Overview

overview

7

Static

static

3

Aalmt.exe

windows7-x64

3

Aalmt.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    132s
  • max time network
    137s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/11/2023, 10:51

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Aalmt.exe

  • Size

    47KB

  • MD5

    e564e4ca03fc14e0ebfa77f54e7fb237

  • SHA1

    013fbdb1e72a73e02f414982b7082b2532f91e2e

  • SHA256

    0bef31f2a9f4d188b7120aae8e84b75a3e8a41903e7daacd9ac36bdf7d217063

  • SHA512

    af0d33ca307eed5d6f77f7af0a7155298747176bbe4615b66c9caca4a05581eb3156b1f6e929195e47355594e2e9f3e11bb3fbbbca201befd2094fb8f5c70e8b

  • SSDEEP

    768:nVY0FRTjzUzS17ZC+FwkZMyuID4tApAwLF5GIAhCDNWSa6dK7YvzaZ2L8N5FYrxa:GC1FCsyyBEA5zA3SaclQQtoJ

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Aalmt.exe
    "C:\Users\Admin\AppData\Local\Temp\Aalmt.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of AdjustPrivilegeToken
    PID:64
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 64 -s 2112
      2⤵
      • Program crash
      PID:4308
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 200 -p 64 -ip 64
    1⤵
      PID:5084

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\tmpC237.tmp.exe
            Filesize

            813B

            MD5

            004ae7ac02494f44eef74ad7f59ec7ce

            SHA1

            800c9dcd1850d85915b64bbc168c9e94be2372a2

            SHA256

            1a81aaec3485a4badd889b56103eccddeaab29c909ab6722525dea60af9bbc9a

            SHA512

            77f8c810de75b1a7aa58e095904374db04ad0f8f529e0ecbdc675b95fd54e880d1f348730f13d7b2931b82ff86b84bda828876c3ba8e96f1b04642b7ec54e238

            Download Submit

          • memory/64-0-0x00000000000F0000-0x0000000000102000-memory.dmp

            Filesize

            72KB

            Download

          • memory/64-1-0x0000000074AA0000-0x0000000075250000-memory.dmp

            Filesize

            7.7MB

            Download

          • memory/64-2-0x0000000004B20000-0x0000000004B30000-memory.dmp

            Filesize

            64KB

            Download

          • memory/64-12-0x0000000074AA0000-0x0000000075250000-memory.dmp

            Filesize

            7.7MB

            Download