Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

pidujaglbstbz.exe

windows7-x64

10

pidujaglbstbz.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/03/2025, 05:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    pidujaglbstbz.exe

  • Size

    65KB

  • MD5

    22b8951d084b1c03c65296963c279e93

  • SHA1

    9a98bfe0bbcc1c6bd7cfb3bbb0d700f8f331f13f

  • SHA256

    c223e1c1c0e0353806b01be751ce807243fee1d69cd2c2eb15cfbe4733b46cf9

  • SHA512

    9b2badc3a7686374ea6c515c00e3b9a6f13b3404cc4ef04bd87ded8507da5350ba11ed036d2d97bb085c1bc3bb2f26630a3765451f14b2591c799db3e336bc68

  • SSDEEP

    1536:ae8SMuDd+fK3F6Xs6Xj/rPl+oIvYTjipvFK:aeRrATPUPvYvQdK

Score
10/10
mydoomdiscoverypersistenceupxworm

Malware Config

Signatures

  • Detects MyDoom family 16 IoCs
  • MyDoom

    MyDoom is a Worm that is written in C++.

    wormmydoom
  • Mydoom family
    mydoom
  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Drops file in System32 directory 3 IoCs
  • UPX packed file 21 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\pidujaglbstbz.exe
    "C:\Users\Admin\AppData\Local\Temp\pidujaglbstbz.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:5144
    • C:\Windows\SysWOW64\notepad.exe
      notepad "C:\Users\Admin\AppData\Local\Temp\Mail"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:5192

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Common Files\microsoft shared\ink\es-ES\uvuh.exe
    Filesize

    65KB

    MD5

    22b8951d084b1c03c65296963c279e93

    SHA1

    9a98bfe0bbcc1c6bd7cfb3bbb0d700f8f331f13f

    SHA256

    c223e1c1c0e0353806b01be751ce807243fee1d69cd2c2eb15cfbe4733b46cf9

    SHA512

    9b2badc3a7686374ea6c515c00e3b9a6f13b3404cc4ef04bd87ded8507da5350ba11ed036d2d97bb085c1bc3bb2f26630a3765451f14b2591c799db3e336bc68

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Mail
    Filesize

    2KB

    MD5

    2e6441ee9dc156b538264f20cc365da9

    SHA1

    1f6b966f59bb5557b975d474203989e9108213e7

    SHA256

    8a95c25c949c3dfd1541e8c16cdee401fa57cea665585e7eae191b14ca4d3174

    SHA512

    1be3cc1f89c1adf1b2f7573b4b03d294c82c97aa6175f7a97f5a7a29c5cec9d7c7f74bd8c588be46890a942223c30a9d3226c8393d173eb2a606006986417bc5

    Download Submit

  • C:\Windows\SysWOW64\gvimmqsa.dll
    Filesize

    7KB

    MD5

    b6f4a8803812f794a71c0058641d345b

    SHA1

    578303a63fdfcad7b8a325b9b725f0759881dcf4

    SHA256

    efbaf53798000e3a31b24badbdf827727b698bdb41f0607400acae05d30f13ba

    SHA512

    3b915de249be0e85d1ffecc1364008f70eb057d3be768e38ff8b21e5a2027dd365abe543f946cf2c43bb3a5f9f99254160f01d5c0e82ce6c45bb7eae12515ac2

    Download Submit

  • memory/5144-170-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/5144-191-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/5144-83-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/5144-91-0x0000000000510000-0x0000000000517000-memory.dmp

    Filesize

    28KB

    Download

  • memory/5144-92-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/5144-145-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/5144-163-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/5144-0-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/5144-177-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/5144-7-0x0000000000510000-0x0000000000517000-memory.dmp

    Filesize

    28KB

    Download

  • memory/5144-196-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/5144-203-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/5144-205-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/5144-207-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/5144-209-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/5144-211-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/5144-213-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/5144-227-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/5144-229-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download