Analysis
-
max time kernel
150s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
21-03-2024 14:57
Static task
static1
Behavioral task
behavioral1
Sample
Install_AIM59[1].exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
Install_AIM59[1].exe
Resource
win10v2004-20240226-en
General
-
Target
Install_AIM59[1].exe
-
Size
8.1MB
-
MD5
3411a5717d5e6d7d31b0f24ff7b59fab
-
SHA1
40cb866aa8eb6321bf5f73343b18b4886e6119d1
-
SHA256
4a56acb4f236582af60db6bf4447da526b04aaca7508db1c516aeb5944e8eb38
-
SHA512
77d3ec12e31f46b38303febeb8b7f7a6d6ef4d8797644534a524c8a00bc51d0a4e0231046d34ae47d3e54b131170c908a69c1fece03c845caefcfb31197b3f28
-
SSDEEP
196608:gIIzsA80RZG+6Vu5qH1z/fe8owdlvnWkOKC5meTk6:gImnNiaqHJ/fDd5nWwCJTk6
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1836 AIM_INSTALLER_DERANDOMIZED.EXE -
Loads dropped DLL 27 IoCs
pid Process 1836 AIM_INSTALLER_DERANDOMIZED.EXE 1836 AIM_INSTALLER_DERANDOMIZED.EXE 1836 AIM_INSTALLER_DERANDOMIZED.EXE 1836 AIM_INSTALLER_DERANDOMIZED.EXE 1836 AIM_INSTALLER_DERANDOMIZED.EXE 1836 AIM_INSTALLER_DERANDOMIZED.EXE 1836 AIM_INSTALLER_DERANDOMIZED.EXE 1836 AIM_INSTALLER_DERANDOMIZED.EXE 1836 AIM_INSTALLER_DERANDOMIZED.EXE 1836 AIM_INSTALLER_DERANDOMIZED.EXE 1836 AIM_INSTALLER_DERANDOMIZED.EXE 1836 AIM_INSTALLER_DERANDOMIZED.EXE 1836 AIM_INSTALLER_DERANDOMIZED.EXE 1836 AIM_INSTALLER_DERANDOMIZED.EXE 1836 AIM_INSTALLER_DERANDOMIZED.EXE 1836 AIM_INSTALLER_DERANDOMIZED.EXE 1836 AIM_INSTALLER_DERANDOMIZED.EXE 1836 AIM_INSTALLER_DERANDOMIZED.EXE 1836 AIM_INSTALLER_DERANDOMIZED.EXE 1836 AIM_INSTALLER_DERANDOMIZED.EXE 1836 AIM_INSTALLER_DERANDOMIZED.EXE 1836 AIM_INSTALLER_DERANDOMIZED.EXE 1836 AIM_INSTALLER_DERANDOMIZED.EXE 1836 AIM_INSTALLER_DERANDOMIZED.EXE 1836 AIM_INSTALLER_DERANDOMIZED.EXE 1836 AIM_INSTALLER_DERANDOMIZED.EXE 1836 AIM_INSTALLER_DERANDOMIZED.EXE -
Drops file in System32 directory 1 IoCs
description ioc Process File created C:\Windows\SysWOW64\GLBSINST.%$D AIM_INSTALLER_DERANDOMIZED.EXE -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5084 wrote to memory of 1836 5084 Install_AIM59[1].exe 88 PID 5084 wrote to memory of 1836 5084 Install_AIM59[1].exe 88 PID 5084 wrote to memory of 1836 5084 Install_AIM59[1].exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\Install_AIM59[1].exe"C:\Users\Admin\AppData\Local\Temp\Install_AIM59[1].exe"1⤵
- Suspicious use of WriteProcessMemory
PID:5084 -
C:\Users\Admin\AppData\Local\Temp\AIM_INSTALLER_DERANDOMIZED.EXEC:\Users\Admin\AppData\Local\Temp\GLB5227.tmp 4736 C:\Users\Admin\AppData\Local\Temp\INSTAL~1.EXE2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
PID:1836
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD54994843821f841b66f70f87e889b7c4a
SHA1b6614c5cb2a71eeb2a8aa002770fa0a3e495bcea
SHA256001715ba41a3f8cdd70a506598adeb66c6644306ff9134d9173c4400089ddb60
SHA512ec5c48d3b9f9405d67c8a31daaff4c106e7444d992a73792c99a78b37904a5fa13c909dbbe5ecd17349f24102fc60ba776622cc245d1621dbe7d40416ea09a0b
-
Filesize
70KB
MD53893f1a8e6dca273ea6e644f15dfbed0
SHA170eb7d10949e292710ceb854cc50d273bca0c7fe
SHA2562910f52c61d8bc80d789cf188f235de063f7615368f218c6668af52e49eb58b1
SHA512be5bf2797666b7a45c5c830afea89eac97f0746923710e02f97144229b65fe9abed45f4192b6d39f8d817108d761e0fbaf2a4556a2df03b856298196a62870e2
-
Filesize
161KB
MD509e59d00df5d2effd8dd9b30385cb9d2
SHA10fa0d3f6692f31fdabefb719b0f7a28cbf5d5415
SHA2561c574eab5e83ccfe5a0bb7b59e028cc5fa2f4e77868051e305d83c709711ff77
SHA512d73e3832777341a4176dbd9988002ec94a32f162492e869a8c03d9bb10f1833821f99e15710e9fc103a2820c862cf14a0b990d7c7c09150bb14618a7c93ca5fd
-
Filesize
10KB
MD59da8f742593d4bbca708b90725282ae2
SHA19aaa6ed98726e657252a098f2bf06066a8604d27
SHA256e362a9815527869e0f71fdf766a1c3648e307145defda7a5279914e522bcb57c
SHA512f8b4129dc4ab30e009cb4db8a80f06b16306c1a90a49e534befb925d6ce4d5713b98553a2107b40efa8b5abd025ff0556976cf46c3642ce8e372c34d105e36cb
-
Filesize
48KB
MD57da84a0eb210e830443813b91dce4984
SHA13c91efc6b15f3c2de40ca7d9902a2c280a6d2d4f
SHA256535d9b8921721c77698c932895c027259005962405d1c61e3d3ea05cda95e31d
SHA512159aba9a9511c3a2dcb77623bfb0e3d08c2195b7e84b57c62f96ce489105009359f8acb3549d54aa5f62d2874d41e5d95164e4ceaa92afd668f2c45c4c6c022d