Analysis
-
max time kernel
142s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
09-01-2024 04:26
Behavioral task
behavioral1
Sample
4d54a66058ea3a0431ebb452b153f1ef.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
4d54a66058ea3a0431ebb452b153f1ef.exe
Resource
win10v2004-20231215-en
General
-
Target
4d54a66058ea3a0431ebb452b153f1ef.exe
-
Size
139KB
-
MD5
4d54a66058ea3a0431ebb452b153f1ef
-
SHA1
ad84dd360a54cddf3c193b107a77036590698a95
-
SHA256
cee058c4c7585c0c68a5c539d8dd048444721f3d0d02e9bce6077dd7c226c1c8
-
SHA512
d01a4eaf5c22e1ac2525d82e30c12cc79174a2f3f04a5c39de41d29897fea51cb0b5eac48e70f4d900af1716dc347c1dfc9d4610c976a5e8f960355a6f0e6131
-
SSDEEP
3072:mxWqPmyFTG1UH55L+37rrgiYP/oX7DotGLhDYxWn:mxWizFTGyH6X8e7zhsxW
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 3 IoCs
Processes:
4d54a66058ea3a0431ebb452b153f1ef.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit = "C:\\Windows\\system32\\InetAccelerator.exe," 4d54a66058ea3a0431ebb452b153f1ef.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit = "C:\\ProgramData\\InetAccelerator\\InetAccelerator.exe,C:\\Windows\\system32\\InetAccelerator.exe," 4d54a66058ea3a0431ebb452b153f1ef.exe Set value (str) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell = "C:\\Users\\Admin\\AppData\\Roaming\\InetAccelerator\\InetAccelerator.exe,Explorer.exe," 4d54a66058ea3a0431ebb452b153f1ef.exe -
Processes:
resource yara_rule behavioral2/memory/1008-0-0x0000000000400000-0x000000000045E000-memory.dmp upx C:\Users\Admin\AppData\Roaming\InetAccelerator\InetAccelerator.exe upx behavioral2/memory/1008-11-0x0000000000400000-0x000000000045E000-memory.dmp upx -
Adds Run key to start application 2 TTPs 3 IoCs
Processes:
4d54a66058ea3a0431ebb452b153f1ef.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\InetAccelerator = "C:\\Windows\\system32\\InetAccelerator.exe" 4d54a66058ea3a0431ebb452b153f1ef.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\InetAccelerator. = "C:\\ProgramData\\InetAccelerator\\InetAccelerator.exe" 4d54a66058ea3a0431ebb452b153f1ef.exe Set value (str) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\InetAccelerator = "C:\\Users\\Admin\\AppData\\Roaming\\InetAccelerator\\InetAccelerator.exe" 4d54a66058ea3a0431ebb452b153f1ef.exe -
Drops file in System32 directory 2 IoCs
Processes:
4d54a66058ea3a0431ebb452b153f1ef.exedescription ioc process File created C:\Windows\SysWOW64\InetAccelerator.exe 4d54a66058ea3a0431ebb452b153f1ef.exe File opened for modification C:\Windows\SysWOW64\InetAccelerator.exe 4d54a66058ea3a0431ebb452b153f1ef.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
4d54a66058ea3a0431ebb452b153f1ef.exepid process 1008 4d54a66058ea3a0431ebb452b153f1ef.exe 1008 4d54a66058ea3a0431ebb452b153f1ef.exe 1008 4d54a66058ea3a0431ebb452b153f1ef.exe 1008 4d54a66058ea3a0431ebb452b153f1ef.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\InetAccelerator\InetAccelerator.exeFilesize
139KB
MD54d54a66058ea3a0431ebb452b153f1ef
SHA1ad84dd360a54cddf3c193b107a77036590698a95
SHA256cee058c4c7585c0c68a5c539d8dd048444721f3d0d02e9bce6077dd7c226c1c8
SHA512d01a4eaf5c22e1ac2525d82e30c12cc79174a2f3f04a5c39de41d29897fea51cb0b5eac48e70f4d900af1716dc347c1dfc9d4610c976a5e8f960355a6f0e6131
-
memory/1008-0-0x0000000000400000-0x000000000045E000-memory.dmpFilesize
376KB
-
memory/1008-11-0x0000000000400000-0x000000000045E000-memory.dmpFilesize
376KB