c07cd03f19c84c065df380bd760bbfa8180429ea845837f12ea8a64f265e4358 | Triage

Submit
Reports

Overview

overview

Static

static

MrsMajor3.0.exe

windows10-2004-x64

Sharing

General

Target

MrsMajor3.0.exe
Size

22.1MB
Sample

220921-lwsjjagab4
MD5

41be05ddeba107c84bec48eaadb1b698
SHA1

e822d44f99418e1a4c97ead9d105277f1b0beeba
SHA256

c07cd03f19c84c065df380bd760bbfa8180429ea845837f12ea8a64f265e4358
SHA512

7a13a82de27d7d1eb9627a56c198166d724b5eb0e5b08545c7bc29838249323fd444916a5dbbd503c39a2db2aa2c598607278e8a129f99c984817e867a41f58b
SSDEEP

49152:3QEde0LgY0YPAb/ArM7WzgEhDpYNnCAGTtaha+OGA+dZDBlF26COKn1F/ufwTRra:3Qz+04D+i4DBz2NHlruSSDll

Score

10^/10

microsoft discovery evasion exploit persistence phishing ransomware trojan

Static task

static1

Behavioral task

behavioral1

Sample

MrsMajor3.0.exe

Resource

win10v2004-20220812-en

microsoft discovery evasion exploit persistence phishing ransomware trojan

windows10-2004-x64

28 signatures

300 seconds

Malware Config

Targets

- Target
  
  MrsMajor3.0.exe
- Size
  
  22.1MB
- MD5
  
  41be05ddeba107c84bec48eaadb1b698
- SHA1
  
  e822d44f99418e1a4c97ead9d105277f1b0beeba
- SHA256
  
  c07cd03f19c84c065df380bd760bbfa8180429ea845837f12ea8a64f265e4358
- SHA512
  
  7a13a82de27d7d1eb9627a56c198166d724b5eb0e5b08545c7bc29838249323fd444916a5dbbd503c39a2db2aa2c598607278e8a129f99c984817e867a41f58b
- SSDEEP
  
  49152:3QEde0LgY0YPAb/ArM7WzgEhDpYNnCAGTtaha+OGA+dZDBlF26COKn1F/ufwTRra:3Qz+04D+i4DBz2NHlruSSDll
Score

10^/10

microsoft discovery evasion exploit persistence phishing ransomware trojan
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Downloads MZ/PE file
- Executes dropped EXE
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Modify Registry

Bypass User Account Control

Disabling Security Tools

File Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

Tasks

static1

behavioral1

microsoftdiscoveryevasionexploitpersistencephishingransomwaretrojan

© 2018-2024

Terms | Privacy