Analysis

  • max time kernel
    150s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-03-2024 14:57

General

  • Target

    Install_AIM59[1].exe

  • Size

    8.1MB

  • MD5

    3411a5717d5e6d7d31b0f24ff7b59fab

  • SHA1

    40cb866aa8eb6321bf5f73343b18b4886e6119d1

  • SHA256

    4a56acb4f236582af60db6bf4447da526b04aaca7508db1c516aeb5944e8eb38

  • SHA512

    77d3ec12e31f46b38303febeb8b7f7a6d6ef4d8797644534a524c8a00bc51d0a4e0231046d34ae47d3e54b131170c908a69c1fece03c845caefcfb31197b3f28

  • SSDEEP

    196608:gIIzsA80RZG+6Vu5qH1z/fe8owdlvnWkOKC5meTk6:gImnNiaqHJ/fDd5nWwCJTk6

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 27 IoCs
  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Install_AIM59[1].exe
    "C:\Users\Admin\AppData\Local\Temp\Install_AIM59[1].exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5084
    • C:\Users\Admin\AppData\Local\Temp\AIM_INSTALLER_DERANDOMIZED.EXE
      C:\Users\Admin\AppData\Local\Temp\GLB5227.tmp 4736 C:\Users\Admin\AppData\Local\Temp\INSTAL~1.EXE
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      PID:1836

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\AOLInstallerFW.dll

    Filesize

    72KB

    MD5

    4994843821f841b66f70f87e889b7c4a

    SHA1

    b6614c5cb2a71eeb2a8aa002770fa0a3e495bcea

    SHA256

    001715ba41a3f8cdd70a506598adeb66c6644306ff9134d9173c4400089ddb60

    SHA512

    ec5c48d3b9f9405d67c8a31daaff4c106e7444d992a73792c99a78b37904a5fa13c909dbbe5ecd17349f24102fc60ba776622cc245d1621dbe7d40416ea09a0b

  • C:\Users\Admin\AppData\Local\Temp\GLB5227.tmp

    Filesize

    70KB

    MD5

    3893f1a8e6dca273ea6e644f15dfbed0

    SHA1

    70eb7d10949e292710ceb854cc50d273bca0c7fe

    SHA256

    2910f52c61d8bc80d789cf188f235de063f7615368f218c6668af52e49eb58b1

    SHA512

    be5bf2797666b7a45c5c830afea89eac97f0746923710e02f97144229b65fe9abed45f4192b6d39f8d817108d761e0fbaf2a4556a2df03b856298196a62870e2

  • C:\Users\Admin\AppData\Local\Temp\GLC52E3.tmp

    Filesize

    161KB

    MD5

    09e59d00df5d2effd8dd9b30385cb9d2

    SHA1

    0fa0d3f6692f31fdabefb719b0f7a28cbf5d5415

    SHA256

    1c574eab5e83ccfe5a0bb7b59e028cc5fa2f4e77868051e305d83c709711ff77

    SHA512

    d73e3832777341a4176dbd9988002ec94a32f162492e869a8c03d9bb10f1833821f99e15710e9fc103a2820c862cf14a0b990d7c7c09150bb14618a7c93ca5fd

  • C:\Users\Admin\AppData\Local\Temp\GLF5D38.tmp

    Filesize

    10KB

    MD5

    9da8f742593d4bbca708b90725282ae2

    SHA1

    9aaa6ed98726e657252a098f2bf06066a8604d27

    SHA256

    e362a9815527869e0f71fdf766a1c3648e307145defda7a5279914e522bcb57c

    SHA512

    f8b4129dc4ab30e009cb4db8a80f06b16306c1a90a49e534befb925d6ce4d5713b98553a2107b40efa8b5abd025ff0556976cf46c3642ce8e372c34d105e36cb

  • C:\Users\Admin\AppData\Local\Temp\GLK5507.tmp

    Filesize

    48KB

    MD5

    7da84a0eb210e830443813b91dce4984

    SHA1

    3c91efc6b15f3c2de40ca7d9902a2c280a6d2d4f

    SHA256

    535d9b8921721c77698c932895c027259005962405d1c61e3d3ea05cda95e31d

    SHA512

    159aba9a9511c3a2dcb77623bfb0e3d08c2195b7e84b57c62f96ce489105009359f8acb3549d54aa5f62d2874d41e5d95164e4ceaa92afd668f2c45c4c6c022d

  • memory/1836-18-0x0000000000440000-0x000000000044D000-memory.dmp

    Filesize

    52KB

  • memory/1836-89-0x00000000033A0000-0x00000000033B4000-memory.dmp

    Filesize

    80KB