Analysis
-
max time kernel
363s -
max time network
372s -
platform
windows7_x64 -
resource
win7-20231215-de -
resource tags
arch:x64arch:x86image:win7-20231215-delocale:de-deos:windows7-x64systemwindows -
submitted
20-02-2024 00:39
Behavioral task
behavioral1
Sample
AIMr.exe
Resource
win7-20231215-de
Behavioral task
behavioral2
Sample
AIMr.exe
Resource
win10v2004-20231215-de
Behavioral task
behavioral3
Sample
AIMr for exe.pyc
Resource
win7-20231215-de
Behavioral task
behavioral4
Sample
AIMr for exe.pyc
Resource
win10v2004-20231215-de
General
-
Target
AIMr.exe
-
Size
8.7MB
-
MD5
a0e21fe8f23d8e9d129df06fb6d13636
-
SHA1
ffc6c8be542c112dcb9bb55114df82cf440192c4
-
SHA256
754cdfe578fd727a22d985d006913e4f6f89c209fa7d85401449b0f4ecc6179e
-
SHA512
3e7c35b1b7b1713b379665d11fb6cffdb12b5b8108b1d0e46071db629a4514dcd5478ca83a5b320bf108d35f1c693bb6dbbe1b14bae3ddce1b5189c296a51498
-
SSDEEP
196608:jwbvW0jj51W903eV4QJ7MToEuGxgh858F0ibfULlgABfRk90Ql9:U60jj/W+eGQJ7MTozGxu8C0ibfAi3n
Malware Config
Signatures
-
Loads dropped DLL 7 IoCs
pid Process 2964 AIMr.exe 2964 AIMr.exe 2964 AIMr.exe 2964 AIMr.exe 2964 AIMr.exe 2964 AIMr.exe 2964 AIMr.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2760 wrote to memory of 2964 2760 AIMr.exe 29 PID 2760 wrote to memory of 2964 2760 AIMr.exe 29 PID 2760 wrote to memory of 2964 2760 AIMr.exe 29
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
13KB
MD5e0645fddef558dfdf2d89a2312d62ce5
SHA111187c5bd67cec3a4c0043f3119fabe5b3fd0b80
SHA25655565231aaefb87e36e20e8bc9e5f57a6ce60a91ffe2cc29711fb2df70f17560
SHA512181c821c4e392bbcad94475c9fe09d59bc7512ff1d17ef5eeae552d7df3d41f36dbfb919e7bf0733a218244ad5e5ddb9cff51d9835c16726fec7b0d4decf8de1
-
Filesize
13KB
MD577493ca3fd4015b3900d4694715a92ad
SHA1c72ab38bbe61717761800c54ac6c3cdb4a8a42ae
SHA25669d2e82663ec1be7cec2d20b82b353a7a4ac2b71474aa549b5308464273285ca
SHA512864c6fecb3c2ce8ef87ca28bc9a6c1e89262a2cff289cc47fc17e77f6775873578b986c3758c1f3e506b5462c9bafdc285ee0f5d0c2fd69ae4814fe9f9294e11
-
Filesize
15KB
MD58745258d2ce63c13082fd5176647435f
SHA108b1bfcd46c32842f593242e1f5ca24a386838a1
SHA25689faf112c004bf34f240b3b4fae6941316d3e9844d14cddbdfce4964ff410239
SHA5120240d8bc7300411433bd93a8177f3b99d13fab039b6074061770a0fa99fbf04a1179a2d9b0b8742be2c4e2d05e546edf7f706a08effb20f43adbbf7137020760
-
Filesize
13KB
MD50e1dc487712e10bdda37fc16a78a42e9
SHA1ec36402f6036eb909bb6ad0becd40070655254df
SHA2566c1c6936309f16a42801b3e69567269e3faf9f97455d7d1ca1aeac22d963b135
SHA512bc316e30ddfa0ec32d7d68d7e4ecaab7a3ed87fe3f9bf0b4fad123476005e218f39d2814777f183142f5e99445b5dfb0005ed6b93767b0c31af9b54cdccdc186
-
Filesize
1.4MB
MD57184d0a9f466b6833728aaaab4f8f05b
SHA1f0ec5311a1c96628ddd26ea701f0e7957a993e10
SHA2563412edf720dca12dea45eb011f520954dfefe9fc6699d0c188300c38a5b6af95
SHA512d87af9d9ccccfc084bdac8fa4a5f6e22df7dd6486f5ddb7bf310569a0306226d6b272960445d0f74fdcd5071d5e1300e988e9c2de4f3baa76a6e15e09ad9e03b
-
Filesize
860KB
MD520c51028e962a17d99ef73f86d2a6304
SHA1a5999dc2cb77b698ac1505c2d32bdb5068351c35
SHA256827723fdaf06523d858dc7f7cc74bc31b2515682f3d67a83fdc56d2b9131f20a
SHA51241126ee10f701d4a9cc6a5a4eed5e8ba1aa9cce80db3727becfd649e5ade96307948f4d5665986195922d8bd9bdb1015427d55efdf8df887ef38e3579ac2bcbe
-
Filesize
13KB
MD5e41d2e7e4144709eba47a22c238ce10e
SHA12981f224dbd565dc4ea7594ad17f9ff01db87b8b
SHA2562756035ca5105caf7ab63ea7284c68403adc912bd08906bf5c18c7ff3b47ab5b
SHA512b8d08e80bfc3675699c32897c9803a1f986167717cc2ec9d46582cf4c530d65deae5c608e69d86b8e6aa3f518d47d1fa09b9d0eb0db3397ac5d31568409aa5bc
-
Filesize
6.7MB
MD548ebfefa21b480a9b0dbfc3364e1d066
SHA1b44a3a9b8c585b30897ddc2e4249dfcfd07b700a
SHA2560cc4e557972488eb99ea4aeb3d29f3ade974ef3bcd47c211911489a189a0b6f2
SHA5124e6194f1c55b82ee41743b35d749f5d92a955b219decacf9f1396d983e0f92ae02089c7f84a2b8296a3062afa3f9c220da9b7cd9ed01b3315ea4a953b4ecc6ce
-
Filesize
987KB
MD5c9441142696e8bb09bc70b9605e3a39b
SHA1f172463c4fa5e8692274cd41ef608519bfde38f7
SHA256a8f9a12b1b6374f84380090eb396630a3409c7ec3bdeee3930ac6ca6cebe423e
SHA51253dc0f88e0c180ccd67d3da51bb6a79a5000407bf1a7a48c8d70e0138df2f90c8fca138548408b3e9b6f520346d4be26b3cfe815719e3f581c068f4a025734dd