Analysis
-
max time kernel
151s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
09-01-2024 04:26
Behavioral task
behavioral1
Sample
4d54a66058ea3a0431ebb452b153f1ef.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
4d54a66058ea3a0431ebb452b153f1ef.exe
Resource
win10v2004-20231215-en
General
-
Target
4d54a66058ea3a0431ebb452b153f1ef.exe
-
Size
139KB
-
MD5
4d54a66058ea3a0431ebb452b153f1ef
-
SHA1
ad84dd360a54cddf3c193b107a77036590698a95
-
SHA256
cee058c4c7585c0c68a5c539d8dd048444721f3d0d02e9bce6077dd7c226c1c8
-
SHA512
d01a4eaf5c22e1ac2525d82e30c12cc79174a2f3f04a5c39de41d29897fea51cb0b5eac48e70f4d900af1716dc347c1dfc9d4610c976a5e8f960355a6f0e6131
-
SSDEEP
3072:mxWqPmyFTG1UH55L+37rrgiYP/oX7DotGLhDYxWn:mxWizFTGyH6X8e7zhsxW
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 2 IoCs
Processes:
4d54a66058ea3a0431ebb452b153f1ef.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit = "C:\\ProgramData\\InetAccelerator\\InetAccelerator.exe,userinit.exe," 4d54a66058ea3a0431ebb452b153f1ef.exe Set value (str) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\shell = "C:\\Users\\Admin\\AppData\\Roaming\\InetAccelerator\\InetAccelerator.exe,Explorer.exe," 4d54a66058ea3a0431ebb452b153f1ef.exe -
Processes:
resource yara_rule behavioral1/memory/2112-0-0x0000000000400000-0x000000000045E000-memory.dmp upx C:\Users\Admin\AppData\Roaming\InetAccelerator\InetAccelerator.exe upx behavioral1/memory/2112-49-0x0000000000400000-0x000000000045E000-memory.dmp upx behavioral1/memory/2112-107-0x0000000000400000-0x000000000045E000-memory.dmp upx -
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
4d54a66058ea3a0431ebb452b153f1ef.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\InetAccelerator. = "C:\\ProgramData\\InetAccelerator\\InetAccelerator.exe" 4d54a66058ea3a0431ebb452b153f1ef.exe Set value (str) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Windows\CurrentVersion\Run\InetAccelerator = "C:\\Users\\Admin\\AppData\\Roaming\\InetAccelerator\\InetAccelerator.exe" 4d54a66058ea3a0431ebb452b153f1ef.exe -
Drops file in System32 directory 2 IoCs
Processes:
4d54a66058ea3a0431ebb452b153f1ef.exedescription ioc process File created C:\Windows\System32\InetAccelerator.exe 4d54a66058ea3a0431ebb452b153f1ef.exe File opened for modification C:\Windows\System32\InetAccelerator.exe 4d54a66058ea3a0431ebb452b153f1ef.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Processes:
4d54a66058ea3a0431ebb452b153f1ef.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main 4d54a66058ea3a0431ebb452b153f1ef.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
4d54a66058ea3a0431ebb452b153f1ef.exepid process 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
4d54a66058ea3a0431ebb452b153f1ef.exepid process 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe 2112 4d54a66058ea3a0431ebb452b153f1ef.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\4d54a66058ea3a0431ebb452b153f1ef.exe"C:\Users\Admin\AppData\Local\Temp\4d54a66058ea3a0431ebb452b153f1ef.exe"1⤵
- Modifies WinLogon for persistence
- Adds Run key to start application
- Drops file in System32 directory
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\InetAccelerator\InetAccelerator.exeFilesize
139KB
MD54d54a66058ea3a0431ebb452b153f1ef
SHA1ad84dd360a54cddf3c193b107a77036590698a95
SHA256cee058c4c7585c0c68a5c539d8dd048444721f3d0d02e9bce6077dd7c226c1c8
SHA512d01a4eaf5c22e1ac2525d82e30c12cc79174a2f3f04a5c39de41d29897fea51cb0b5eac48e70f4d900af1716dc347c1dfc9d4610c976a5e8f960355a6f0e6131
-
memory/2112-0-0x0000000000400000-0x000000000045E000-memory.dmpFilesize
376KB
-
memory/2112-49-0x0000000000400000-0x000000000045E000-memory.dmpFilesize
376KB
-
memory/2112-107-0x0000000000400000-0x000000000045E000-memory.dmpFilesize
376KB