Overview

overview

10

Static

static

10

ef28dab48f...7f.exe

windows7-x64

10

ef28dab48f...7f.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    91s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-01-2024 13:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ef28dab48f99d5eec872f41b66d015d2a509f3d7f69ddccdb4ec47a25088737f.exe

  • Size

    222KB

  • MD5

    c33142578391a12cdaa3502631ccf6a8

  • SHA1

    d7b44dc27084ad0daf9e3af7bc18432a7e176df7

  • SHA256

    c61b7829b37f19fe78ee49c1aba9e0ea70a65eddfd40b137a7489e63c0f1e184

  • SHA512

    5cb517283da53707696692dd212b49dc79bcc5f579846713090091aee966497273d82fbd6a51d95d8b6769c68f91fe88f9cad48671c2703487d45b885d64dd95

  • SSDEEP

    6144:WzJK+H1xRDriEhJIvD7cMs3LssdLW1uyssJ:WzxfdJIvvvsLTdLW1uys

Score
10/10
amadeytrojan

Malware Config

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ef28dab48f99d5eec872f41b66d015d2a509f3d7f69ddccdb4ec47a25088737f.exe
    "C:\Users\Admin\AppData\Local\Temp\ef28dab48f99d5eec872f41b66d015d2a509f3d7f69ddccdb4ec47a25088737f.exe"
    1⤵
      PID:3284
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 448
        2⤵
        • Program crash
        PID:2916
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 376 -p 3284 -ip 3284
      1⤵
        PID:4232

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/3284-0-0x00000000004F0000-0x000000000052D000-memory.dmp

        Filesize

        244KB

        Download