flawedammyy | 910b1f3d66ec00df75996d802ba50259bad231841692733762d72dd189ecd5d0 | Triage

Analysis

max time kernel
91s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
29-12-2022 12:51

Sharing

Report Analysis Logs

General

Target

tmp.exe
Size

770KB
MD5

9747e809848c689174039bb081cad0d4
SHA1

48dc36665491bf0ef1c49570114b9fde1edec853
SHA256

910b1f3d66ec00df75996d802ba50259bad231841692733762d72dd189ecd5d0
SHA512

6ba1b3a1ab44a5b0050f776360d6be7b6597f6e3a1865b6118b34ee91d37de21a8a5fdd5b9316b46f987a3ddf0d983d59d87e822722517dc621824b0724bba27
SSDEEP

24576:3DYRdLOnSok4fx2jEz5kMNbsRtrxc130jVP:URUnlHx2jEzxlkpjV

Score

10^/10

flawedammyy trojan

Malware Config

Signatures

FlawedAmmyy RAT
Remote-access trojan based on leaked code for the Ammyy remote admin software.
trojan flawedammyy

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

tmp.exe

description	pid	Process	procid_target
PID 5024 wrote to memory of 2168	5024	tmp.exe	82
PID 5024 wrote to memory of 2168	5024	tmp.exe	82
PID 5024 wrote to memory of 2168	5024	tmp.exe	82

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
1⤵
PID:4832

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe" -service -lunch
1⤵
- Suspicious use of WriteProcessMemory
PID:5024
- C:\Users\Admin\AppData\Local\Temp\tmp.exe
  "C:\Users\Admin\AppData\Local\Temp\tmp.exe"
  2⤵
  PID:2168

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\AMMYY\settings3.bin

Filesize
282B

MD5
ac7221c691ef0a93dbbb5bee6efcb7ec

SHA1
54f197fef16badefb4bf0d7339f6bd1099e505da

SHA256
b6b033b71d3f7f92986e32a61b3244b9856e82a9c3d233696a0dfa29a517106f

SHA512
226299ab1b7b388473163f4fecc41d536755586b4c275475128c5e5946554cd9ca69df223469130d85516f2ac2330a2cb35dec2879355ea0186b63d8429dcd6b

Download Submit
memory/2168-135-0x0000000000000000-mapping.dmp

Download