0d1bb97f63756326bb8e7a4c5b071e8a753d0d0f470804b76ef20d6f80a6fd2b

Analysis

max time kernel
30s
max time network
18s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11-02-2024 09:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AIMr.exe
Size

8.2MB
MD5

be9a972f8587f47f3df1f51a0b83c7dd
SHA1

4076af5f3cca5fbd519260022cd1a4c67fe9e9d4
SHA256

0d1bb97f63756326bb8e7a4c5b071e8a753d0d0f470804b76ef20d6f80a6fd2b
SHA512

5ea0f7b8ba2c48317f47336ba27189982d1de30ee70721481e170f7fbcf731a05d0b587ad53cf879f97a8670581c0563e2fe2a5b06e3fa7d7b3e75048a5b6b81
SSDEEP

196608:QSbnRrT1W903eV4QJ7MToEuGxgh858F0ibfULlgAB+knzeCUw:Z11W+eGQJ7MTozGxu8C0ibfAiYCA

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

Processes:

AIMr.exe

pid process

2884 AIMr.exe
2884 AIMr.exe
2884 AIMr.exe
2884 AIMr.exe
2884 AIMr.exe
2884 AIMr.exe
2884 AIMr.exe

pid	process
2884	AIMr.exe
2884	AIMr.exe
2884	AIMr.exe
2884	AIMr.exe
2884	AIMr.exe
2884	AIMr.exe
2884	AIMr.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

AIMr.exe

description	pid	process	target process
PID 2456 wrote to memory of 2884	2456	AIMr.exe	AIMr.exe
PID 2456 wrote to memory of 2884	2456	AIMr.exe	AIMr.exe
PID 2456 wrote to memory of 2884	2456	AIMr.exe	AIMr.exe

C:\Users\Admin\AppData\Local\Temp\AIMr.exe
"C:\Users\Admin\AppData\Local\Temp\AIMr.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2456

C:\Users\Admin\AppData\Local\Temp\AIMr.exe
"C:\Users\Admin\AppData\Local\Temp\AIMr.exe"
2⤵
- Loads dropped DLL
PID:2884

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI24562\api-ms-win-core-file-l2-1-0.dll
Filesize
13KB

MD5
77493ca3fd4015b3900d4694715a92ad

SHA1
c72ab38bbe61717761800c54ac6c3cdb4a8a42ae

SHA256
69d2e82663ec1be7cec2d20b82b353a7a4ac2b71474aa549b5308464273285ca

SHA512
864c6fecb3c2ce8ef87ca28bc9a6c1e89262a2cff289cc47fc17e77f6775873578b986c3758c1f3e506b5462c9bafdc285ee0f5d0c2fd69ae4814fe9f9294e11

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24562\api-ms-win-core-timezone-l1-1-0.dll
Filesize
13KB

MD5
0e1dc487712e10bdda37fc16a78a42e9

SHA1
ec36402f6036eb909bb6ad0becd40070655254df

SHA256
6c1c6936309f16a42801b3e69567269e3faf9f97455d7d1ca1aeac22d963b135

SHA512
bc316e30ddfa0ec32d7d68d7e4ecaab7a3ed87fe3f9bf0b4fad123476005e218f39d2814777f183142f5e99445b5dfb0005ed6b93767b0c31af9b54cdccdc186

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24562\python312.dll
Filesize
6.7MB

MD5
48ebfefa21b480a9b0dbfc3364e1d066

SHA1
b44a3a9b8c585b30897ddc2e4249dfcfd07b700a

SHA256
0cc4e557972488eb99ea4aeb3d29f3ade974ef3bcd47c211911489a189a0b6f2

SHA512
4e6194f1c55b82ee41743b35d749f5d92a955b219decacf9f1396d983e0f92ae02089c7f84a2b8296a3062afa3f9c220da9b7cd9ed01b3315ea4a953b4ecc6ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24562\ucrtbase.dll
Filesize
987KB

MD5
c9441142696e8bb09bc70b9605e3a39b

SHA1
f172463c4fa5e8692274cd41ef608519bfde38f7

SHA256
a8f9a12b1b6374f84380090eb396630a3409c7ec3bdeee3930ac6ca6cebe423e

SHA512
53dc0f88e0c180ccd67d3da51bb6a79a5000407bf1a7a48c8d70e0138df2f90c8fca138548408b3e9b6f520346d4be26b3cfe815719e3f581c068f4a025734dd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI24562\api-ms-win-core-file-l1-2-0.dll
Filesize
13KB

MD5
e0645fddef558dfdf2d89a2312d62ce5

SHA1
11187c5bd67cec3a4c0043f3119fabe5b3fd0b80

SHA256
55565231aaefb87e36e20e8bc9e5f57a6ce60a91ffe2cc29711fb2df70f17560

SHA512
181c821c4e392bbcad94475c9fe09d59bc7512ff1d17ef5eeae552d7df3d41f36dbfb919e7bf0733a218244ad5e5ddb9cff51d9835c16726fec7b0d4decf8de1

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI24562\api-ms-win-core-localization-l1-2-0.dll
Filesize
15KB

MD5
8745258d2ce63c13082fd5176647435f

SHA1
08b1bfcd46c32842f593242e1f5ca24a386838a1

SHA256
89faf112c004bf34f240b3b4fae6941316d3e9844d14cddbdfce4964ff410239

SHA512
0240d8bc7300411433bd93a8177f3b99d13fab039b6074061770a0fa99fbf04a1179a2d9b0b8742be2c4e2d05e546edf7f706a08effb20f43adbbf7137020760

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI24562\api-ms-win-core-processthreads-l1-1-1.dll
Filesize
13KB

MD5
e41d2e7e4144709eba47a22c238ce10e

SHA1
2981f224dbd565dc4ea7594ad17f9ff01db87b8b

SHA256
2756035ca5105caf7ab63ea7284c68403adc912bd08906bf5c18c7ff3b47ab5b

SHA512
b8d08e80bfc3675699c32897c9803a1f986167717cc2ec9d46582cf4c530d65deae5c608e69d86b8e6aa3f518d47d1fa09b9d0eb0db3397ac5d31568409aa5bc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads