Overview

overview

10

Static

static

3

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    192s
  • max time network
    259s
  • platform
    windows10-1703_x64
  • resource
    win10-20230703-en
  • resource tags

    arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
  • submitted
    16-08-2023 04:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c010da0b5ee5ca9b8d48491d007af10e5b80f6d7950145e1cf81a195c19836d7.exe

  • Size

    2.3MB

  • MD5

    aa486e83365ae67a5778758685ca4d6f

  • SHA1

    633e328f5deb9c09e99368fa25f6deca4a601bbb

  • SHA256

    c010da0b5ee5ca9b8d48491d007af10e5b80f6d7950145e1cf81a195c19836d7

  • SHA512

    e16ef48515eccea7dcb27521027785e9a42ec9d8c76af86f598be363998453f3a71e976bb9ac38caf0751286c41f443cd3a3fad0507f4eedd1d7affeb4734dfd

  • SSDEEP

    24576:hH1FcclmgReLIGaIhJxSJ2lKZZAsKQ7F1RBdaBZZR0DBfg92KVOikDlbnJ6dT17x:DlbKxF8qg11A1o6Xqm

Score
10/10
amadeytrojan

Malware Config

Extracted

Family

amadey

Version

3.86

C2

45.9.74.182/b7djSDcPcZ/index.php

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey
  • Drops startup file 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c010da0b5ee5ca9b8d48491d007af10e5b80f6d7950145e1cf81a195c19836d7.exe
    "C:\Users\Admin\AppData\Local\Temp\c010da0b5ee5ca9b8d48491d007af10e5b80f6d7950145e1cf81a195c19836d7.exe"
    1⤵
    • Drops startup file
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:5056
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"
      2⤵
        PID:656

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/656-151-0x0000000000400000-0x000000000043B000-memory.dmp

      Filesize

      236KB

      Download

    • memory/656-155-0x0000000000400000-0x000000000043B000-memory.dmp

      Filesize

      236KB

      Download

    • memory/656-154-0x0000000000400000-0x000000000043B000-memory.dmp

      Filesize

      236KB

      Download

    • memory/656-153-0x0000000000400000-0x000000000043B000-memory.dmp

      Filesize

      236KB

      Download

    • memory/656-152-0x0000000000400000-0x000000000043B000-memory.dmp

      Filesize

      236KB

      Download

    • memory/5056-138-0x0000000005340000-0x0000000005355000-memory.dmp

      Filesize

      84KB

      Download

    • memory/5056-146-0x0000000005340000-0x0000000005355000-memory.dmp

      Filesize

      84KB

      Download

    • memory/5056-128-0x0000000005340000-0x0000000005355000-memory.dmp

      Filesize

      84KB

      Download

    • memory/5056-130-0x0000000005340000-0x0000000005355000-memory.dmp

      Filesize

      84KB

      Download

    • memory/5056-132-0x0000000005340000-0x0000000005355000-memory.dmp

      Filesize

      84KB

      Download

    • memory/5056-134-0x0000000005340000-0x0000000005355000-memory.dmp

      Filesize

      84KB

      Download

    • memory/5056-136-0x0000000005340000-0x0000000005355000-memory.dmp

      Filesize

      84KB

      Download

    • memory/5056-120-0x00000000009A0000-0x0000000000BE8000-memory.dmp

      Filesize

      2.3MB

      Download

    • memory/5056-140-0x0000000005340000-0x0000000005355000-memory.dmp

      Filesize

      84KB

      Download

    • memory/5056-142-0x0000000005340000-0x0000000005355000-memory.dmp

      Filesize

      84KB

      Download

    • memory/5056-144-0x0000000005340000-0x0000000005355000-memory.dmp

      Filesize

      84KB

      Download

    • memory/5056-126-0x0000000005340000-0x0000000005355000-memory.dmp

      Filesize

      84KB

      Download

    • memory/5056-148-0x0000000005340000-0x0000000005355000-memory.dmp

      Filesize

      84KB

      Download

    • memory/5056-149-0x00000000053C0000-0x00000000053D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5056-150-0x00000000053A0000-0x00000000053A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/5056-125-0x0000000005340000-0x0000000005355000-memory.dmp

      Filesize

      84KB

      Download

    • memory/5056-124-0x0000000005340000-0x000000000535C000-memory.dmp

      Filesize

      112KB

      Download

    • memory/5056-123-0x0000000073150000-0x000000007383E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/5056-122-0x00000000053D0000-0x000000000546C000-memory.dmp

      Filesize

      624KB

      Download

    • memory/5056-121-0x0000000073150000-0x000000007383E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/5056-156-0x00000000053C0000-0x00000000053D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5056-162-0x0000000073150000-0x000000007383E000-memory.dmp

      Filesize

      6.9MB

      Download