Analysis
-
max time kernel
142s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
31-10-2023 13:59
General
-
Target
cf00c34acedfc3cccbf909e6b68e826b1cfa9b9850781d9a421fac371588c42a.exe
-
Size
772KB
-
MD5
8c63956cfb2265c8e59b68dd5b2d06f8
-
SHA1
7424d7489a1b112f3fbd1e8342517a02aa219fea
-
SHA256
cf00c34acedfc3cccbf909e6b68e826b1cfa9b9850781d9a421fac371588c42a
-
SHA512
66d48a9e2b3f3441879567b1fbbbd48782a8bb269b223db0f14e59afea9feebfb376baa6c52447681af677d9cd2866a8805885e0bce327d0a97d760d15754f5f
-
SSDEEP
12288:3SX+EvrCA3FNIs34Zk1L1ZSNlm3Spsal6lbRtMuStGKcsCSqcl90VaHg+x:gFNN4Zk1LTclm3e1kbRtyGKcpHcl5A+x
Malware Config
Signatures
-
FlawedAmmyy RAT
Remote-access trojan based on leaked code for the Ammyy remote admin software.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cf00c34acedfc3cccbf909e6b68e826b1cfa9b9850781d9a421fac371588c42a.exe"C:\Users\Admin\AppData\Local\Temp\cf00c34acedfc3cccbf909e6b68e826b1cfa9b9850781d9a421fac371588c42a.exe"1⤵
-
C:\Users\Admin\AppData\Local\Temp\cf00c34acedfc3cccbf909e6b68e826b1cfa9b9850781d9a421fac371588c42a.exe"C:\Users\Admin\AppData\Local\Temp\cf00c34acedfc3cccbf909e6b68e826b1cfa9b9850781d9a421fac371588c42a.exe" -service -lunch1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\cf00c34acedfc3cccbf909e6b68e826b1cfa9b9850781d9a421fac371588c42a.exe"C:\Users\Admin\AppData\Local\Temp\cf00c34acedfc3cccbf909e6b68e826b1cfa9b9850781d9a421fac371588c42a.exe"2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
318B
MD545b9d2549c32d3a2aa42514ede2dd8dd
SHA16d1611cf4e44a11800d5cc9a8bab7597783a7ce6
SHA256b0efd10625be27ef4fdf600eb6b6310b704404103baa06e497b4172215bb7b7d
SHA5125ad7079f0449469356613f72a03be400204c4776c7a701feb1ae2276516ebfb0ed42aa11915ed3e23841408aab783eae8cb81fd5d7ae526a7c07314b9a9cd64e