Overview

overview

10

Static

static

10

Amadey.exe

windows7-x64

4

Amadey.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    80s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    01-02-2024 18:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Amadey.exe

  • Size

    423KB

  • MD5

    1522b7c5e497da6783a21098b16fa9fd

  • SHA1

    710640977a3444a6c80ccd3ccdcb846586356328

  • SHA256

    3bb45ee150f445209bc66044d461a5bfd4c1ff424bc9eaf016eb2dac6fd6c1b8

  • SHA512

    25d17615000a928dc11e24377f373a2d2bf406c4b0cfde19d42cc54c0605e5f31dd52b55c32dc0c32374795b101aff4fa4d30a75d8a6671ddb6b8a988141a1ce

  • SSDEEP

    12288:amsJS4JF4LAIc+YGrlsh8I0wi/ajmCau5O9MB6:mS4JF4LAIc+YOliHiu6M

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 10 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Amadey.exe
    "C:\Users\Admin\AppData\Local\Temp\Amadey.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of FindShellTrayWindow
    PID:2568
  • C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\SkipJoin.au"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:2636
  • C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\SkipJoin.au"
    1⤵
      PID:2288

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\vlc\vlcrc
      Filesize

      93KB

      MD5

      478a4a09f4f74e97335cd4d5e9da7ab5

      SHA1

      3c4f1dc52a293f079095d0b0370428ec8e8f9315

      SHA256

      884b59950669842f3c45e6da3480cd9a553538b951fb155b435b48ff38683974

      SHA512

      e96719663cd264132a8e1ea8c3f8a148c778a0c68caa2468ba47629393605b197dd9e00efad91f389de9fcc77b04981a0cf87f785f3c645cdc9e4ebd98060ca1

      Download Submit

    • memory/2288-22-0x000007FEF7130000-0x000007FEF7147000-memory.dmp

      Filesize

      92KB

      Download

    • memory/2288-11-0x000000013F890000-0x000000013F988000-memory.dmp

      Filesize

      992KB

      Download

    • memory/2288-12-0x000007FEF6400000-0x000007FEF6434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/2288-13-0x000007FEF5610000-0x000007FEF58C4000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/2288-20-0x000007FEFAF30000-0x000007FEFAF48000-memory.dmp

      Filesize

      96KB

      Download

    • memory/2288-24-0x000007FEF6490000-0x000007FEF64A1000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2568-1-0x0000000000360000-0x0000000000361000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2636-47-0x000007FEF3E40000-0x000007FEF3E57000-memory.dmp

      Filesize

      92KB

      Download

    • memory/2636-42-0x000007FEF3F40000-0x000007FEF3FAF000-memory.dmp

      Filesize

      444KB

      Download

    • memory/2636-21-0x000007FEF7130000-0x000007FEF7147000-memory.dmp

      Filesize

      92KB

      Download

    • memory/2636-9-0x000007FEF5610000-0x000007FEF58C4000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/2636-23-0x000007FEF6490000-0x000007FEF64A1000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2636-8-0x000007FEF6400000-0x000007FEF6434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/2636-26-0x000007FEF5DD0000-0x000007FEF5DE1000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2636-25-0x000007FEF63A0000-0x000007FEF63B7000-memory.dmp

      Filesize

      92KB

      Download

    • memory/2636-28-0x000007FEF5450000-0x000007FEF5461000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2636-27-0x000007FEF5470000-0x000007FEF548D000-memory.dmp

      Filesize

      116KB

      Download

    • memory/2636-29-0x000007FEF5250000-0x000007FEF5450000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2636-30-0x000007FEF41A0000-0x000007FEF524B000-memory.dmp

      Filesize

      16.7MB

      Download

    • memory/2636-31-0x000007FEF4160000-0x000007FEF419F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/2636-32-0x000007FEF4130000-0x000007FEF4151000-memory.dmp

      Filesize

      132KB

      Download

    • memory/2636-34-0x000007FEF40F0000-0x000007FEF4101000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2636-35-0x000007FEF40D0000-0x000007FEF40E1000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2636-33-0x000007FEF4110000-0x000007FEF4128000-memory.dmp

      Filesize

      96KB

      Download

    • memory/2636-36-0x000007FEF40B0000-0x000007FEF40C1000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2636-38-0x000007FEF4070000-0x000007FEF4081000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2636-37-0x000007FEF4090000-0x000007FEF40AB000-memory.dmp

      Filesize

      108KB

      Download

    • memory/2636-40-0x000007FEF4020000-0x000007FEF4050000-memory.dmp

      Filesize

      192KB

      Download

    • memory/2636-39-0x000007FEF4050000-0x000007FEF4068000-memory.dmp

      Filesize

      96KB

      Download

    • memory/2636-41-0x000007FEF3FB0000-0x000007FEF4017000-memory.dmp

      Filesize

      412KB

      Download

    • memory/2636-43-0x000007FEF3F20000-0x000007FEF3F31000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2636-5-0x000000013F890000-0x000000013F988000-memory.dmp

      Filesize

      992KB

      Download

    • memory/2636-46-0x000007FEF3E60000-0x000007FEF3E84000-memory.dmp

      Filesize

      144KB

      Download

    • memory/2636-48-0x000007FEF3E10000-0x000007FEF3E33000-memory.dmp

      Filesize

      140KB

      Download

    • memory/2636-45-0x000007FEF3E90000-0x000007FEF3EB8000-memory.dmp

      Filesize

      160KB

      Download

    • memory/2636-44-0x000007FEF3EC0000-0x000007FEF3F16000-memory.dmp

      Filesize

      344KB

      Download

    • memory/2636-19-0x000007FEFAF30000-0x000007FEFAF48000-memory.dmp

      Filesize

      96KB

      Download

    • memory/2636-53-0x000007FEF3D60000-0x000007FEF3D72000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2636-52-0x000007FEF3D80000-0x000007FEF3D93000-memory.dmp

      Filesize

      76KB

      Download

    • memory/2636-54-0x000007FEF3C20000-0x000007FEF3D5B000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/2636-55-0x000007FEF3BF0000-0x000007FEF3C1C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/2636-51-0x000007FEF3DA0000-0x000007FEF3DC1000-memory.dmp

      Filesize

      132KB

      Download

    • memory/2636-50-0x000007FEF3DD0000-0x000007FEF3DE2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2636-59-0x000007FEF3910000-0x000007FEF39A7000-memory.dmp

      Filesize

      604KB

      Download

    • memory/2636-60-0x000007FEF38F0000-0x000007FEF3902000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2636-58-0x000007FEF39B0000-0x000007FEF39C1000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2636-57-0x000007FEF39D0000-0x000007FEF3A2C000-memory.dmp

      Filesize

      368KB

      Download

    • memory/2636-56-0x000007FEF3A30000-0x000007FEF3BE2000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/2636-61-0x000007FEF36B0000-0x000007FEF38E1000-memory.dmp

      Filesize

      2.2MB

      Download

    • memory/2636-62-0x000007FEF3590000-0x000007FEF36A2000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/2636-69-0x000007FEF3430000-0x000007FEF3443000-memory.dmp

      Filesize

      76KB

      Download

    • memory/2636-70-0x000007FEF3390000-0x000007FEF342F000-memory.dmp

      Filesize

      636KB

      Download

    • memory/2636-71-0x000007FEF3370000-0x000007FEF3381000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2636-72-0x000007FEF3260000-0x000007FEF3362000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/2636-74-0x000007FEF3220000-0x000007FEF3231000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2636-76-0x000007FEF31E0000-0x000007FEF31F2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2636-75-0x000007FEF3200000-0x000007FEF3211000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2636-73-0x000007FEF3240000-0x000007FEF3251000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2636-68-0x000007FEF3450000-0x000007FEF3462000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2636-67-0x000007FEF3470000-0x000007FEF3481000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2636-66-0x000007FEF3490000-0x000007FEF34F1000-memory.dmp

      Filesize

      388KB

      Download

    • memory/2636-65-0x000007FEF3500000-0x000007FEF3511000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2636-64-0x000007FEF3520000-0x000007FEF3545000-memory.dmp

      Filesize

      148KB

      Download

    • memory/2636-63-0x000007FEF3550000-0x000007FEF3585000-memory.dmp

      Filesize

      212KB

      Download

    • memory/2636-49-0x000007FEF3DF0000-0x000007FEF3E01000-memory.dmp

      Filesize

      68KB

      Download