Overview

overview

10

Static

static

10

5b003e112a...2f.exe

windows7_x64

10

5b003e112a...2f.exe

windows10_x64

10

Analysis

  • max time kernel
    139s
  • max time network
    157s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    07-09-2021 06:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5b003e112ab22c2689cdf5379d7fc64da81f9fa7b0945632c9f489ca1a39192f.exe

  • Size

    1002KB

  • MD5

    93661162a502c88690f9f39c15dcfcce

  • SHA1

    757ecaf8610a7b7c45694ce4db2ec9b3ea1f7f94

  • SHA256

    5b003e112ab22c2689cdf5379d7fc64da81f9fa7b0945632c9f489ca1a39192f

  • SHA512

    e22c1de5eeef3eed65500316d6001613fad758098316ea683235e4637bd0e95e851e2e3ab0afcaa24a4b6adcf089989e0201b7b0ca63051ccb56a0a4b4efbba2

Score
10/10
ammyyadminrat

Malware Config

Signatures

  • Ammyy Admin

    Remote admin tool with various capabilities.

    ratammyyadmin
  • AmmyyAdmin Payload 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5b003e112ab22c2689cdf5379d7fc64da81f9fa7b0945632c9f489ca1a39192f.exe
    "C:\Users\Admin\AppData\Local\Temp\5b003e112ab22c2689cdf5379d7fc64da81f9fa7b0945632c9f489ca1a39192f.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:632
    • C:\Users\Admin\AppData\Local\Temp\budha.exe
      "C:\Users\Admin\AppData\Local\Temp\budha.exe"
      2⤵
      • Executes dropped EXE
      PID:2604

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/632-115-0x0000000002630000-0x0000000002A30000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/632-114-0x0000000002140000-0x0000000002141000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2604-119-0x00000000021C0000-0x00000000021C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2604-120-0x0000000002510000-0x0000000002910000-memory.dmp

    Filesize

    4.0MB

    Download