8a0cd0d9e7eb2ff12107ac3e78acc36e7065a82650b32557ceabb67c86c760ec | Triage

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
12-05-2024 07:31

Sharing

Report Analysis Logs

General

Target

colorbot/aimsource.exe
Size

54.8MB
MD5

93e69cc53eb8c3d032f202b011c303cb
SHA1

0cb7b7a76b79d5726b317a6578ea462899dd3fae
SHA256

69cb1f25fbb76e6c9d80f08b51418480f712a471ce2ac67fdb8af82cf53cc1a6
SHA512

741970015d29416a3e9b2506359df346c1ad5e530df8cca050a1870841f5113bc78154ea78b3fa281d123b6545a17381c2725f44e1ec2a4f7eeb54ac9ff9b056
SSDEEP

1572864:CMFP/V4f6Gj53ikjt4jRq2GqFOPV5Yi22qHWB75iUHS5n:zt/VG6RmtCRlGPrw2qHO5in

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2944	aimsource.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 2944	2052	aimsource.exe	29
PID 2052 wrote to memory of 2944	2052	aimsource.exe	29
PID 2052 wrote to memory of 2944	2052	aimsource.exe	29

C:\Users\Admin\AppData\Local\Temp\colorbot\aimsource.exe
"C:\Users\Admin\AppData\Local\Temp\colorbot\aimsource.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Users\Admin\AppData\Local\Temp\colorbot\aimsource.exe
  "C:\Users\Admin\AppData\Local\Temp\colorbot\aimsource.exe"
  2⤵
  - Loads dropped DLL
  PID:2944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI20522\python39.dll

Filesize
4.3MB

MD5
5871ae2a45d675ed9dd077c400018c30

SHA1
ddc03af9d433c3dfad8a193c50695139c59b4b58

SHA256
5d0ff879174faec03eb173eb2088f2e7519f4663dd6bfe5b817ec602c389ae20

SHA512
d87a90dbf42c528bc3fa038eb83d4318d2e8577a590bf9c84641c573b5b2fea83aac91bb108968252e07497424ed85f519a864e955f94a7f8e87bfc38e0f4b7b

Download Submit