e1c1c0e0353806b01be751ce807243fee1d69cd2c2eb15cfbe4733b46cf9

    SHA512

    9b2badc3a7686374ea6c515c00e3b9a6f13b3404cc4ef04bd87ded8507da5350ba11ed036d2d97bb085c1bc3bb2f26630a3765451f14b2591c799db3e336bc68

    Download Submit

  • \Windows\SysWOW64\otay.dll
    Filesize

    8KB

    MD5

    4f5b6cc259f88424565c5b2719a6e5ab

    SHA1

    2240b7d1b1266f0a4f035838429f5dcac5d39a65

    SHA256

    463ca7f1f270a87525ce61b0d5a1e78e4dc3d3562d22a9fc06aa4a05a399db16

    SHA512

    d7c13b65a947d13f4bcfc4269b3a152bc1960b5d47ee0687bbb6a84eb00bffeb8af38bf1d85c2a15bb0f4b670645819c6ec01ca62584404a16a71eb35bd6cdcb

    Download Submit

  • memory/2488-40-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2488-47-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2488-13-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2488-14-0x0000000075000000-0x0000000075007000-memory.dmp

    Filesize

    28KB

    Download

  • memory/2488-4-0x0000000075000000-0x0000000075007000-memory.dmp

    Filesize

    28KB

    Download

  • memory/2488-22-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2488-29-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2488-34-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2488-0-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2488-12-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2488-51-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2488-57-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2488-101-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2488-228-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2488-251-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2488-257-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2488-264-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2488-269-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download