Analysis

  • max time kernel
    122s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    26-10-2024 22:59

General

  • Target

    AIMr-main/info.md

  • Size

    2KB

  • MD5

    7fc7d9033e700dfc68ee810b680ec378

  • SHA1

    0b3efcc90eac0075f7ebc10a3a424eeed71629dc

  • SHA256

    6ec2a6f9ddf988fd58676dbd7a1aa5bda727236fbbfb7b8d56e4c87ceac83247

  • SHA512

    cdc914977971d6a69689d149d76d85b751d7965a60e46046aecff293ff0c4dd5b32c404712a5f2f292db7efcd820f468980a1595a672473c8f1fc12fb12aabd4

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\AIMr-main\info.md
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2568
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\AIMr-main\info.md
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2344
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\AIMr-main\info.md"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2776

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    c6b1536c9fefb52a1e901102452ff2d9

    SHA1

    ee0ddce80599920b22106e0b34b8ca005815920f

    SHA256

    2f8d0be929d03c6cb8eae4f4e0167730076a42f973822633182036ba036bdb03

    SHA512

    e7f1a3acdcaa93059bb9dbb0edffd464cd83978795918f3afa844b5476297a5900cba8a5b6ba95932f02ecfd525686c89198c74070485ac5e196decc0419e628

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.