mydoom | f03d197752bb20c041b5bc91154d4258a43e7342564c6d52993d1a5d5c6ea703 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

Email-Worm....Q.exe

windows7-x64

Email-Worm....Q.exe

windows10-2004-x64

Sharing

General

Target

f03d197752bb20c041b5bc91154d4258a43e7342564c6d52993d1a5d5c6ea703.zip
Size

52KB
Sample

250327-vpl8lsxmy8
MD5

138b1e1cfb6bba0af33214a4bbf86423
SHA1

441c8465cbb8291a511f8a722bd81b70126f08b6
SHA256

f03d197752bb20c041b5bc91154d4258a43e7342564c6d52993d1a5d5c6ea703
SHA512

8e3e2e04a25bca69e89515bb89724e78fc0d19ffd08a2b3b33ee804aa9d0288f9ae26fba436a9215be0cb92572adde654d7eb279f0ef78c14f7852e67b128ee9
SSDEEP

1536:1JJrCjAsH0GRTOXyRKu46LioXqRiEEwA+:lCA75yRPLiEqiE/A+

Score

10^/10

mydoom discovery persistence worm

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Email-Worm.MyDoom.Q.exe

Resource

win7-20240903-en

mydoom discovery persistence worm

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

Email-Worm.MyDoom.Q.exe

Resource

win10v2004-20250314-en

mydoom discovery persistence worm

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  Email-Worm.MyDoom.Q.exe
- Size
  
  69KB
- MD5
  
  90ed312f62273faf905bb1c84b373148
- SHA1
  
  e1e61ff9ee752bab865cdbcc60b984ef5dbf0f93
- SHA256
  
  a1bede9e51a9bd3595c079d505a96816de8575b6a87425b42325ed1b7598390d
- SHA512
  
  b832ac68b700afefee267ca491b639a11841f22a7c81fbac5e36a07bbedcbb117738d66ae96215708bba8524521b11e0751b967acc18018eedcc5de6fb1a9c69
- SSDEEP
  
  1536:/g7wc1aGNC0klI7CPN3uxP9YhzQ7p1whO3ylqva1WX+:I7wc1aOCo7C132PwG+O3yYxu
Score

10^/10

mydoom discovery persistence worm
- Detects MyDoom family
- MyDoom
  MyDoom is a Worm that is written in C++.
  worm mydoom
- Mydoom family
  mydoom
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mydoomdiscoverypersistenceworm

behavioral2

mydoomdiscoverypersistenceworm

© 2018-2025

Terms | Privacy