dda2fc9aaa31d33930a83cd544ddd393a9f948da4cce8f56c0b178a9c3c2aa66

Submit
Reports

Overview

overview

Static

static

amtoolbox-...art.js

windows7-x64

amtoolbox-...art.js

windows10-2004-x64

amtoolbox-...he.vbs

windows7-x64

amtoolbox-...he.vbs

windows10-2004-x64

amtoolbox-...exp.js

windows7-x64

amtoolbox-...exp.js

windows10-2004-x64

amtoolbox-...ad.vbs

windows7-x64

amtoolbox-...ad.vbs

windows10-2004-x64

amtoolbox-...01.vbs

windows7-x64

amtoolbox-...01.vbs

windows10-2004-x64

amtoolbox-...an.bat

windows7-x64

amtoolbox-...an.bat

windows10-2004-x64

amtoolbox-...ke.bat

windows7-x64

amtoolbox-...ke.bat

windows10-2004-x64

amtoolbox-...les.py

windows7-x64

amtoolbox-...les.py

windows10-2004-x64

amtoolbox-...del.py

windows7-x64

amtoolbox-...del.py

windows10-2004-x64

amtoolbox-...del.py

windows7-x64

amtoolbox-...del.py

windows10-2004-x64

amtoolbox-...ag.dll

windows7-x64

amtoolbox-...ag.dll

windows10-2004-x64

amtoolbox-...iag.so

ubuntu-22.04-amd64

amtoolbox-...del.py

windows7-x64

amtoolbox-...del.py

windows10-2004-x64

amtoolbox-...del.py

windows7-x64

amtoolbox-...del.py

windows10-2004-x64

amtoolbox-...ag.dll

windows7-x64

amtoolbox-...ag.dll

windows10-2004-x64

amtoolbox-...iag.so

ubuntu-22.04-amd64

amtoolbox-...del.py

windows7-x64

amtoolbox-...del.py

windows10-2004-x64

Analysis

max time kernel
141s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07/09/2024, 14:24

Sharing

Copy URL

Twitter E-mail

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

amtoolbox-full-1.5.0/amt_start.js

Resource

win7-20240903-en

execution

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

amtoolbox-full-1.5.0/amt_start.js

Resource

win10v2004-20240802-en

execution

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral3

Sample

amtoolbox-full-1.5.0/core/amt_cache.vbs

Resource

win7-20240708-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

amtoolbox-full-1.5.0/core/amt_cache.vbs

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral5

Sample

amtoolbox-full-1.5.0/core/amt_emuexp.js

Resource

win7-20240708-en

execution

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral6

Sample

amtoolbox-full-1.5.0/core/amt_emuexp.js

Resource

win10v2004-20240802-en

execution

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral7

Sample

amtoolbox-full-1.5.0/core/amt_load.vbs

Resource

win7-20240729-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

amtoolbox-full-1.5.0/core/amt_load.vbs

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

amtoolbox-full-1.5.0/demos/demo_breebaart2001.vbs

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral10

Sample

amtoolbox-full-1.5.0/demos/demo_breebaart2001.vbs

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral11

Sample

amtoolbox-full-1.5.0/environments/clean.bat

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral12

Sample

amtoolbox-full-1.5.0/environments/clean.bat

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral13

Sample

amtoolbox-full-1.5.0/environments/make.bat

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral14

Sample

amtoolbox-full-1.5.0/environments/make.bat

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral15

Sample

amtoolbox-full-1.5.0/environments/test_python/test_modules.py

Resource

win7-20240903-en

discovery

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral16

Sample

amtoolbox-full-1.5.0/environments/test_python/test_modules.py

Resource

win10v2004-20240802-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral17

Sample

amtoolbox-full-1.5.0/environments/verhulst2012/cochlear_model.py

Resource

win7-20240708-en

discovery

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral18

Sample

amtoolbox-full-1.5.0/environments/verhulst2012/cochlear_model.py

Resource

win10v2004-20240802-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral19

Sample

amtoolbox-full-1.5.0/environments/verhulst2012/run_cochlear_model.py

Resource

win7-20240903-en

discovery

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral20

Sample

amtoolbox-full-1.5.0/environments/verhulst2012/run_cochlear_model.py

Resource

win10v2004-20240802-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral21

Sample

amtoolbox-full-1.5.0/environments/verhulst2012/tridiag.dll

Resource

win7-20240729-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral22

Sample

amtoolbox-full-1.5.0/environments/verhulst2012/tridiag.dll

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral23

Sample

amtoolbox-full-1.5.0/environments/verhulst2012/tridiag.so

Resource

ubuntu2204-amd64-20240522.1-en

ubuntu-22.04-amd64

0 signatures

150 seconds

Behavioral task

behavioral24

Sample

amtoolbox-full-1.5.0/environments/verhulst2015/cochlear_model.py

Resource

win7-20240903-en

discovery

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral25

Sample

amtoolbox-full-1.5.0/environments/verhulst2015/cochlear_model.py

Resource

win10v2004-20240802-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral26

Sample

amtoolbox-full-1.5.0/environments/verhulst2015/run_cochlear_model.py

Resource

win7-20240903-en

discovery

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral27

Sample

amtoolbox-full-1.5.0/environments/verhulst2015/run_cochlear_model.py

Resource

win10v2004-20240802-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral28

Sample

amtoolbox-full-1.5.0/environments/verhulst2015/tridiag.dll

Resource

win7-20240903-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral29

Sample

amtoolbox-full-1.5.0/environments/verhulst2015/tridiag.dll

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral30

Sample

amtoolbox-full-1.5.0/environments/verhulst2015/tridiag.so

Resource

ubuntu2204-amd64-20240611-en

ubuntu-22.04-amd64

0 signatures

150 seconds

Behavioral task

behavioral31

Sample

amtoolbox-full-1.5.0/environments/verhulst2018/cochlear_model.py

Resource

win7-20240729-en

discovery

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral32

Sample

amtoolbox-full-1.5.0/environments/verhulst2018/cochlear_model.py

Resource

win10v2004-20240802-en

windows10-2004-x64

3 signatures

150 seconds

Report Analysis Logs

General

Target

amtoolbox-full-1.5.0/environments/verhulst2015/tridiag.dll
Size

97KB
MD5

b00896dada75f0cff8df6188bd82fa22
SHA1

1fa48a82f7ed77662baddaafb85f1c1aac29d1b9
SHA256

6d5b6c523648bd1dd69ed16ede4fdf70c623504962d28dcd043d7d30d7e20503
SHA512

2b51962927abeafab21842d6b84e668fd8e3d36a26311a0ae941f0fa282a63a6fd5943c6a6705239374db34ea8a0fed48c029629ebe252c431a0de7f468f848e
SSDEEP

768:gdhK0k+gOZpz9UoOHJJp00FzQ9GSfyrZW6sE5Z/97Kt4uyCCu5PW4w5:khK0ksG/HJJp0QzQ9GnD55juDCuVW4Y

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2728 wrote to memory of 2704	2728	rundll32.exe	30
PID 2728 wrote to memory of 2704	2728	rundll32.exe	30
PID 2728 wrote to memory of 2704	2728	rundll32.exe	30

Processes

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\amtoolbox-full-1.5.0\environments\verhulst2015\tridiag.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2728
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2728 -s 80
  2⤵
  PID:2704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2728-0-0x000007FEF7000000-0x000007FEF7021000-memory.dmp

Filesize
132KB

Download