Overview

overview

8

Static

static

5

AMTEmu-202...er.exe

windows7-x64

7

AMTEmu-202...er.exe

windows10-2004-x64

8

Resubmissions

Analysis

  • max time kernel
    67s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    03-06-2024 23:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AMTEmu-2024-Universal-Patcher.exe

  • Size

    1.5MB

  • MD5

    3f9f6614d1502d1442774b96a79df79a

  • SHA1

    3c2fc76d135caa2ba3ac24681dda3cb6ac0dde61

  • SHA256

    5761e0a37a846b17d677454c4142a1c3ec9625dd5222085e71fe652b446baaba

  • SHA512

    6c8676875e57b5686adb92d1c0c267f371b75b1176cfcf5754db2aeaefa9ed762af19b7dd509bdebede03f939d848320810ace1ede4f2b0f7350a74d28908bff

  • SSDEEP

    24576:nrORE29TTVx8aBRd1h1orq+GWE0Jc5bDTj1Vyv9Tva6teZ4Co5qL5xRp/HhPRDH:n2EYTb8atv1orq+pEiSDTj1VyvBacCG6

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 46 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of FindShellTrayWindow 57 IoCs
  • Suspicious use of SendNotifyMessage 56 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AMTEmu-2024-Universal-Patcher.exe
    "C:\Users\Admin\AppData\Local\Temp\AMTEmu-2024-Universal-Patcher.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of WriteProcessMemory
    PID:2072
    • C:\Windows\Temp\RunAsTI.exe
      C:\Windows\Temp\RunAsTI.exe "C:\Users\Admin\AppData\Local\Temp\AMTEmu-2024-Universal-Patcher.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2224
      • C:\Windows\Temp\RunAsTI.exe
        /t /t C:\Users\Admin\AppData\Local\Temp\AMTEmu-2024-Universal-Patcher.exe
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2668
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Windows\Temp\RunAsTI.exe
    Filesize

    26KB

    MD5

    80454e70784f1ddb0c91d41469e2498d

    SHA1

    2f3f04ef670895de12cdfbae17c9d427e7caa97a

    SHA256

    a3e0ba70ba908de8a75825c3a1ff36147e02c686280993c2caa8a9a6968764b0

    SHA512

    709ed0fc9e2520a5beb57379e90be12cac680060b4c72ff50e9d9897f3a4d7a57f84b9be04b78974e6f6b73cda7202bfc617835cee3011eed7f0ee6f5e82edf7

    Download Submit

  • memory/2720-20-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2720-21-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download