754cdfe578fd727a22d985d006913e4f6f89c209fa7d85401449b0f4ecc6179e

Resubmissions

20-02-2024 00:51

240220-a7p21agc7s 10

20-02-2024 00:39

240220-azyzyagg33 10

Analysis

max time kernel
363s
max time network
372s
platform
windows7_x64
resource
win7-20231215-de
resource tags

arch:x64arch:x86image:win7-20231215-delocale:de-deos:windows7-x64systemwindows
submitted
20-02-2024 00:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AIMr.exe
Size

8.7MB
MD5

a0e21fe8f23d8e9d129df06fb6d13636
SHA1

ffc6c8be542c112dcb9bb55114df82cf440192c4
SHA256

754cdfe578fd727a22d985d006913e4f6f89c209fa7d85401449b0f4ecc6179e
SHA512

3e7c35b1b7b1713b379665d11fb6cffdb12b5b8108b1d0e46071db629a4514dcd5478ca83a5b320bf108d35f1c693bb6dbbe1b14bae3ddce1b5189c296a51498
SSDEEP

196608:jwbvW0jj51W903eV4QJ7MToEuGxgh858F0ibfULlgABfRk90Ql9:U60jj/W+eGQJ7MTozGxu8C0ibfAi3n

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

Processes:

AIMr.exe

pid process

2964 AIMr.exe
2964 AIMr.exe
2964 AIMr.exe
2964 AIMr.exe
2964 AIMr.exe
2964 AIMr.exe
2964 AIMr.exe
Suspicious use of WriteProcessMemory 3 IoCs

Processes:

AIMr.exe

description pid process target process

PID 2760 wrote to memory of 2964 2760 AIMr.exe AIMr.exe
PID 2760 wrote to memory of 2964 2760 AIMr.exe AIMr.exe
PID 2760 wrote to memory of 2964 2760 AIMr.exe AIMr.exe

pid	process
2964	AIMr.exe
2964	AIMr.exe
2964	AIMr.exe
2964	AIMr.exe
2964	AIMr.exe
2964	AIMr.exe
2964	AIMr.exe

description	pid	process	target process
PID 2760 wrote to memory of 2964	2760	AIMr.exe	AIMr.exe
PID 2760 wrote to memory of 2964	2760	AIMr.exe	AIMr.exe
PID 2760 wrote to memory of 2964	2760	AIMr.exe	AIMr.exe

C:\Users\Admin\AppData\Local\Temp\AIMr.exe
"C:\Users\Admin\AppData\Local\Temp\AIMr.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2760

C:\Users\Admin\AppData\Local\Temp\AIMr.exe
"C:\Users\Admin\AppData\Local\Temp\AIMr.exe"
2⤵
- Loads dropped DLL
PID:2964

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI27602\api-ms-win-core-file-l1-2-0.dll
Filesize
13KB

MD5
e0645fddef558dfdf2d89a2312d62ce5

SHA1
11187c5bd67cec3a4c0043f3119fabe5b3fd0b80

SHA256
55565231aaefb87e36e20e8bc9e5f57a6ce60a91ffe2cc29711fb2df70f17560

SHA512
181c821c4e392bbcad94475c9fe09d59bc7512ff1d17ef5eeae552d7df3d41f36dbfb919e7bf0733a218244ad5e5ddb9cff51d9835c16726fec7b0d4decf8de1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27602\api-ms-win-core-file-l2-1-0.dll
Filesize
13KB

MD5
77493ca3fd4015b3900d4694715a92ad

SHA1
c72ab38bbe61717761800c54ac6c3cdb4a8a42ae

SHA256
69d2e82663ec1be7cec2d20b82b353a7a4ac2b71474aa549b5308464273285ca

SHA512
864c6fecb3c2ce8ef87ca28bc9a6c1e89262a2cff289cc47fc17e77f6775873578b986c3758c1f3e506b5462c9bafdc285ee0f5d0c2fd69ae4814fe9f9294e11

