analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

c586f30

Full analysis: https://app.any.run/tasks/8242450d-0ea9-40ce-b516-e38d7fd9b228
Verdict: Malicious activity
Analysis date: July 17, 2019, 08:45:14
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-msaccess
File info: Microsoft Access Database
MD5:

3A702EFF51C07FCA23ACA8DD2F6D10EC

SHA1:

2FA5CE680BFE182C07BF3320479BC272B3D3205E

SHA256:

C586F306880E9EE26997057B0FC430B0D330C59E24AE45B91F3C6A0D885937E7

SSDEEP:

12288:unFabEY24Nun3poypgF+5qrfwHBh0cwq0t7e7/cqXQA/zylO/:UwbEYa3poS3/0cwa7/cc1

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Application was dropped or rewritten from another process

      • cym_16001380430BD84B24.exe (PID: 3460)
    • Unusual execution from Microsoft Office

      • MSACCESS.EXE (PID: 3444)
  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • MSACCESS.EXE (PID: 3444)
    • Creates files in the user directory

      • MSACCESS.EXE (PID: 3444)
  • INFO

    • Reads Microsoft Office registry keys

      • MSACCESS.EXE (PID: 3444)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.mdb | Microsoft Jet DB (90.9)
.pi2 | DEGAS med-res bitmap (9)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
drop and start start msaccess.exe cym_16001380430bd84b24.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3444"C:\Program Files\Microsoft Office\Office14\MSACCESS.EXE" /NOSTARTUP "C:\Users\admin\Desktop\c586f30.mdb" %2 %3 %4 %5 %6 %7 %8 %9C:\Program Files\Microsoft Office\Office14\MSACCESS.EXE
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Access
Version:
14.0.6024.1000
3460"C:\Users\admin\AppData\Local\Temp\cym_16001380430BD84B24.exe" C:\Users\admin\AppData\Local\Temp\cym_16001380430BD84B24.exeMSACCESS.EXE
User:
admin
Integrity Level:
MEDIUM
Total events
694
Read events
662
Write events
0
Delete events
0

Modification events

No data
Executable files
1
Suspicious files
0
Text files
0
Unknown types
1

Dropped files

PID
Process
Filename
Type
3444MSACCESS.EXEC:\Users\admin\AppData\Local\Temp\CVRD253.tmp.cvr
MD5:
SHA256:
3444MSACCESS.EXEC:\Users\admin\AppData\Roaming\Microsoft\Access\System.mdwmdw
MD5:FE5A91F3DBBAA3AE36006B404926DA1A
SHA256:5BA245EDD8E5E3750C8AA3C4EAE7E318766867176B8E992C3277FA47DD7FCC10
3444MSACCESS.EXEC:\Users\admin\AppData\Local\Temp\cym_16001380430BD84B24.exeexecutable
MD5:E7BC3273C63BEE1F850A97C2F5809CEA
SHA256:CCDABC0D58E69AF33D39F01DBD8A1737F9AE0F8CC293603C53401373653B123A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
Process
Message
MSACCESS.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Access\System.mdw