Overview
overview
7Static
static
ACCWIZ.dll
windows7-x64
1ACCWIZ.dll
windows10-2004-x64
1ACWIZRC.dll
windows7-x64
1ACWIZRC.dll
windows10-2004-x64
1MSACCESS.exe
windows7-x64
1MSACCESS.exe
windows10-2004-x64
1MSAEXP30.dll
windows7-x64
3MSAEXP30.dll
windows10-2004-x64
3MSAIN.dll
windows7-x64
1MSAIN.dll
windows10-2004-x64
1SERVWRAP.vbs
windows7-x64
1SERVWRAP.vbs
windows10-2004-x64
1SOA.dll
windows7-x64
1SOA.dll
windows10-2004-x64
3ACMAIN11.chm
windows7-x64
1ACMAIN11.chm
windows10-2004-x64
1MSCAL.dll
windows7-x64
1MSCAL.dll
windows10-2004-x64
1MS_Office_...10.msi
windows7-x64
7MS_Office_...10.msi
windows10-2004-x64
7MS_Office_...11.msi
windows7-x64
7MS_Office_...11.msi
windows10-2004-x64
7MS_Office_...UP.msi
windows7-x64
7MS_Office_...UP.msi
windows10-2004-x64
7MS_Office_...P1.exe
windows7-x64
1MS_Office_...P1.exe
windows10-2004-x64
1Analysis
-
max time kernel
44s -
max time network
50s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
16/10/2022, 23:16
Static task
static1
Behavioral task
behavioral1
Sample
ACCWIZ.dll
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral2
Sample
ACCWIZ.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
ACWIZRC.dll
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral4
Sample
ACWIZRC.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
MSACCESS.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral6
Sample
MSACCESS.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
MSAEXP30.dll
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral8
Sample
MSAEXP30.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
MSAIN.dll
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral10
Sample
MSAIN.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
SERVWRAP.vbs
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral12
Sample
SERVWRAP.vbs
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
SOA.dll
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral14
Sample
SOA.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
ACMAIN11.chm
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral16
Sample
ACMAIN11.chm
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
MSCAL.dll
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral18
Sample
MSCAL.dll
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
MS_Office_2003/OWC10.msi
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral20
Sample
MS_Office_2003/OWC10.msi
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
MS_Office_2003/OWC11.msi
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral22
Sample
MS_Office_2003/OWC11.msi
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
MS_Office_2003/SETUP.msi
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral24
Sample
MS_Office_2003/SETUP.msi
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
MS_Office_2003/SETUP1.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral26
Sample
MS_Office_2003/SETUP1.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
General
-
Target
ACCWIZ.dll
-
Size
162KB
-
MD5
7387dd7402c09340980dbac26899f8ab
-
SHA1
0cc7c5df1e3e35ccb6d02de602ecd8b7efcaad70
-
SHA256
ba43b61e2b6f64b7bf160cf37d87021ad92debed67d341dd6d217d382633e6eb
-
SHA512
e68af91c69c44403e76bcdae1fdeae14797227a97d84980863febed7c31542ffff223555cb7e31fb1bba99db179195c3157c217023c747a66891dc3db1a4144e
-
SSDEEP
1536:nFx47QZS2IdLeIHcO7QKfYyEEQ88NpYFDDBqdrj/rInvCtka03uiGJC:nJ6dVcIQiEEr8NWpqt/UkqBOC
Malware Config
Signatures
-
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{53230327-172B-11D0-AD40-00A0C90DC8D9} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{53230327-172B-11D0-AD40-00A0C90DC8D9}\MiscStatus\ = "0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53230323-172B-11D0-AD40-00A0C90DC8D9}\TypeLib regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53230324-172B-11D0-AD40-00A0C90DC8D9}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53230325-172B-11D0-AD40-00A0C90DC8D9}\ = "IFieldList" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53230328-172B-11D0-AD40-00A0C90DC8D9}\TypeLib\ = "{5B87B6F0-17C8-11D0-AD41-00A0C90DC8D9}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{53230322-172B-11D0-AD40-00A0C90DC8D9}\Version\ = "8.131473" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{53230322-172B-11D0-AD40-00A0C90DC8D9}\Control regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{53230327-172B-11D0-AD40-00A0C90DC8D9}\TypeLib regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{53230327-172B-11D0-AD40-00A0C90DC8D9}\MiscStatus\1 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53230321-172B-11D0-AD40-00A0C90DC8D9}\TypeLib\ = "{5B87B6F0-17C8-11D0-AD41-00A0C90DC8D9}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53230324-172B-11D0-AD40-00A0C90DC8D9} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53230325-172B-11D0-AD40-00A0C90DC8D9}\TypeLib\ = "{5B87B6F0-17C8-11D0-AD41-00A0C90DC8D9}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53230328-172B-11D0-AD40-00A0C90DC8D9}\ = "IFieldListWnd" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{53230322-172B-11D0-AD40-00A0C90DC8D9}\ = "ImexGridCtrl.1 Object" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ACCWIZ.FieldListCtrl.1\ = "FieldListCtrl.1 Object" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53230320-172B-11D0-AD40-00A0C90DC8D9}\ = "IImexGrid" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53230326-172B-11D0-AD40-00A0C90DC8D9}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ACCWIZ.FieldListCtrl.1\CLSID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ACCWIZ.FieldListCtrl.1.8\CLSID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53230320-172B-11D0-AD40-00A0C90DC8D9} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53230326-172B-11D0-AD40-00A0C90DC8D9} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{53230322-172B-11D0-AD40-00A0C90DC8D9}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{53230322-172B-11D0-AD40-00A0C90DC8D9}\Version regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ACCWIZ.FieldListCtrl.1.8\ = "FieldListCtrl.1 Object" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53230323-172B-11D0-AD40-00A0C90DC8D9}\TypeLib\ = "{5B87B6F0-17C8-11D0-AD41-00A0C90DC8D9}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{53230322-172B-11D0-AD40-00A0C90DC8D9}\InprocServer32\ThreadingModel = "Apartment" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ACCWIZ.FieldListCtrl.1\CurVer\ = "ACCWIZ.FieldListCtrl.1.8" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{53230327-172B-11D0-AD40-00A0C90DC8D9}\ToolboxBitmap32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ACCWIZ.dll, 1" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ACCWIZ.FieldListCtrl.1.8\CLSID\ = "{53230327-172B-11D0-AD40-00A0C90DC8D9}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{53230327-172B-11D0-AD40-00A0C90DC8D9}\ProgID\ = "ACCWIZ.FieldListCtrl.1.8" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{53230326-172B-11D0-AD40-00A0C90DC8D9}\TypeLib\Version = "8.0" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53230326-172B-11D0-AD40-00A0C90DC8D9}\ = "DFieldListEvents" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ACCWIZ.ImexGridCtrl.1\CurVer regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{53230322-172B-11D0-AD40-00A0C90DC8D9}\VersionIndependentProgID\ = "ACCWIZ.ImexGridCtrl.1" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{53230322-172B-11D0-AD40-00A0C90DC8D9}\TypeLib regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{53230322-172B-11D0-AD40-00A0C90DC8D9}\MiscStatus regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53230325-172B-11D0-AD40-00A0C90DC8D9}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ACCWIZ.ImexGridCtrl.1\ = "ImexGridCtrl.1 Object" regsvr32.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{53230327-172B-11D0-AD40-00A0C90DC8D9} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{53230327-172B-11D0-AD40-00A0C90DC8D9}\Version regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{53230327-172B-11D0-AD40-00A0C90DC8D9}\MiscStatus\1\ = "131473" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5B87B6F0-17C8-11D0-AD41-00A0C90DC8D9}\8.0\0 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{53230326-172B-11D0-AD40-00A0C90DC8D9}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53230329-172B-11D0-AD40-00A0C90DC8D9}\TypeLib\Version = "8.0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{53230322-172B-11D0-AD40-00A0C90DC8D9} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ACCWIZ.ImexGridCtrl.1.8\CLSID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53230323-172B-11D0-AD40-00A0C90DC8D9} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53230324-172B-11D0-AD40-00A0C90DC8D9}\TypeLib regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{53230329-172B-11D0-AD40-00A0C90DC8D9}\TypeLib\Version = "8.0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ACCWIZ.FieldListCtrl.1 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53230326-172B-11D0-AD40-00A0C90DC8D9}\TypeLib regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ACCWIZ.ImexGridCtrl.1 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{53230322-172B-11D0-AD40-00A0C90DC8D9}\Implemented Categories regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53230321-172B-11D0-AD40-00A0C90DC8D9}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53230328-172B-11D0-AD40-00A0C90DC8D9}\TypeLib regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53230329-172B-11D0-AD40-00A0C90DC8D9} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53230329-172B-11D0-AD40-00A0C90DC8D9}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{53230327-172B-11D0-AD40-00A0C90DC8D9}\VersionIndependentProgID\ = "ACCWIZ.FieldListCtrl.1" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53230320-172B-11D0-AD40-00A0C90DC8D9}\TypeLib regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{53230321-172B-11D0-AD40-00A0C90DC8D9}\TypeLib\Version = "8.0" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53230326-172B-11D0-AD40-00A0C90DC8D9}\TypeLib\Version = "8.0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53230328-172B-11D0-AD40-00A0C90DC8D9}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53230329-172B-11D0-AD40-00A0C90DC8D9}\TypeLib\ = "{5B87B6F0-17C8-11D0-AD41-00A0C90DC8D9}" regsvr32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1196 wrote to memory of 944 1196 regsvr32.exe 27 PID 1196 wrote to memory of 944 1196 regsvr32.exe 27 PID 1196 wrote to memory of 944 1196 regsvr32.exe 27 PID 1196 wrote to memory of 944 1196 regsvr32.exe 27 PID 1196 wrote to memory of 944 1196 regsvr32.exe 27 PID 1196 wrote to memory of 944 1196 regsvr32.exe 27 PID 1196 wrote to memory of 944 1196 regsvr32.exe 27