Overview

overview

10

Static

static

10

bb63f83723...6e.exe

windows7-x64

7

bb63f83723...6e.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...sh.dll

windows7-x64

3

$PLUGINSDI...sh.dll

windows10-2004-x64

3

PBWS32.dll

windows7-x64

1

PBWS32.dll

windows10-2004-x64

3

baro.exe

windows7-x64

1

baro.exe

windows10-2004-x64

1

dll/FreeImage.dll

windows7-x64

3

dll/FreeImage.dll

windows10-2004-x64

3

dll/Interop.WIA.dll

windows7-x64

1

dll/Interop.WIA.dll

windows10-2004-x64

1

dll/Markup...er.dll

windows7-x64

1

dll/Markup...er.dll

windows10-2004-x64

1

dll/PdfSharp.dll

windows7-x64

1

dll/PdfSharp.dll

windows10-2004-x64

1

dll/RegAsm.exe

windows7-x64

1

dll/RegAsm.exe

windows10-2004-x64

1

dll/SDD_TW...ER.dll

windows7-x64

1

dll/SDD_TW...ER.dll

windows10-2004-x64

1

dll/Saraff.Twain.dll

windows7-x64

1

dll/Saraff.Twain.dll

windows10-2004-x64

1

dll/System...ng.dll

windows7-x64

1

dll/System...ng.dll

windows10-2004-x64

1

dll/UzakYardim.exe

windows7-x64

10

dll/UzakYardim.exe

windows10-2004-x64

10

dll/WinSCP.exe

windows7-x64

6

dll/WinSCP.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    187s
  • max time network
    178s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-03-2024 13:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dll/UzakYardim.exe

  • Size

    740KB

  • MD5

    10a524d7ac94678ae286b065421647db

  • SHA1

    b538e3f113817c8237419310ef47817d1d961fa9

  • SHA256

    55daa062650d42e0feabc5ae1c3e4a7f68d4f8a3c69be375a0abc7bf3e1efad4

  • SHA512

    928b0e712e604a5ba9580ff6ecadbdf77e2fda6847b11366ce929281ae8e5e3a633073ff07176989ddcb5f8387c6f7c061729af99b61a23a319ddeb7d63ace1b

  • SSDEEP

    12288:pUYpJqMH2OwlaUPcWWw5XZV8f64RteVpN5ETMasTjmgvPi:ZpJJWOwlaUPcWWwRZb4Rt+N5WMasHDy

Score
10/10
flawedammyytrojan

Malware Config

Signatures

  • FlawedAmmyy RAT

    Remote-access trojan based on leaked code for the Ammyy remote admin software.

    trojanflawedammyy
  • Drops file in System32 directory 4 IoCs
  • Modifies data under HKEY_USERS 9 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dll\UzakYardim.exe
    "C:\Users\Admin\AppData\Local\Temp\dll\UzakYardim.exe"
    1⤵
      PID:4668
    • C:\Users\Admin\AppData\Local\Temp\dll\UzakYardim.exe
      "C:\Users\Admin\AppData\Local\Temp\dll\UzakYardim.exe" -service -lunch
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:3984
      • C:\Users\Admin\AppData\Local\Temp\dll\UzakYardim.exe
        "C:\Users\Admin\AppData\Local\Temp\dll\UzakYardim.exe"
        2⤵
        • Drops file in System32 directory
        • Modifies data under HKEY_USERS
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:940

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\AMMYY\hr
      Filesize

      22B

      MD5

      a9d1d03bee202107fd1bbcd59a2ece65

      SHA1

      cf9f5c95c947f65fd4547f82591b7c03cded4a53

      SHA256

      581933970ed622b78b2031308d523e7b0ad4f512192ef77702d0d136ae6a591e

      SHA512

      24cd8eb9b2a0f0bcf28538b59d2beca857dd76faf24cdf70a5b2a15ac4f11a38c73491a95240448b6ab7a4e3f4c1172780f5aed8bfdd2a3b6e0017457746a817

      Download Submit

    • C:\ProgramData\AMMYY\hr3
      Filesize

      68B

      MD5

      2e75e398017b1026fba96887d1d3e110

      SHA1

      e529165a52c7422740491ebdd1b4f70a1b922a30

      SHA256

      42ed2ea3ec077eec455ad7f323bfb146519ee4a140c4ff24733e23fd4863e881

      SHA512

      9c1aefcc81816664bc9e762e3726b57e2833838d5957abfd0fe13abaee4983cf2082fc3479d7dfddfc3b97717654d85a7687bc7e4e14fde92133af35166a2d75

      Download Submit

    • C:\ProgramData\AMMYY\settings3.bin
      Filesize

      331B

      MD5

      c5b80443bc31f2f5c1d2e384c3b82961

      SHA1

      445a99fa06484d216276b9284eedf25483780216

      SHA256

      cc8225e7412000f34a92f118af842d585d575498f36fe772dedad9f88c1fe5ad

      SHA512

      eae9247b9a1abbf8822ce65dbfd2db9b59a57367c7885614b89b8608688753e0c71fc8c955eb1493ef4dd7ba952760ff3476e05d9c177fb40661765a9e408d97

      Download Submit