Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

d10fd57ed5...19.exe

windows7-x64

10

d10fd57ed5...19.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    144s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16/05/2024, 01:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d10fd57ed5550212a4bfbb65732c489479c49c888737d3dc818290189fc2e719.exe

  • Size

    370KB

  • MD5

    1f68fe6fc999460d808a243a15232611

  • SHA1

    2c5b12ad940e1772b001d85b77c5b86f84b9eb03

  • SHA256

    d10fd57ed5550212a4bfbb65732c489479c49c888737d3dc818290189fc2e719

  • SHA512

    e5faf7c55297860b5304699e304b5ebe8527f73bf2b7f71d30111712df6eec50e9f38b2930f87c14c762b2143d74ff7ce71953ce261c93a6857193389f8c278f

  • SSDEEP

    6144:4iHP5o9P45e/kejyjel3IUIBaouNfiAtC+Qgm7f1vOFqx:4aP5yZDjQgIUIBaoQfieQg61mFqx

Score
10/10
amadey667bactrojan

Malware Config

Extracted

Family

amadey

Version

4.21

Botnet

667bac

C2

http://94.156.68.141

Attributes
  • install_dir

    716b9e4c6b

  • install_file

    Dctooux.exe

  • strings_key

    8e31b2add27c52b4aedc47b90f997046

  • url_paths

    /h9fmdW5/index.php

rc4.plain

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d10fd57ed5550212a4bfbb65732c489479c49c888737d3dc818290189fc2e719.exe
    "C:\Users\Admin\AppData\Local\Temp\d10fd57ed5550212a4bfbb65732c489479c49c888737d3dc818290189fc2e719.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2128
    • C:\Users\Admin\AppData\Local\Temp\716b9e4c6b\Dctooux.exe
      "C:\Users\Admin\AppData\Local\Temp\716b9e4c6b\Dctooux.exe"
      2⤵
      • Executes dropped EXE
      PID:2052

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\298544033322
    Filesize

    43KB

    MD5

    46d58f731f40ab338eeda8a01a4371bf

    SHA1

    7268b5c4076026854538c554ddf3d6cbeb58d6fd

    SHA256

    f2261b7a5459b7cb8e1df9eeb12e802f310411d5c3d00548c354aeab8c2d1ffe

    SHA512

    8c179722365c0644915b23a47042b74cf29d3189d95bb8967af362f11da32fa30fe367407a51f4212a8fbc2e39d01ff3e89703630e674f079c35e72e5f88f3d2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\716b9e4c6b\Dctooux.exe
    Filesize

    370KB

    MD5

    1f68fe6fc999460d808a243a15232611

    SHA1

    2c5b12ad940e1772b001d85b77c5b86f84b9eb03

    SHA256

    d10fd57ed5550212a4bfbb65732c489479c49c888737d3dc818290189fc2e719

    SHA512

    e5faf7c55297860b5304699e304b5ebe8527f73bf2b7f71d30111712df6eec50e9f38b2930f87c14c762b2143d74ff7ce71953ce261c93a6857193389f8c278f

    Download Submit

  • memory/2052-22-0x0000000000400000-0x00000000007B3000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/2052-28-0x0000000000400000-0x00000000007B3000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/2052-37-0x0000000000400000-0x00000000007B3000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/2128-1-0x0000000000250000-0x0000000000350000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2128-2-0x0000000001EE0000-0x0000000001F4B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/2128-3-0x0000000000400000-0x0000000000470000-memory.dmp

    Filesize

    448KB

    Download

  • memory/2128-7-0x0000000000400000-0x00000000007B3000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/2128-20-0x0000000000400000-0x00000000007B3000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/2128-19-0x0000000000400000-0x0000000000470000-memory.dmp

    Filesize

    448KB

    Download

  • memory/2128-18-0x0000000001EE0000-0x0000000001F4B000-memory.dmp

    Filesize

    428KB

    Download