File name:

MM.exe

Full analysis: https://app.any.run/tasks/9dbece0d-1a52-4127-94be-00f63cdf8201
Verdict: Malicious activity
Analysis date: October 08, 2023, 10:08:42
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
mydoom
worm
netsky
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

90DE57F1AA8C16C1B5143A0EE42464A1

SHA1:

85466D751270D2FEBD570F193C1A1961FF1776BD

SHA256:

4F6EC0F7A933CACE3ADA84F9064D7208ED8FA8006836011606F7D185F4C60AC3

SSDEEP:

1536:QJheoUvcQ/3cbMZ8xLmqelCkUeH2pb4MlncxxMsWjcdpx8CEe:PoUF/3cw6AqelTDWpb4Ml8tpSBe

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Unusual connection from system programs

      • rundll32.exe (PID: 3180)

    • NETSKY was detected

      • MM.exe (PID: 2412)

    • MYDOOM was detected

      • MM.exe (PID: 2412)

  • SUSPICIOUS

    • Reads the Internet Settings

      • rundll32.exe (PID: 3180)

    • Connects to SMTP port

      • MM.exe (PID: 2412)

  • INFO

    • Creates files or folders in the user directory

      • rundll32.exe (PID: 3180)

    • Checks supported languages

      • MM.exe (PID: 2412)

    • Checks proxy server information

      • rundll32.exe (PID: 3180)

    • Reads the computer name

      • MM.exe (PID: 2412)

    • Create files in a temporary directory

      • MM.exe (PID: 2412)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:10:08 12:08:19+02:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 11
CodeSize: 48128
InitializedDataSize: 47104
UninitializedDataSize: -
EntryPoint: 0x6ab9
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
2
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start #MYDOOM mm.exe rundll32.exe

Process information

PID
CMD
Path
Indicators
Parent process
2412"C:\Users\admin\Desktop\MM.exe" C:\Users\admin\Desktop\MM.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\users\admin\desktop\mm.exe
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
3180C:\Windows\system32\rundll32.exe C:\Windows\system32\gameux.dll,GameUXShim {29dfdaf6-2655-4d7d-9dae-112ce811cf33};C:\Users\admin\Desktop\MM.exe;2412C:\Windows\System32\rundll32.exe
MM.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
Total events
965
Read events
965
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
25
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
2412MM.exeC:\Users\admin\AppData\Local\Temp\tmp6E10.tmpcompressed
MD5:CFBF5521874956746240F8778EE61401
SHA256:234D4AF76F459ABBFE0BC0CDA9CBE6D2F78B1670DE454CCFE17A6A575F0800CB
2412MM.exeC:\Users\admin\AppData\Local\Temp\tmpF1CC.tmpcompressed
MD5:E1A7947573DE4B03A00967CB65252B2E
SHA256:9E086DC7722A0ECECF8BFBD43D5CC399B91A75E660D0B819BE15B6EF81B0FE88
2412MM.exeC:\Users\admin\AppData\Local\Temp\tmp595C.tmpcompressed
MD5:352B23D593465D5C35341DA762A0C3FD
SHA256:382683697635161F3B06851C4DCE096E101AEC0DEA7E3757D9C6EE25D009BDF3
3180rundll32.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Steam Dark Messiah Might and Magic Single Player™.lnkbinary
MD5:7C097A2D05CEF22D24FA144475A6DF54
SHA256:E85CD9018613616D302A0B04B6B217809E6C33177E4052C68934386EB029CEC5
2412MM.exeC:\Users\admin\AppData\Local\Temp\tmp74EA.tmpcompressed
MD5:CE285606660D2E1796726924BBD40532
SHA256:AD1DDD7CBB8CAB932A1214F1BAEED3138ACA559C496C0BFBD463BF4D74B75D73
2412MM.exeC:\Users\admin\AppData\Local\Temp\tmpB426.tmpcompressed
MD5:41AC6D232D66DD4AADEFD0E7F0ED914E
SHA256:028CA37B42C09ECF4F29C589A4AB7624DE0B2DF9580E17FE415DA80F5A7F889C
2412MM.exeC:\Users\admin\AppData\Local\Temp\tmp71CC.tmpcompressed
MD5:CECA2194B0DF9CF6D6BE5E88894F44BA
SHA256:6A2661630295A391B984040732CC3EC2F7851DF99F8ACD649A4E0CA01AD53C0A
2412MM.exeC:\Users\admin\AppData\Local\Temp\tmp22F0.tmpcompressed
MD5:903D267C5C3CB8B7CFA09B60B1CD52BB
SHA256:9F94732223D7D1FBE2B7A28F6C067E75B264CD866E4B97F0B88E1AB8D0A7F189
3180rundll32.exeC:\Users\admin\AppData\Local\Microsoft\Windows\GameExplorer\{7EE4EA94-5706-4653-A61B-E10100FB5732}\PlayTasks\0\Play.lnkbinary
MD5:0A13FB02E24B17842861D210B8CEEF12
SHA256:D0E99FB0D4C3E29BE543EF2E87A47D7E2448B941F1BB1E969F8F5271B010D037
2412MM.exeC:\Users\admin\AppData\Local\Temp\tmp6C2A.tmpcompressed
MD5:5AE756C51B95C5235C2DF2D0DD03069D
SHA256:3741C0F1A6071C9953AEFE29717BAFA1F4FEFEAB4D74BAA70D60CAB0074A736E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
156
DNS requests
168
Threats
28

