Analysis

  • max time kernel
    117s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    02-03-2024 23:24

General

  • Target

    MicrosoftWindowsServicesEtc/Major.exe

  • Size

    60KB

  • MD5

    d604c29940864c64b4752d31e2deb465

  • SHA1

    c1698ea4e5d1ba1c9b78973556f97e8f6dbbdef3

  • SHA256

    da0233f5e5e9a34e8dd4f6911444ca1f3e29bb9cbd958a9f4508ac7d72ccd55d

  • SHA512

    89a4a14574ba19fe319c766add0111feeb4320c08bf75f55a898d9acc783d5a862a6433758a413cc719b9179dcf873f1c850d1084851b8fc37aa1e3deabfcf54

  • SSDEEP

    768:jfiNar/0i5A9lquoNvU4n7oDBXhVa+3Y/v2pPLo6Gyfu7q3YKdX3jj60dhfp0nQ/:4IxKWLvFn43bovQtu7qo43jjRDf4h/q

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MicrosoftWindowsServicesEtc\Major.exe
    "C:\Users\Admin\AppData\Local\Temp\MicrosoftWindowsServicesEtc\Major.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1736
    • C:\Windows\system32\wscript.exe
      "C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\5B1B.tmp\5B1C.vbs
      2⤵
        PID:2268

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\5B1B.tmp\5B1C.vbs

      Filesize

      2KB

      MD5

      9192fd494155eab424110765c751559e

      SHA1

      b54fcc1e29617b3eee1c7bb215c048498881b641

      SHA256

      cbd3b0f294e8f11592a3ad80d1070d81746f806a48183b93c345251422ccbf0d

      SHA512

      b8c48916535f3721e7f47be6af671765c3befefcd407c6ea5fabcf9ada119747408d662f61fb436f98a7c33050b6674da54dddf25e683429204a96555ec6e801