fd4f33e951b0e5f4627e9d19e743d5dc63a4093507898e6af2b6fc976eef5b6c | Triage

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 05:57

Sharing

Report Analysis Logs

General

Target

amseed.exe
Size

4.2MB
MD5

bfe55cfc0d5079e85ac51e5ba983cfe3
SHA1

a1be9a1b9707ea8bb67a1fff1bcd6fe64ad373ef
SHA256

bba463e3786618a92ec93623c9e6ca03a2667fea3b35691141892dca713d7033
SHA512

72228655015337c4ca6a37fb5f0322ce91adfc8d711dd869cf2cd93ef0229ac48728a79fa913d81d0caedc383c8cf24a646772bd74760f4e55ced87ecc74011f
SSDEEP

98304:HYHbpnUjvJ7jrqiCCctBHXr0z22VdRBu0neQdmcCumUFjqYafR:HatMZcID4JJPfR

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\eeeppp828.sys	amseed.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
3684	amseed.exe
3684	amseed.exe
3684	amseed.exe
3684	amseed.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
3684	amseed.exe
3684	amseed.exe
3684	amseed.exe
3684	amseed.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3684	amseed.exe
3684	amseed.exe

C:\Users\Admin\AppData\Local\Temp\amseed.exe
"C:\Users\Admin\AppData\Local\Temp\amseed.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads