flawedammyy | be7da4a4eb534744bba008b2ff12f4f72b09432d1c1a27d2a1dc76fc0737bd65

Analysis

max time kernel
2s
max time network
16s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/10/2022, 05:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

be7da4a4eb534744bba008b2ff12f4f72b09432d1c1a27d2a1dc76fc0737bd65.exe
Size

825KB
MD5

b4ac3a610662ffcc285a098ab43f6970
SHA1

1d0a2b0924de9d9afed132d5e8b6214dc1dfc9e5
SHA256

be7da4a4eb534744bba008b2ff12f4f72b09432d1c1a27d2a1dc76fc0737bd65
SHA512

6cc4f2845dc9770b7caff501d568e43936ff3cce0e2ccb0010c15c3ca179a2ff9a80eca4abe2f3c7ddb4f8f2574fa567bb1dc4bfb8c9be5701e2d555d9b7d65f
SSDEEP

24576:PkK+waI8JRQMEJ2rufRtse9r0v8MlBiIwuD0w6RAfEy:c4aSlx8lBi7E0lSfEy

Score

10^/10

flawedammyy trojan

Malware Config

Signatures

FlawedAmmyy RAT
Remote-access trojan based on leaked code for the Ammyy remote admin software.
trojan flawedammyy

C:\Users\Admin\AppData\Local\Temp\be7da4a4eb534744bba008b2ff12f4f72b09432d1c1a27d2a1dc76fc0737bd65.exe
"C:\Users\Admin\AppData\Local\Temp\be7da4a4eb534744bba008b2ff12f4f72b09432d1c1a27d2a1dc76fc0737bd65.exe"
1⤵
PID:872

C:\Users\Admin\AppData\Local\Temp\be7da4a4eb534744bba008b2ff12f4f72b09432d1c1a27d2a1dc76fc0737bd65.exe
"C:\Users\Admin\AppData\Local\Temp\be7da4a4eb534744bba008b2ff12f4f72b09432d1c1a27d2a1dc76fc0737bd65.exe" -service -lunch
1⤵
PID:904
- C:\Users\Admin\AppData\Local\Temp\be7da4a4eb534744bba008b2ff12f4f72b09432d1c1a27d2a1dc76fc0737bd65.exe
  "C:\Users\Admin\AppData\Local\Temp\be7da4a4eb534744bba008b2ff12f4f72b09432d1c1a27d2a1dc76fc0737bd65.exe"
  2⤵
  PID:1464

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\AMMYY\settings.bin

Filesize
76B

MD5
090bba5cbe9cd62189310f633f14d686

SHA1
0ce1d78aace04650b0c592665686a89412c1771c

SHA256
7bc48188bbd0ad1b7ac10257e6a8fc5327f2ccfd56402a4353f6d8ef26eb0ff8

SHA512
846781bdb4d8902963f1859077c8db4c763fdd4ca28f0be83b95c20d324b5db030f312fc3d4f959dc05ca4f41ef872a49d123195494b16440e16ebcc5edb31a7

Download Submit
\Users\Admin\AppData\Local\Temp\sck1BBC.tmp

Filesize
17KB

MD5
4f17d492eeeed2bb154a6ed89fb71d05

SHA1
9e769b7836ab093d0ac1d60095f794808d58a6f7

SHA256
f8745e558b6f882adef4e83cd5069dc28ee31a474916081d59ec911ff70a15e3

SHA512
78598cdf9fdb38dcd6cf363e85e5cbcdf12375a624e57c0a5d9fb717977659a11109d8207516ae0e1dbab5dfaeb84d200e726b3ae8f204d648ecdddb119ed643

Download Submit
\Windows\Temp\cdk1F16.tmp

Filesize
5KB

MD5
a89f264fe6eac7ac8c96e1fe24945776

SHA1
e61f1df690e19180806350216b9f286e6efb9636

SHA256
959192ee66d3bf783610985d5f3950b65b07975f30bbacd1558877b25ba1d05e

SHA512
1a4f3b85f6934525dfd88e4f28522dba965f6998b8b26f78f74c2c6b01d7ec1729f4a03f229ec1e190f272d8513880ec0c4e5024ec5b058b1e4ddd693d20837a

Download Submit
\Windows\Temp\pdk1E99.tmp

Filesize
20KB

MD5
78731dd3a836075520cb8e78bd913a26

SHA1
bba392d1361f0c093cf6b017951013a670636797

SHA256
d658ed7e8f51414f2c64009ced65894044258ea3527c2891ba926c8c5b7b24a5

SHA512
cf272450c468ff51912d30823c9d7ce1f97da9615dbc05a56102f25c349040c1ed404c512e49c81c1d2339223d23ebb08ab17b36e55f396ac6e41e5c9b583124

Download Submit
memory/872-54-0x0000000075B41000-0x0000000075B43000-memory.dmp

Filesize
8KB

Download
memory/872-56-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/872-57-0x0000000001E40000-0x0000000001EB3000-memory.dmp

Filesize
460KB

Download
memory/872-67-0x0000000001E40000-0x0000000001EB3000-memory.dmp

Filesize
460KB

Download
memory/904-63-0x00000000006B0000-0x0000000000723000-memory.dmp

Filesize
460KB

Download
memory/904-62-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads