a25229b51c9127ca714de760231d90cd55d9e648a2a802d3709d5ec358698729 | Triage

Analysis

max time kernel
27s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
14/06/2023, 12:08

Sharing

Report Analysis Logs

General

Target

AccessDatabaseEngine_X64.exe
Size

27.5MB
MD5

13f3ed8ce7deda44784fb5c1bc1c415b
SHA1

2c21446996ee85cb12b4c86247aed1958594c626
SHA256

a25229b51c9127ca714de760231d90cd55d9e648a2a802d3709d5ec358698729
SHA512

913ed0e30cf337cab25403a078daaefacf28e4aba468feb57efe501424ca107a73968ae3a1e3fb898de432d01b95a88e716c760853b92066b96d86352087fb27
SSDEEP

786432:7PV8Cvp1BAMGSDYkwjWxwDHyq6g/oiqUvdWX:bHPBAOyM2yq6WltdWX

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\MSECache\AceRedist\1041\AceRedist.msi	AccessDatabaseEngine_X64.exe
File created	C:\Program Files (x86)\MSECache\AceRedist\1041\Catalog\files14.cat	AccessDatabaseEngine_X64.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1460 wrote to memory of 672	1460	AccessDatabaseEngine_X64.exe	27
PID 1460 wrote to memory of 672	1460	AccessDatabaseEngine_X64.exe	27
PID 1460 wrote to memory of 672	1460	AccessDatabaseEngine_X64.exe	27
PID 1460 wrote to memory of 672	1460	AccessDatabaseEngine_X64.exe	27
PID 1460 wrote to memory of 672	1460	AccessDatabaseEngine_X64.exe	27
PID 1460 wrote to memory of 672	1460	AccessDatabaseEngine_X64.exe	27
PID 1460 wrote to memory of 672	1460	AccessDatabaseEngine_X64.exe	27
PID 672 wrote to memory of 580	672	DW20.EXE	28
PID 672 wrote to memory of 580	672	DW20.EXE	28
PID 672 wrote to memory of 580	672	DW20.EXE	28
PID 672 wrote to memory of 580	672	DW20.EXE	28

C:\Users\Admin\AppData\Local\Temp\AccessDatabaseEngine_X64.exe
"C:\Users\Admin\AppData\Local\Temp\AccessDatabaseEngine_X64.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1460
- C:\PROGRA~2\COMMON~1\MICROS~1\DW\DW20.EXE
  C:\PROGRA~2\COMMON~1\MICROS~1\DW\DW20.EXE -d C:\Users\Admin\AppData\Local\Temp\DWM6C3B.tmp
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:672
- - C:\Windows\SysWOW64\dwwin.exe
    C:\Windows\system32\dwwin.exe -d C:\Users\Admin\AppData\Local\Temp\DWM6C3B.tmp
    3⤵
    PID:580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\DWM6C3B.tmp

Filesize
1KB

MD5
6fc4160810848891e679429e9e4320db

SHA1
3b354e19f791c9763cfe6d99cbab8ae218470c23

SHA256
5bd48beb577ba3dd9c4ee3f92c0e0a1a16ee1f857f90f1df2c5242d80583ab25

SHA512
e504861822fd97a43196ed3b385d303312354d20918057dc51114065a835a047031dc99a8da9375cb8bab635a864cd55e68335d73da91bf50620a43e1638e576

Download Submit