Overview

overview

10

Static

static

10

The-MALWAR...36c859

ubuntu-22.04-amd64

8

The-MALWAR...caa742

ubuntu-22.04-amd64

8

The-MALWAR...c1a732

ubuntu-24.04-amd64

8

The-MALWAR...57c046

ubuntu-22.04-amd64

8

The-MALWAR...4cde86

ubuntu-24.04-amd64

8

The-MALWAR...460a01

ubuntu-22.04-amd64

8

The-MALWAR...ece0c5

ubuntu-22.04-amd64

8

The-MALWAR...257619

ubuntu-24.04-amd64

8

The-MALWAR...fbcc59

ubuntu-24.04-amd64

8

The-MALWAR...54f69c

ubuntu-22.04-amd64

8

The-MALWAR...d539a6

ubuntu-24.04-amd64

8

The-MALWAR...4996dd

ubuntu-24.04-amd64

8

The-MALWAR...8232d5

ubuntu-22.04-amd64

8

The-MALWAR...66b948

ubuntu-24.04-amd64

8

The-MALWAR...f9db86

ubuntu-24.04-amd64

8

The-MALWAR...ea2485

ubuntu-22.04-amd64

8

The-MALWAR...us.exe

windows7-x64

6

The-MALWAR...us.exe

windows10-2004-x64

6

The-MALWAR....a.exe

windows7-x64

3

The-MALWAR....a.exe

windows10-2004-x64

3

The-MALWAR....a.exe

windows7-x64

7

The-MALWAR....a.exe

windows10-2004-x64

7

The-MALWAR...ok.exe

windows7-x64

10

The-MALWAR...ok.exe

windows10-2004-x64

1

The-MALWAR...y.html

windows7-x64

3

The-MALWAR...y.html

windows10-2004-x64

3

The-MALWAR...ft.exe

windows7-x64

4

The-MALWAR...ft.exe

windows10-2004-x64

4

The-MALWAR...en.exe

windows7-x64

6

The-MALWAR...en.exe

windows10-2004-x64

6

The-MALWAR...min.js

windows7-x64

3

The-MALWAR...min.js

windows10-2004-x64

3

Analysis

  • max time kernel
    122s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18-01-2025 15:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    The-MALWARE-Repo-master/Email-Worm/Amus.exe

  • Size

    50KB

  • MD5

    47abd68080eee0ea1b95ae31968a3069

  • SHA1

    ffbdf4b2224b92bd78779a7c5ac366ccb007c14d

  • SHA256

    b5fc4fd50e4ba69f0c8c8e5c402813c107c605cab659960ac31b3c8356c4e0ec

  • SHA512

    c9dfabffe582b29e810db8866f8997af1bd3339fa30e79575377bde970fcad3e3b6e9036b3a88d0c5f4fa3545eea8904d9faabf00142d5775ea5508adcd4dc0a

  • SSDEEP

    768:/9NC1eO7wvsgyjgLCtKbqvYGjaESiKMH6BJJE+XqYq7wvefY:/9NC1eOMFyjt2/wDrcq/Mveg

Score
6/10
discoverypersistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 14 IoCs
  • Drops file in Windows directory 23 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Email-Worm\Amus.exe
    "C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Email-Worm\Amus.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:2828
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E}
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2876
  • C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE" -Embedding
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:2628

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
    Filesize

    240KB

    MD5

    6d3865646bbf4f53ac7127541efafbf5

    SHA1

    8a79382e1155ec6391248c78668bbef7b6cdf58e

    SHA256

    0787dbcb5b6007d8f97c5bb87bf0d7deb296a83ac78702f28ffedaafc182354f

    SHA512

    8b759d13786aa8541cdc036b62105a5d0b258ed782afe6f5608ec1ad06b2d03a9bc7bdc3c32ed187243f75e66f75b121bca6458bb5ba32ea5963aba1ab4e1c9c

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
    Filesize

    240KB

    MD5

    3c5b134a558403c0c588dff61e00c297

    SHA1

    ad912dee7fd15a10b988d5651a1e6cbdd22b18db

    SHA256

    7a90e33a7d56d896725fff1dcbef4b7742abdb9b91701db757ae709fbdb8aa59

    SHA512

    f30d7d5245800d6b5cf384e20871b8b71ed11c3a8b2ceebf59690d138f69d22b7d7a7ffe1fc50a9d040dacea53b6c84530c3b708ebfa9b6de21a49e0963c5a8f

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Outlook\mapisvc.inf
    Filesize

    1KB

    MD5

    48dd6cae43ce26b992c35799fcd76898

    SHA1

    8e600544df0250da7d634599ce6ee50da11c0355

    SHA256

    7bfe1f3691e2b4fb4d61fbf5e9f7782fbe49da1342dbd32201c2cc8e540dbd1a

    SHA512

    c1b9322c900f5be0ad166ddcfec9146918fb2589a17607d61490fd816602123f3af310a3e6d98a37d16000d4acbbcd599236f03c3c7f9376aeba7a489b329f31

    Download Submit

  • C:\Windows\Messenger.exe
    Filesize

    50KB

    MD5

    47abd68080eee0ea1b95ae31968a3069

    SHA1

    ffbdf4b2224b92bd78779a7c5ac366ccb007c14d

    SHA256

    b5fc4fd50e4ba69f0c8c8e5c402813c107c605cab659960ac31b3c8356c4e0ec

    SHA512

    c9dfabffe582b29e810db8866f8997af1bd3339fa30e79575377bde970fcad3e3b6e9036b3a88d0c5f4fa3545eea8904d9faabf00142d5775ea5508adcd4dc0a

    Download Submit

  • memory/2628-28-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2628-29-0x000000007349D000-0x00000000734A8000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2628-129-0x00000000738E1000-0x00000000738E2000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2628-155-0x000000007349D000-0x00000000734A8000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2828-0-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2828-158-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download