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27602\api-ms-win-core-localization-l1-2-0.dll
Filesize
15KB

MD5
8745258d2ce63c13082fd5176647435f

SHA1
08b1bfcd46c32842f593242e1f5ca24a386838a1

SHA256
89faf112c004bf34f240b3b4fae6941316d3e9844d14cddbdfce4964ff410239

SHA512
0240d8bc7300411433bd93a8177f3b99d13fab039b6074061770a0fa99fbf04a1179a2d9b0b8742be2c4e2d05e546edf7f706a08effb20f43adbbf7137020760

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27602\api-ms-win-core-timezone-l1-1-0.dll
Filesize
13KB

MD5
0e1dc487712e10bdda37fc16a78a42e9

SHA1
ec36402f6036eb909bb6ad0becd40070655254df

SHA256
6c1c6936309f16a42801b3e69567269e3faf9f97455d7d1ca1aeac22d963b135

SHA512
bc316e30ddfa0ec32d7d68d7e4ecaab7a3ed87fe3f9bf0b4fad123476005e218f39d2814777f183142f5e99445b5dfb0005ed6b93767b0c31af9b54cdccdc186

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27602\python312.dll
Filesize
1.4MB

MD5
7184d0a9f466b6833728aaaab4f8f05b

SHA1
f0ec5311a1c96628ddd26ea701f0e7957a993e10

SHA256
3412edf720dca12dea45eb011f520954dfefe9fc6699d0c188300c38a5b6af95

SHA512
d87af9d9ccccfc084bdac8fa4a5f6e22df7dd6486f5ddb7bf310569a0306226d6b272960445d0f74fdcd5071d5e1300e988e9c2de4f3baa76a6e15e09ad9e03b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27602\ucrtbase.dll
Filesize
860KB

MD5
20c51028e962a17d99ef73f86d2a6304

SHA1
a5999dc2cb77b698ac1505c2d32bdb5068351c35

SHA256
827723fdaf06523d858dc7f7cc74bc31b2515682f3d67a83fdc56d2b9131f20a

SHA512
41126ee10f701d4a9cc6a5a4eed5e8ba1aa9cce80db3727becfd649e5ade96307948f4d5665986195922d8bd9bdb1015427d55efdf8df887ef38e3579ac2bcbe

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI27602\api-ms-win-core-processthreads-l1-1-1.dll
Filesize
13KB

MD5
e41d2e7e4144709eba47a22c238ce10e

SHA1
2981f224dbd565dc4ea7594ad17f9ff01db87b8b

SHA256
2756035ca5105caf7ab63ea7284c68403adc912bd08906bf5c18c7ff3b47ab5b

SHA512
b8d08e80bfc3675699c32897c9803a1f986167717cc2ec9d46582cf4c530d65deae5c608e69d86b8e6aa3f518d47d1fa09b9d0eb0db3397ac5d31568409aa5bc

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI27602\python312.dll
Filesize
6.7MB

MD5
48ebfefa21b480a9b0dbfc3364e1d066

SHA1
b44a3a9b8c585b30897ddc2e4249dfcfd07b700a

SHA256
0cc4e557972488eb99ea4aeb3d29f3ade974ef3bcd47c211911489a189a0b6f2

SHA512
4e6194f1c55b82ee41743b35d749f5d92a955b219decacf9f1396d983e0f92ae02089c7f84a2b8296a3062afa3f9c220da9b7cd9ed01b3315ea4a953b4ecc6ce

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI27602\ucrtbase.dll
Filesize
987KB

MD5
c9441142696e8bb09bc70b9605e3a39b

SHA1
f172463c4fa5e8692274cd41ef608519bfde38f7

SHA256
a8f9a12b1b6374f84380090eb396630a3409c7ec3bdeee3930ac6ca6cebe423e

SHA512
53dc0f88e0c180ccd67d3da51bb6a79a5000407bf1a7a48c8d70e0138df2f90c8fca138548408b3e9b6f520346d4be26b3cfe815719e3f581c068f4a025734dd

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads