Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
28-01-2024 02:32
Behavioral task
behavioral1
Sample
7bea8b8826a210e63595f90dd2f02b1a.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
7bea8b8826a210e63595f90dd2f02b1a.exe
Resource
win10v2004-20231215-en
General
-
Target
7bea8b8826a210e63595f90dd2f02b1a.exe
-
Size
139KB
-
MD5
7bea8b8826a210e63595f90dd2f02b1a
-
SHA1
7282afb77e54b750cdf4028f2bc3d9919cd4907a
-
SHA256
e089bff514be911e3abcd9c45d35193e91d12b521381a48d6408b2f8359a7d14
-
SHA512
0e24e1f918fc80b10b1cf7a84b0c0d23c6228c08a1122aa15ec59175f4ac8422cfef5fd2b7153e9df34f89b9f5777936fa5e3bd6745efabe1cd35d5156ddc0ef
-
SSDEEP
3072:bxWqPmyFTG1UH55L+37rrgiYP/oX7DotGL2DjxWn:bxWizFTGyH6X8e7z2fxW
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 2 IoCs
Processes:
7bea8b8826a210e63595f90dd2f02b1a.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit = "C:\\ProgramData\\InetAccelerator\\InetAccelerator.exe,userinit.exe," 7bea8b8826a210e63595f90dd2f02b1a.exe Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\shell = "C:\\Users\\Admin\\AppData\\Roaming\\InetAccelerator\\InetAccelerator.exe,Explorer.exe," 7bea8b8826a210e63595f90dd2f02b1a.exe -
Processes:
resource yara_rule behavioral1/memory/2268-0-0x0000000000400000-0x000000000045E000-memory.dmp upx C:\Users\Admin\AppData\Roaming\InetAccelerator\InetAccelerator.exe upx behavioral1/memory/2268-82-0x0000000000400000-0x000000000045E000-memory.dmp upx behavioral1/memory/2268-854-0x0000000000400000-0x000000000045E000-memory.dmp upx -
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
7bea8b8826a210e63595f90dd2f02b1a.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Run\InetAccelerator = "C:\\Users\\Admin\\AppData\\Roaming\\InetAccelerator\\InetAccelerator.exe" 7bea8b8826a210e63595f90dd2f02b1a.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\InetAccelerator. = "C:\\ProgramData\\InetAccelerator\\InetAccelerator.exe" 7bea8b8826a210e63595f90dd2f02b1a.exe -
Drops file in System32 directory 2 IoCs
Processes:
7bea8b8826a210e63595f90dd2f02b1a.exedescription ioc process File opened for modification C:\Windows\System32\InetAccelerator.exe 7bea8b8826a210e63595f90dd2f02b1a.exe File created C:\Windows\System32\InetAccelerator.exe 7bea8b8826a210e63595f90dd2f02b1a.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Processes:
7bea8b8826a210e63595f90dd2f02b1a.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main 7bea8b8826a210e63595f90dd2f02b1a.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
7bea8b8826a210e63595f90dd2f02b1a.exepid process 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
7bea8b8826a210e63595f90dd2f02b1a.exepid process 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe 2268 7bea8b8826a210e63595f90dd2f02b1a.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\7bea8b8826a210e63595f90dd2f02b1a.exe"C:\Users\Admin\AppData\Local\Temp\7bea8b8826a210e63595f90dd2f02b1a.exe"1⤵
- Modifies WinLogon for persistence
- Adds Run key to start application
- Drops file in System32 directory
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\InetAccelerator\InetAccelerator.exeFilesize
139KB
MD57bea8b8826a210e63595f90dd2f02b1a
SHA17282afb77e54b750cdf4028f2bc3d9919cd4907a
SHA256e089bff514be911e3abcd9c45d35193e91d12b521381a48d6408b2f8359a7d14
SHA5120e24e1f918fc80b10b1cf7a84b0c0d23c6228c08a1122aa15ec59175f4ac8422cfef5fd2b7153e9df34f89b9f5777936fa5e3bd6745efabe1cd35d5156ddc0ef
-
memory/2268-0-0x0000000000400000-0x000000000045E000-memory.dmpFilesize
376KB
-
memory/2268-82-0x0000000000400000-0x000000000045E000-memory.dmpFilesize
376KB
-
memory/2268-854-0x0000000000400000-0x000000000045E000-memory.dmpFilesize
376KB