flawedammyy | 5fc600351bade74c2791fc526bca6bb606355cc65e5253f7f791254db58ee7fa | Triage

Analysis

max time kernel
124s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
15-06-2023 11:57

Sharing

Report Analysis Logs

General

Target

sf.exe
Size

778KB
MD5

121e1634bf18768802427f0a13f039a9
SHA1

8868654ba10fb4c9a7bd882d1f947f4fd51e988e
SHA256

5fc600351bade74c2791fc526bca6bb606355cc65e5253f7f791254db58ee7fa
SHA512

393df326af3109fe701b579b73f42f7a9b155bb4df6ea7049ad3ae9fdd03446576b887a99eb7a0d59949a7a63367e223253448b6f1a0ebeaf358fa2873dcc200
SSDEEP

12288:hSX+EvrCA3FNIs34Zk1L1ZSNlm3Spsal6lbRtMuStGKcsCSqcl90Va1ugp:2FNN4Zk1LTclm3e1kbRtyGKcpHcl517p

Score

10^/10

flawedammyy trojan

Malware Config

Signatures

FlawedAmmyy RAT
Remote-access trojan based on leaked code for the Ammyy remote admin software.
trojan flawedammyy

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

sf.exe

pid	Process
2024	sf.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

sf.exe

description	pid	Process	procid_target
PID 1992 wrote to memory of 2024	1992	sf.exe	28
PID 1992 wrote to memory of 2024	1992	sf.exe	28
PID 1992 wrote to memory of 2024	1992	sf.exe	28
PID 1992 wrote to memory of 2024	1992	sf.exe	28

C:\Users\Admin\AppData\Local\Temp\sf.exe
"C:\Users\Admin\AppData\Local\Temp\sf.exe"
1⤵
PID:816

C:\Users\Admin\AppData\Local\Temp\sf.exe
"C:\Users\Admin\AppData\Local\Temp\sf.exe" -service -lunch
1⤵
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Users\Admin\AppData\Local\Temp\sf.exe
  "C:\Users\Admin\AppData\Local\Temp\sf.exe"
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\AMMYY\settings3.bin

Filesize
282B

MD5
ac7221c691ef0a93dbbb5bee6efcb7ec

SHA1
54f197fef16badefb4bf0d7339f6bd1099e505da

SHA256
b6b033b71d3f7f92986e32a61b3244b9856e82a9c3d233696a0dfa29a517106f

SHA512
226299ab1b7b388473163f4fecc41d536755586b4c275475128c5e5946554cd9ca69df223469130d85516f2ac2330a2cb35dec2879355ea0186b63d8429dcd6b

Download Submit