Analysis
-
max time kernel
163s -
max time network
177s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
31-12-2023 01:20
Behavioral task
behavioral1
Sample
357230056c30b4d7a7d697114d3d90ddc9a13dcb174a9a6d1f74c950e5bcd570.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
357230056c30b4d7a7d697114d3d90ddc9a13dcb174a9a6d1f74c950e5bcd570.exe
Resource
win10v2004-20231215-en
General
-
Target
357230056c30b4d7a7d697114d3d90ddc9a13dcb174a9a6d1f74c950e5bcd570.exe
-
Size
782KB
-
MD5
390ddaff20160396e7490b239b4cad9b
-
SHA1
44c10c691fc2639b3436abe8dc25542ff5a73067
-
SHA256
357230056c30b4d7a7d697114d3d90ddc9a13dcb174a9a6d1f74c950e5bcd570
-
SHA512
fd9d519d5e0f3c7d5ac55d594ef23eff6b96e45efe582b8f2fb88c657d76dd4966de73faf4dcea02913940a46c2aa9a6cec8748bcdfb43530e0b3228f8eb833b
-
SSDEEP
12288:bWJDVSwZtyHFaMhY1SPEKH0OERt4PMsajW0pSEV3fugE:q7FZtoFaiY1SsKpERtMMRy0ptf7E
Malware Config
Signatures
-
FlawedAmmyy RAT
Remote-access trojan based on leaked code for the Ammyy remote admin software.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
357230056c30b4d7a7d697114d3d90ddc9a13dcb174a9a6d1f74c950e5bcd570.exedescription pid process target process PID 2768 wrote to memory of 2300 2768 357230056c30b4d7a7d697114d3d90ddc9a13dcb174a9a6d1f74c950e5bcd570.exe 357230056c30b4d7a7d697114d3d90ddc9a13dcb174a9a6d1f74c950e5bcd570.exe PID 2768 wrote to memory of 2300 2768 357230056c30b4d7a7d697114d3d90ddc9a13dcb174a9a6d1f74c950e5bcd570.exe 357230056c30b4d7a7d697114d3d90ddc9a13dcb174a9a6d1f74c950e5bcd570.exe PID 2768 wrote to memory of 2300 2768 357230056c30b4d7a7d697114d3d90ddc9a13dcb174a9a6d1f74c950e5bcd570.exe 357230056c30b4d7a7d697114d3d90ddc9a13dcb174a9a6d1f74c950e5bcd570.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\357230056c30b4d7a7d697114d3d90ddc9a13dcb174a9a6d1f74c950e5bcd570.exe"C:\Users\Admin\AppData\Local\Temp\357230056c30b4d7a7d697114d3d90ddc9a13dcb174a9a6d1f74c950e5bcd570.exe"1⤵PID:1436
-
C:\Users\Admin\AppData\Local\Temp\357230056c30b4d7a7d697114d3d90ddc9a13dcb174a9a6d1f74c950e5bcd570.exe"C:\Users\Admin\AppData\Local\Temp\357230056c30b4d7a7d697114d3d90ddc9a13dcb174a9a6d1f74c950e5bcd570.exe" -service -lunch1⤵
- Suspicious use of WriteProcessMemory
PID:2768 -
C:\Users\Admin\AppData\Local\Temp\357230056c30b4d7a7d697114d3d90ddc9a13dcb174a9a6d1f74c950e5bcd570.exe"C:\Users\Admin\AppData\Local\Temp\357230056c30b4d7a7d697114d3d90ddc9a13dcb174a9a6d1f74c950e5bcd570.exe"2⤵PID:2300
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
282B
MD5ac7221c691ef0a93dbbb5bee6efcb7ec
SHA154f197fef16badefb4bf0d7339f6bd1099e505da
SHA256b6b033b71d3f7f92986e32a61b3244b9856e82a9c3d233696a0dfa29a517106f
SHA512226299ab1b7b388473163f4fecc41d536755586b4c275475128c5e5946554cd9ca69df223469130d85516f2ac2330a2cb35dec2879355ea0186b63d8429dcd6b