Overview

overview

8

Static

static

3

aimware.exe

windows11-21h2-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aimware.exe

  • Size

    5.3MB

  • Sample

    240505-m6yzqsbd77

  • MD5

    0a4a28190d8424b8fb649b08df21e393

  • SHA1

    ddc5beb62651bf496e33d8be636b805f0458107c

  • SHA256

    1626b2b77cd3e63b5f78852f0d67aca413f8435eaf4674415fbde211c4c96450

  • SHA512

    11483ce4f36de6adffbf6396ce903b06f5359a47c38eba35fa599359c1e6df6a91dd599a7bf4bd3f78746f1bfd2d96cd8e001214a3f035a8cc772ae47e9ffcb4

  • SSDEEP

    98304:G7Nj/bUgNkPWw+5wVP+/pS9qBn9yPyL0K7BysqrgKYTP8OpV/a:2hL+PWw+5WPcSwB9yP+j84D8

Score
8/10
evasionexecutionpersistence

Malware Config

Targets

    • Target

      aimware.exe

    • Size

      5.3MB

    • MD5

      0a4a28190d8424b8fb649b08df21e393

    • SHA1

      ddc5beb62651bf496e33d8be636b805f0458107c

    • SHA256

      1626b2b77cd3e63b5f78852f0d67aca413f8435eaf4674415fbde211c4c96450

    • SHA512

      11483ce4f36de6adffbf6396ce903b06f5359a47c38eba35fa599359c1e6df6a91dd599a7bf4bd3f78746f1bfd2d96cd8e001214a3f035a8cc772ae47e9ffcb4

    • SSDEEP

      98304:G7Nj/bUgNkPWw+5wVP+/pS9qBn9yPyL0K7BysqrgKYTP8OpV/a:2hL+PWw+5WPcSwB9yP+j84D8

    Score
    8/10
    evasionexecutionpersistence

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Creates new service(s)

      persistenceexecution

    • Drops file in Drivers directory

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks