Analysis

  • max time kernel
    117s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    26-10-2024 22:59

General

  • Target

    AIMr-main/AIMr.py

  • Size

    9KB

  • MD5

    59f08c92b759ada1d447387b7b71e5d6

  • SHA1

    394ba0d955bd7e4e37f093a5bbfda9e5fe28cc59

  • SHA256

    bfb4a9e7c1d5ec07d4248e2ce522d271dba26b6300139c7fcd6c3d0107251552

  • SHA512

    ab3286c359872d3c2ad6aa7efdb541ca57a50f55f95d57f9624c5a359f841d8056e01d8a139fc7afbd47a4eea514602c6af466d13590d2dec78bfa4886008235

  • SSDEEP

    192:S9EVODVxMUS4PAkDN2HH2RD86PGTGK7jiONaeuAYTksmGQq3s:EjxMUTP5h18yUGKHiONavAYpPc

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\AIMr-main\AIMr.py
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2724
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\AIMr-main\AIMr.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2976
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\AIMr-main\AIMr.py"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:3032

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    1f94fa650af1502c6fc06c2aac52ac23

    SHA1

    11cc8aadb74f6fb4fcaebbcb675158e33d4c373f

    SHA256

    2f72740b807b326c5cbf0a12647d8f92333a4f276f9ddeb94eb63bdcc097d505

    SHA512

    76a90d4e65c9db8b81a760aa203d353d05aea34e8f0d350fbc6acb7ec5d53c198f3617bb7fac4a674e13cfec050a7ba9ed537d9aadee3986612ac1365a05f63b

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.