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3180
rundll32.exe
GET
302
23.32.186.57:80
http://go.microsoft.com/fwlink?linkid=30219&locale=en-US&clientType=VISTA_GAMES&clientVersion=6.1.2
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
3180
rundll32.exe
23.32.186.57:80
go.microsoft.com
AKAMAI-AS
BR
unknown
3180
rundll32.exe
65.55.5.170:80
movie.metaservices.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2656
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
2412
MM.exe
104.47.73.10:25
adobe.mail.protection.outlook.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
2412
MM.exe
104.47.73.138:25
adobe.mail.protection.outlook.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
2412
MM.exe
2.19.126.94:25
adobe.com
Akamai International B.V.
DE
unknown
2412
MM.exe
192.150.14.154:25
mail.adobe.com
ADOBE-NET
US
unknown
2412
MM.exe
17.179.253.242:25
mx-in-rno.apple.com
APPLE-ENGINEERING
US
unknown

DNS requests

Domain
IP
Reputation
go.microsoft.com
  • 23.32.186.57
whitelisted
movie.metaservices.microsoft.com
  • 65.55.5.170
whitelisted
adobe.com
  • 2.19.126.94
  • 2.19.126.72
whitelisted
adobe.mail.protection.outlook.com
  • 104.47.73.10
  • 104.47.73.138
unknown
adobe-com.mail.protection.outlook.com
  • 104.47.73.138
  • 104.47.73.10
unknown
dns.msftncsi.com
  • 131.107.255.255
shared
mx.adobe.com
unknown
mail.adobe.com
  • 192.150.14.154
unknown
apple.com
  • 17.253.144.10
whitelisted
mx-in-rno.apple.com
  • 17.179.253.242
unknown

Threats

PID
Process
Class
Message
2412
MM.exe
Generic Protocol Command Decode
SURICATA SMTP invalid reply
2412
MM.exe
Generic Protocol Command Decode
SURICATA SMTP invalid reply
2412
MM.exe
Generic Protocol Command Decode
SURICATA SMTP invalid reply
25 ETPRO signatures available at the full report
Process
Message
MM.exe
C:\MSOCache\All Users\{90140000-0015-0407-0000-0000000FF1CE}-C\AccessMUI.xml
MM.exe
C:\MSOCache\All Users\{90140000-0015-0407-0000-0000000FF1CE}-C\Setup.xml
MM.exe
C:\MSOCache\All Users\{90140000-0015-040C-0000-0000000FF1CE}-C\Setup.xml
MM.exe
C:\MSOCache\All Users\{90140000-0015-040C-0000-0000000FF1CE}-C\AccessMUI.xml
MM.exe
C:\MSOCache\All Users\{90140000-0015-0410-0000-0000000FF1CE}-C\AccessMUI.xml
MM.exe
C:\MSOCache\All Users\{90140000-0015-0410-0000-0000000FF1CE}-C\Setup.xml
MM.exe
C:\MSOCache\All Users\{90140000-0015-0411-0000-0000000FF1CE}-C\AccessMUI.xml
MM.exe
C:\MSOCache\All Users\{90140000-0015-0411-0000-0000000FF1CE}-C\Setup.xml
MM.exe
C:\MSOCache\All Users\{90140000-0015-0412-0000-0000000FF1CE}-C\Setup.xml
MM.exe
C:\MSOCache\All Users\{90140000-0015-0412-0000-0000000FF1CE}-C\AccessMUI.xml
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
MM.exe