Analysis
-
max time kernel
95s -
max time network
97s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-fr -
resource tags
arch:x64arch:x86image:win10v2004-20241007-frlocale:fr-fros:windows10-2004-x64systemwindows -
submitted
12-11-2024 09:25
Static task
static1
Behavioral task
behavioral1
Sample
AccessEnum.exe
Resource
win10v2004-20241007-fr
General
-
Target
AccessEnum.exe
-
Size
170KB
-
MD5
f4cd850fdab64ffbbcc249374ba17f5b
-
SHA1
90f1abcbf60e24a03407f049ccf67bc25a945ac5
-
SHA256
a4cc61f6c7ed716e4622e12b75f05ea17e79a45f0d8bd6855c340a30ec882b47
-
SHA512
42dac16b1bcfb9244364820ab4ae9e6de719c99e70024f1820b80a9eeb049d1c9d90d73fb1045f2459a05a2c5d5a01b265b70489207f88ca06418c768d0cf790
-
SSDEEP
1536:SNxHRK4LGVq5ZrmjZ4KWWdkmVnTA6uv5RwA9YlHaeX:SHs+5ZrmjZ4KXE2sA
Malware Config
Signatures
-
Credentials from Password Stores: Windows Credential Manager 1 TTPs
Suspicious access to Credentials History.
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
AccessEnum.exedescription ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AccessEnum.exe -
Modifies registry class 2 IoCs
Processes:
AccessEnum.exedescription ioc Process Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ AccessEnum.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ AccessEnum.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
AccessEnum.exepid Process 1140 AccessEnum.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1