Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
27s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
14/06/2023, 12:08
Static task
static1
Behavioral task
behavioral1
Sample
AccessDatabaseEngine_X64.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
AccessDatabaseEngine_X64.exe
Resource
win10v2004-20230220-en
General
-
Target
AccessDatabaseEngine_X64.exe
-
Size
27.5MB
-
MD5
13f3ed8ce7deda44784fb5c1bc1c415b
-
SHA1
2c21446996ee85cb12b4c86247aed1958594c626
-
SHA256
a25229b51c9127ca714de760231d90cd55d9e648a2a802d3709d5ec358698729
-
SHA512
913ed0e30cf337cab25403a078daaefacf28e4aba468feb57efe501424ca107a73968ae3a1e3fb898de432d01b95a88e716c760853b92066b96d86352087fb27
-
SSDEEP
786432:7PV8Cvp1BAMGSDYkwjWxwDHyq6g/oiqUvdWX:bHPBAOyM2yq6WltdWX
Malware Config
Signatures
-
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\Program Files (x86)\MSECache\AceRedist\1041\AceRedist.msi AccessDatabaseEngine_X64.exe File created C:\Program Files (x86)\MSECache\AceRedist\1041\Catalog\files14.cat AccessDatabaseEngine_X64.exe -
Suspicious use of WriteProcessMemory 11 IoCs
description pid Process procid_target PID 1460 wrote to memory of 672 1460 AccessDatabaseEngine_X64.exe 27 PID 1460 wrote to memory of 672 1460 AccessDatabaseEngine_X64.exe 27 PID 1460 wrote to memory of 672 1460 AccessDatabaseEngine_X64.exe 27 PID 1460 wrote to memory of 672 1460 AccessDatabaseEngine_X64.exe 27 PID 1460 wrote to memory of 672 1460 AccessDatabaseEngine_X64.exe 27 PID 1460 wrote to memory of 672 1460 AccessDatabaseEngine_X64.exe 27 PID 1460 wrote to memory of 672 1460 AccessDatabaseEngine_X64.exe 27 PID 672 wrote to memory of 580 672 DW20.EXE 28 PID 672 wrote to memory of 580 672 DW20.EXE 28 PID 672 wrote to memory of 580 672 DW20.EXE 28 PID 672 wrote to memory of 580 672 DW20.EXE 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\AccessDatabaseEngine_X64.exe"C:\Users\Admin\AppData\Local\Temp\AccessDatabaseEngine_X64.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1460 -
C:\PROGRA~2\COMMON~1\MICROS~1\DW\DW20.EXEC:\PROGRA~2\COMMON~1\MICROS~1\DW\DW20.EXE -d C:\Users\Admin\AppData\Local\Temp\DWM6C3B.tmp2⤵
- Suspicious use of WriteProcessMemory
PID:672 -
C:\Windows\SysWOW64\dwwin.exeC:\Windows\system32\dwwin.exe -d C:\Users\Admin\AppData\Local\Temp\DWM6C3B.tmp3⤵PID:580
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD56fc4160810848891e679429e9e4320db
SHA13b354e19f791c9763cfe6d99cbab8ae218470c23
SHA2565bd48beb577ba3dd9c4ee3f92c0e0a1a16ee1f857f90f1df2c5242d80583ab25
SHA512e504861822fd97a43196ed3b385d303312354d20918057dc51114065a835a047031dc99a8da9375cb8bab635a864cd55e68335d73da91bf50620a43e1638e576