Overview

overview

10

Static

static

3

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    202s
  • max time network
    260s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    16-08-2023 04:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c010da0b5ee5ca9b8d48491d007af10e5b80f6d7950145e1cf81a195c19836d7.exe

  • Size

    2.3MB

  • MD5

    aa486e83365ae67a5778758685ca4d6f

  • SHA1

    633e328f5deb9c09e99368fa25f6deca4a601bbb

  • SHA256

    c010da0b5ee5ca9b8d48491d007af10e5b80f6d7950145e1cf81a195c19836d7

  • SHA512

    e16ef48515eccea7dcb27521027785e9a42ec9d8c76af86f598be363998453f3a71e976bb9ac38caf0751286c41f443cd3a3fad0507f4eedd1d7affeb4734dfd

  • SSDEEP

    24576:hH1FcclmgReLIGaIhJxSJ2lKZZAsKQ7F1RBdaBZZR0DBfg92KVOikDlbnJ6dT17x:DlbKxF8qg11A1o6Xqm

Score
10/10
amadeytrojan

Malware Config

Extracted

Family

amadey

Version

3.86

C2

45.9.74.182/b7djSDcPcZ/index.php

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey
  • Drops startup file 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c010da0b5ee5ca9b8d48491d007af10e5b80f6d7950145e1cf81a195c19836d7.exe
    "C:\Users\Admin\AppData\Local\Temp\c010da0b5ee5ca9b8d48491d007af10e5b80f6d7950145e1cf81a195c19836d7.exe"
    1⤵
    • Drops startup file
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3024
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"
      2⤵
        PID:2984

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \Users\Admin\Videos\burembajotfvn.exe
      Filesize

      2.3MB

      MD5

      aa486e83365ae67a5778758685ca4d6f

      SHA1

      633e328f5deb9c09e99368fa25f6deca4a601bbb

      SHA256

      c010da0b5ee5ca9b8d48491d007af10e5b80f6d7950145e1cf81a195c19836d7

      SHA512

      e16ef48515eccea7dcb27521027785e9a42ec9d8c76af86f598be363998453f3a71e976bb9ac38caf0751286c41f443cd3a3fad0507f4eedd1d7affeb4734dfd

      Download Submit

    • memory/2984-84-0x0000000000400000-0x000000000043B000-memory.dmp

      Filesize

      236KB

      Download

    • memory/2984-97-0x0000000000400000-0x000000000043B000-memory.dmp

      Filesize

      236KB

      Download

    • memory/2984-96-0x0000000000400000-0x000000000043B000-memory.dmp

      Filesize

      236KB

      Download

    • memory/2984-95-0x0000000000400000-0x000000000043B000-memory.dmp

      Filesize

      236KB

      Download

    • memory/2984-93-0x0000000000400000-0x000000000043B000-memory.dmp

      Filesize

      236KB

      Download

    • memory/2984-91-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2984-90-0x0000000000400000-0x000000000043B000-memory.dmp

      Filesize

      236KB

      Download

    • memory/2984-89-0x0000000000400000-0x000000000043B000-memory.dmp

      Filesize

      236KB

      Download

    • memory/2984-87-0x0000000000400000-0x000000000043B000-memory.dmp

      Filesize

      236KB

      Download

    • memory/2984-88-0x0000000000400000-0x000000000043B000-memory.dmp

      Filesize

      236KB

      Download

    • memory/2984-86-0x0000000000400000-0x000000000043B000-memory.dmp

      Filesize

      236KB

      Download

    • memory/3024-65-0x0000000000520000-0x0000000000535000-memory.dmp

      Filesize

      84KB

      Download

    • memory/3024-54-0x0000000074580000-0x0000000074C6E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/3024-77-0x0000000000520000-0x0000000000535000-memory.dmp

      Filesize

      84KB

      Download

    • memory/3024-79-0x0000000000520000-0x0000000000535000-memory.dmp

      Filesize

      84KB

      Download

    • memory/3024-81-0x0000000000520000-0x0000000000535000-memory.dmp

      Filesize

      84KB

      Download

    • memory/3024-82-0x0000000004C60000-0x0000000004CA0000-memory.dmp

      Filesize

      256KB

      Download

    • memory/3024-83-0x0000000000A30000-0x0000000000A31000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3024-73-0x0000000000520000-0x0000000000535000-memory.dmp

      Filesize

      84KB

      Download

    • memory/3024-71-0x0000000000520000-0x0000000000535000-memory.dmp

      Filesize

      84KB

      Download

    • memory/3024-69-0x0000000000520000-0x0000000000535000-memory.dmp

      Filesize

      84KB

      Download

    • memory/3024-67-0x0000000000520000-0x0000000000535000-memory.dmp

      Filesize

      84KB

      Download

    • memory/3024-75-0x0000000000520000-0x0000000000535000-memory.dmp

      Filesize

      84KB

      Download

    • memory/3024-63-0x0000000000520000-0x0000000000535000-memory.dmp

      Filesize

      84KB

      Download

    • memory/3024-61-0x0000000000520000-0x0000000000535000-memory.dmp

      Filesize

      84KB

      Download

    • memory/3024-59-0x0000000000520000-0x0000000000535000-memory.dmp

      Filesize

      84KB

      Download

    • memory/3024-58-0x0000000000520000-0x0000000000535000-memory.dmp

      Filesize

      84KB

      Download

    • memory/3024-57-0x0000000000520000-0x000000000053C000-memory.dmp

      Filesize

      112KB

      Download

    • memory/3024-56-0x0000000074580000-0x0000000074C6E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/3024-98-0x0000000004C60000-0x0000000004CA0000-memory.dmp

      Filesize

      256KB

      Download

    • memory/3024-55-0x0000000000AA0000-0x0000000000CE8000-memory.dmp

      Filesize

      2.3MB

      Download

    • memory/3024-104-0x0000000074580000-0x0000000074C6E000-memory.dmp

      Filesize

      6.9MB

      Download