Overview

overview

10

Static

static

10

e2368a816d...mp.exe

windows7-x64

10

e2368a816d...mp.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    14/05/2024, 22:54

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    e2368a816d8abee913dffad7dc4516146154705d8cdf36d4335d533a02070d3a_dump.exe

  • Size

    422KB

  • MD5

    9d4a02c07badf0c7de81bc010f5857be

  • SHA1

    d5a6ee5af482315c722e2baf38cb7a48e256e0c1

  • SHA256

    a7c8566bc2744a0d4bfdd643097d7dcca745a8eded3d3d0199f78b25e9aebfd8

  • SHA512

    ddfc825bfa1bdea83c8b2b74a95b285a817862d513edbdf655a712b616c1194e3524f3f5b819343091162cf247064cac847dad861c388f9df3f45418d1b99924

  • SSDEEP

    6144:T1hP9dWA4d2TXUPD94AfiUoMtda7Q0DeaO50fkrX6CKdCIBfi9BvLauZeQn4TF5G:T9oSUvfiR7CokrK1dC2UBjauZeQMa

Score
10/10
amadeytrojan

Malware Config

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e2368a816d8abee913dffad7dc4516146154705d8cdf36d4335d533a02070d3a_dump.exe
    "C:\Users\Admin\AppData\Local\Temp\e2368a816d8abee913dffad7dc4516146154705d8cdf36d4335d533a02070d3a_dump.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2880
    • C:\Users\Admin\AppData\Local\Temp\716b9e4c6b\Dctooux.exe
      "C:\Users\Admin\AppData\Local\Temp\716b9e4c6b\Dctooux.exe"
      2⤵
      • Executes dropped EXE
      PID:3008

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\627615824406
          Filesize

          67KB

          MD5

          0ed6ba4601afa0965e611b6bfd358a25

          SHA1

          3666ca3989a6451c7fc1934b38470f8e46679f5b

          SHA256

          aef59a43b76ef8096c3d4a5ea8219ec62ddc1acb8bb565b654caa28683e4dd22

          SHA512

          26e340890e3f81c8c1b3c654ec6fab5c068e0ddc384bbbfaa362ea773fc87a8e60e4e030228ff054575f2e7ab1ffa51b9cc5329b543d7e938cb6b01d94c85238

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\716b9e4c6b\Dctooux.exe
          Filesize

          422KB

          MD5

          9d4a02c07badf0c7de81bc010f5857be

          SHA1

          d5a6ee5af482315c722e2baf38cb7a48e256e0c1

          SHA256

          a7c8566bc2744a0d4bfdd643097d7dcca745a8eded3d3d0199f78b25e9aebfd8

          SHA512

          ddfc825bfa1bdea83c8b2b74a95b285a817862d513edbdf655a712b616c1194e3524f3f5b819343091162cf247064cac847dad861c388f9df3f45418d1b99924

          Download Submit

        • memory/2880-1-0x0000000000380000-0x0000000000381000-memory.dmp

          Filesize

          4KB

          Download