Overview

overview

10

Static

static

10

The-MALWAR...ot.exe

windows7-x64

10

The-MALWAR...ll.exe

windows7-x64

10

The-MALWAR...BS.exe

windows7-x64

10

The-MALWAR...in.exe

windows7-x64

7

The-MALWAR....A.exe

windows7-x64

7

The-MALWAR....A.exe

windows7-x64

10

The-MALWAR....A.dll

windows7-x64

7

The-MALWAR...r.xlsm

windows7-x64

10

The-MALWAR...36c859

windows7-x64

1

The-MALWAR...caa742

windows7-x64

1

The-MALWAR...c1a732

windows7-x64

1

The-MALWAR...57c046

windows7-x64

1

The-MALWAR...4cde86

windows7-x64

1

The-MALWAR...460a01

windows7-x64

1

The-MALWAR...ece0c5

windows7-x64

1

The-MALWAR...257619

windows7-x64

1

The-MALWAR...fbcc59

windows7-x64

1

The-MALWAR...54f69c

windows7-x64

1

The-MALWAR...d539a6

windows7-x64

1

The-MALWAR...4996dd

windows7-x64

1

The-MALWAR...8232d5

windows7-x64

1

The-MALWAR...66b948

windows7-x64

1

The-MALWAR...f9db86

windows7-x64

1

The-MALWAR...ea2485

windows7-x64

1

The-MALWAR...us.exe

windows7-x64

6

The-MALWAR....a.exe

windows7-x64

3

The-MALWAR....a.exe

windows7-x64

7

The-MALWAR...ok.exe

windows7-x64

10

The-MALWAR...y.html

windows7-x64

3

The-MALWAR...ft.exe

windows7-x64

4

The-MALWAR...en.exe

windows7-x64

6

The-MALWAR...min.js

windows7-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    25/02/2025, 14:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    The-MALWARE-Repo-master/Email-Worm/Amus.exe

  • Size

    50KB

  • MD5

    47abd68080eee0ea1b95ae31968a3069

  • SHA1

    ffbdf4b2224b92bd78779a7c5ac366ccb007c14d

  • SHA256

    b5fc4fd50e4ba69f0c8c8e5c402813c107c605cab659960ac31b3c8356c4e0ec

  • SHA512

    c9dfabffe582b29e810db8866f8997af1bd3339fa30e79575377bde970fcad3e3b6e9036b3a88d0c5f4fa3545eea8904d9faabf00142d5775ea5508adcd4dc0a

  • SSDEEP

    768:/9NC1eO7wvsgyjgLCtKbqvYGjaESiKMH6BJJE+XqYq7wvefY:/9NC1eOMFyjt2/wDrcq/Mveg

Score
6/10
discoverypersistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 14 IoCs
  • Drops file in Windows directory 23 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Email-Worm\Amus.exe
    "C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Email-Worm\Amus.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Modifies Internet Explorer start page
    • Suspicious use of SetWindowsHookEx
    PID:1936
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E}
    1⤵
    • System Location Discovery: System Language Discovery
    PID:532
  • C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE" -Embedding
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:2752

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Messenger.exe
    Filesize

    50KB

    MD5

    47abd68080eee0ea1b95ae31968a3069

    SHA1

    ffbdf4b2224b92bd78779a7c5ac366ccb007c14d

    SHA256

    b5fc4fd50e4ba69f0c8c8e5c402813c107c605cab659960ac31b3c8356c4e0ec

    SHA512

    c9dfabffe582b29e810db8866f8997af1bd3339fa30e79575377bde970fcad3e3b6e9036b3a88d0c5f4fa3545eea8904d9faabf00142d5775ea5508adcd4dc0a

    Download Submit

  • memory/1936-0-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1936-158-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2752-28-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2752-29-0x0000000073DDD000-0x0000000073DE8000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2752-113-0x000000006CA71000-0x000000006CA72000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2752-155-0x0000000073DDD000-0x0000000073DE8000-memory.dmp

    Filesize

    44KB

    Download