Analysis
-
max time kernel
350s -
max time network
380s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
26-11-2022 17:33
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
12 signatures
150 seconds
General
-
Target
file.exe
-
Size
207KB
-
MD5
b8163409efad572bc7627feafd46452d
-
SHA1
882f5b58827cc7cb4faef3eb590728cd9764829d
-
SHA256
cb8ccdb72d2ccc8aa9e1d5ef9eaf0365cada4573d1de36e6505c176fb4b27366
-
SHA512
774c0797a5f5e0c18cb38ecf8a26ba17c2a0ee0a93de7f56a4ea37f65a31cb09a999e5138dcebaaca74e029df848feefeff8b7f12d863cb2245c858ce299ed93
-
SSDEEP
3072:l5r5+ytc5m5Xqu8oSvXXomdtT7Voia060vQhS+ac1oivqxtExB:b57cOovXXoUtSi9ES+aceiyxG
Malware Config
Extracted
Family
amadey
Version
3.50
C2
31.41.244.17/hfk3vK9/index.php
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1804-132-0x0000000000C19000-0x0000000000C38000-memory.dmpFilesize
124KB
-
memory/1804-133-0x00000000026E0000-0x000000000271E000-memory.dmpFilesize
248KB
-
memory/1804-134-0x0000000000C19000-0x0000000000C38000-memory.dmpFilesize
124KB
-
memory/1804-135-0x0000000000400000-0x0000000000AE6000-memory.dmpFilesize
6.9MB