Analysis
-
max time kernel
380s -
max time network
429s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
26-11-2022 14:36
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220901-en
windows7-x64
12 signatures
150 seconds
General
-
Target
file.exe
-
Size
207KB
-
MD5
3aac99a54cfdd924ec513a839b25e03b
-
SHA1
0ba641dc2a9feb7d686a8750d33402ef77402918
-
SHA256
46b06cf3946145ad58081131067df324905b03271e8e1a2d215a9eca6feb8e3b
-
SHA512
27ee9716d48542b602ccbcc4fc7896340621bad3acd252e952744b0460e461f5d13721dc0628541cfca7ca926590b139798cd452f3dded22e2454eb015f7148a
-
SSDEEP
3072:ixjTCc9AiGJlcn5q1Wf1PMaWFYRri6CEDBDY6wTwgdxfcXOWq3APnLRPHc:kTCqAiQlrWf1kXGNBckgHBTQjRP
Malware Config
Extracted
Family
amadey
Version
3.50
C2
31.41.244.17/hfk3vK9/index.php
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
Processes
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/400-132-0x0000000000B8D000-0x0000000000BAC000-memory.dmpFilesize
124KB
-
memory/400-133-0x00000000001C0000-0x00000000001FE000-memory.dmpFilesize
248KB
-
memory/400-134-0x0000000000400000-0x0000000000AE6000-memory.dmpFilesize
6.9MB
-
memory/400-135-0x0000000000B8D000-0x0000000000BAC000-memory.dmpFilesize
124KB