analyze malware
- Huge database of samples and IOCs
- Custom VM setup
- Unlimited submissions
- Interactive approach
| File name: | AMTEmu.vip.zip |
| Full analysis: | https://app.any.run/tasks/5deb286e-ca62-4e12-a086-0ef43f7f78fc |
| Verdict: | Malicious activity |
| Analysis date: | May 30, 2020, 16:56:11 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Indicators: | |
| MIME: | application/zip |
| File info: | Zip archive data, at least v1.0 to extract |
| MD5: | 537F0CCFE4F9E543380CDB6C60ADAAA9 |
| SHA1: | 49F11150F207ED80EBEDA416F73CD89B63B3888C |
| SHA256: | 380AC5D1B0BFAE78B89B0CEB4F7A3A7E7AF5C37A1CB646A772F482A872150C7D |
| SSDEEP: | 24576:6YjeVHOKDWGn7G52YzPXcp5B7k6Yx4iF4Und3tK1XajjTOIcV+stIUkw/Z:6TVuwn7LWXcp864NdKX6jCVFYw/Z |
MALICIOUS
Loads dropped or rewritten executable
- amtemu.v0.9.2-painter.exe (PID: 2840)
Application was dropped or rewritten from another process
- amtemu.v0.9.2-painter.exe (PID: 2424)
- amtemu.v0.9.2-painter.exe (PID: 2840)
Actions looks like stealing of personal data
- amtemu.v0.9.2-painter.exe (PID: 2840)
SUSPICIOUS
Executable content was dropped or overwritten
- WinRAR.exe (PID: 1476)
- amtemu.v0.9.2-painter.exe (PID: 2840)
INFO
Manual execution by user
- amtemu.v0.9.2-painter.exe (PID: 2840)
- amtemu.v0.9.2-painter.exe (PID: 2424)
- explorer.exe (PID: 3716)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .zip | | | ZIP compressed archive (100) |
|---|
EXIF
ZIP
| ZipFileName: | AMTEmu v.0.9.2/ |
|---|---|
| ZipUncompressedSize: | - |
| ZipCompressedSize: | - |
| ZipCRC: | 0x00000000 |
| ZipModifyDate: | 2018:10:31 19:18:03 |
| ZipCompression: | None |
| ZipBitFlag: | - |
| ZipRequiredVersion: | 10 |
Total processes
44
Monitored processes
4
Malicious processes
2
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process |
|---|---|---|---|---|
| 1476 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\AMTEmu.vip.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
| 2424 | "C:\Users\admin\Desktop\amtemu.v0.9.2-painter.exe" | C:\Users\admin\Desktop\amtemu.v0.9.2-painter.exe | — | explorer.exe |
User: admin Company: PainteR Integrity Level: MEDIUM Description: ProxyEmu Exit code: 3221226540 Version: 0.9.2.0 | ||||
| 2840 | "C:\Users\admin\Desktop\amtemu.v0.9.2-painter.exe" | C:\Users\admin\Desktop\amtemu.v0.9.2-painter.exe | explorer.exe | |
User: admin Company: PainteR Integrity Level: HIGH Description: ProxyEmu Version: 0.9.2.0 | ||||
| 3716 | "C:\Windows\explorer.exe" | C:\Windows\explorer.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
Total events
744
Read events
693
Write events
0
Delete events
0
Modification events
Executable files
2
Suspicious files
0
Text files
0
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 2840 | amtemu.v0.9.2-painter.exe | C:\Users\admin\AppData\Local\Temp\spc_player.dll | executable | |
MD5:41AFBF49BA7F6EE164F31FAA2CD38E15 | SHA256:50D30B7AA7B9858F91F33165314C7CF7F2ACC97157091676C7E7925E018FD387 | |||
| 1476 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1476.12834\AMTEmu v.0.9.2\amtemu.v0.9.2-painter.exe | executable | |
MD5:8ABDC20F619641E29AA9AD2B999A0DCC | SHA256:CDC95D0113A2AF05C2E70FAB23F6C218AE583EBCB47077DD5B705A476F9D6B96 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0
HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report