34c675da00327758dfb7eabf559b5adf88226b81f78635f9cf2d0b6a22f6b420

Analysis

max time kernel
0s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
05/01/2024, 01:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

427b40da65db461a9fc22e9fbdb550df.exe
Size

123KB
MD5

427b40da65db461a9fc22e9fbdb550df
SHA1

8a9ba542aebde5ae97415822fc60eca3de5512a6
SHA256

34c675da00327758dfb7eabf559b5adf88226b81f78635f9cf2d0b6a22f6b420
SHA512

10dccc6b05c928da121abfc7dd69bf72bc20e4a300e9e2b715a6d3fef605d44b174f4a485627ed683b95467c3177537f17950c1c5c36de6bf462da04e92fc0bf
SSDEEP

3072:OeSQ41MZrrOwzrq5Ss9eYfphfFQkUcot3EpeBWLLsxzLF:OVYrJrOSsRwcpipLF

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3136	iaccess32.exe

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1460-0-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral2/files/0x000400000001e630-6.dat	upx
behavioral2/memory/1460-5-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral2/memory/3136-4-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral2/memory/4668-28-0x0000000010000000-0x0000000010047000-memory.dmp	upx
behavioral2/files/0x000400000001e630-3.dat	upx
behavioral2/memory/3136-58-0x0000000000400000-0x000000000042E000-memory.dmp	upx

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\iaccess32.exe	427b40da65db461a9fc22e9fbdb550df.exe
File created	C:\Windows\tmlpcert2007	iaccess32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Runs regedit.exe 1 IoCs

pid	Process
3300	regedit.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
1460	427b40da65db461a9fc22e9fbdb550df.exe
3136	iaccess32.exe
3136	iaccess32.exe
3136	iaccess32.exe
3136	iaccess32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1460 wrote to memory of 3136	1460	427b40da65db461a9fc22e9fbdb550df.exe	22
PID 1460 wrote to memory of 3136	1460	427b40da65db461a9fc22e9fbdb550df.exe	22
PID 1460 wrote to memory of 3136	1460	427b40da65db461a9fc22e9fbdb550df.exe	22

C:\Users\Admin\AppData\Local\Temp\427b40da65db461a9fc22e9fbdb550df.exe
"C:\Users\Admin\AppData\Local\Temp\427b40da65db461a9fc22e9fbdb550df.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1460
- C:\Windows\iaccess32.exe
  C:\Windows\iaccess32.exe
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - Suspicious use of SetWindowsHookEx
  PID:3136

C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe" /s C:\Windows\tmlpcert2007
1⤵
- Runs regedit.exe
PID:3300

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:2688

C:\Windows\SysWOW64\regsvr32.exe
regsvr32.exe /s "C:\Windows\system32\egaccess4_1071.dll"
1⤵
PID:4668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\iaccess32.exe

Filesize
123KB

MD5
0f642da8cf852730a9d76040b8c16dcc

SHA1
b7aa5224fe20a5a399e955baeac652bb15eac03f

SHA256
78cfb4bbb4008b4a02bfcde1d63595cf3932ff933864744c819faeba507ff0ed

SHA512
ecedf9b3d9d0d02ba21c0457844638038695f8cb908961c297bfc7e086553034a76cd03b748037fc7ad819c55641d42ed1e5b745f03553fd4438a8c2387ff20f

Download Submit
C:\Windows\iaccess32.exe

Filesize
92KB

MD5
82d83d4e6dfcf2608cad8e98f94f8c52

SHA1
a7eb8b5a73502c3caa521206699dd2ad57599d45

SHA256
80211392d91228323fb4cdfe384708629ac2a1c3e80760cb99b4115a9aa61fc5

SHA512
1c83e4dd92c0297e9372d7d750a64c3a486ecb0297ae0318c6cdb4da71db953e4180da3837768314c7c36cf2407c031f953ce09a62bff2ca0985fec9d8e88aa4

Download Submit
memory/1460-0-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1460-5-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3136-4-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3136-58-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4668-28-0x0000000010000000-0x0000000010047000-memory.dmp

Filesize
284KB

Download