Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
05-06-2024 11:40
Static task
static1
Behavioral task
behavioral1
Sample
MAJES-2020-185 SPEED MEASURING UNIT.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
MAJES-2020-185 SPEED MEASURING UNIT.exe
Resource
win10v2004-20240508-en
General
-
Target
MAJES-2020-185 SPEED MEASURING UNIT.exe
-
Size
1.1MB
-
MD5
048337b4fd894eb96343c3d76fce75c5
-
SHA1
70b2a489f79e4df38d25aebb3d5478b2c29e9afa
-
SHA256
37d021e4b73ef9c46d7e3252ddfa4e793675f15118a4f2476da6e9dffe7055ef
-
SHA512
f84cf4dbf0afb966f852f9606635caac2dda2ca1e980df6b42d61cdd6b612f62d0069c65f2d17abea551fb1288bea59cf97c9e140b072c42752f2887cbc5f490
-
SSDEEP
24576:OB+I7M+qnlzvXrSIoVp1AbxnPIGSbiojZbmdaA:OBt7M+qtiMnPNojZbmd
Malware Config
Signatures
-
Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Oracle\VirtualBox Guest Additions MAJES-2020-185 SPEED MEASURING UNIT.exe -
Looks for VMWare Tools registry key 2 TTPs 1 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\VMware, Inc.\VMware Tools MAJES-2020-185 SPEED MEASURING UNIT.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion MAJES-2020-185 SPEED MEASURING UNIT.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion MAJES-2020-185 SPEED MEASURING UNIT.exe -
Maps connected drives based on registry 3 TTPs 2 IoCs
Disk information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum MAJES-2020-185 SPEED MEASURING UNIT.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 MAJES-2020-185 SPEED MEASURING UNIT.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
pid Process 2720 schtasks.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1568 MAJES-2020-185 SPEED MEASURING UNIT.exe 1568 MAJES-2020-185 SPEED MEASURING UNIT.exe 1568 MAJES-2020-185 SPEED MEASURING UNIT.exe 1568 MAJES-2020-185 SPEED MEASURING UNIT.exe 1568 MAJES-2020-185 SPEED MEASURING UNIT.exe 1568 MAJES-2020-185 SPEED MEASURING UNIT.exe 1568 MAJES-2020-185 SPEED MEASURING UNIT.exe 1568 MAJES-2020-185 SPEED MEASURING UNIT.exe 1568 MAJES-2020-185 SPEED MEASURING UNIT.exe 1568 MAJES-2020-185 SPEED MEASURING UNIT.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1568 MAJES-2020-185 SPEED MEASURING UNIT.exe -
Suspicious use of WriteProcessMemory 24 IoCs
description pid Process procid_target PID 1568 wrote to memory of 2720 1568 MAJES-2020-185 SPEED MEASURING UNIT.exe 31 PID 1568 wrote to memory of 2720 1568 MAJES-2020-185 SPEED MEASURING UNIT.exe 31 PID 1568 wrote to memory of 2720 1568 MAJES-2020-185 SPEED MEASURING UNIT.exe 31 PID 1568 wrote to memory of 2720 1568 MAJES-2020-185 SPEED MEASURING UNIT.exe 31 PID 1568 wrote to memory of 1776 1568 MAJES-2020-185 SPEED MEASURING UNIT.exe 33 PID 1568 wrote to memory of 1776 1568 MAJES-2020-185 SPEED MEASURING UNIT.exe 33 PID 1568 wrote to memory of 1776 1568 MAJES-2020-185 SPEED MEASURING UNIT.exe 33 PID 1568 wrote to memory of 1776 1568 MAJES-2020-185 SPEED MEASURING UNIT.exe 33 PID 1568 wrote to memory of 2844 1568 MAJES-2020-185 SPEED MEASURING UNIT.exe 34 PID 1568 wrote to memory of 2844 1568 MAJES-2020-185 SPEED MEASURING UNIT.exe 34 PID 1568 wrote to memory of 2844 1568 MAJES-2020-185 SPEED MEASURING UNIT.exe 34 PID 1568 wrote to memory of 2844 1568 MAJES-2020-185 SPEED MEASURING UNIT.exe 34 PID 1568 wrote to memory of 2168 1568 MAJES-2020-185 SPEED MEASURING UNIT.exe 35 PID 1568 wrote to memory of 2168 1568 MAJES-2020-185 SPEED MEASURING UNIT.exe 35 PID 1568 wrote to memory of 2168 1568 MAJES-2020-185 SPEED MEASURING UNIT.exe 35 PID 1568 wrote to memory of 2168 1568 MAJES-2020-185 SPEED MEASURING UNIT.exe 35 PID 1568 wrote to memory of 2808 1568 MAJES-2020-185 SPEED MEASURING UNIT.exe 36 PID 1568 wrote to memory of 2808 1568 MAJES-2020-185 SPEED MEASURING UNIT.exe 36 PID 1568 wrote to memory of 2808 1568 MAJES-2020-185 SPEED MEASURING UNIT.exe 36 PID 1568 wrote to memory of 2808 1568 MAJES-2020-185 SPEED MEASURING UNIT.exe 36 PID 1568 wrote to memory of 1532 1568 MAJES-2020-185 SPEED MEASURING UNIT.exe 37 PID 1568 wrote to memory of 1532 1568 MAJES-2020-185 SPEED MEASURING UNIT.exe 37 PID 1568 wrote to memory of 1532 1568 MAJES-2020-185 SPEED MEASURING UNIT.exe 37 PID 1568 wrote to memory of 1532 1568 MAJES-2020-185 SPEED MEASURING UNIT.exe 37
Processes
-
C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe"C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe"1⤵
- Looks for VirtualBox Guest Additions in registry
- Looks for VMWare Tools registry key
- Checks BIOS information in registry
- Maps connected drives based on registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1568 -
C:\Windows\SysWOW64\schtasks.exe"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\QwWYJconqIwjAU" /XML "C:\Users\Admin\AppData\Local\Temp\tmp906.tmp"2⤵
- Creates scheduled task(s)
PID:2720
-
-
C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe"C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe"2⤵PID:1776
-
-
C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe"C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe"2⤵PID:2844
-
-
C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe"C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe"2⤵PID:2168
-
-
C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe"C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe"2⤵PID:2808
-
-
C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe"C:\Users\Admin\AppData\Local\Temp\MAJES-2020-185 SPEED MEASURING UNIT.exe"2⤵PID:1532
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD537ba679f207c8454c730d5887784c309
SHA1af1c2056c8db23240751668c369401ffe6875161
SHA256bdd8dc6d3749820541416adf70e2d3cd47a68dd4ef6e6ea578f0b092e7191a2b
SHA5125387e1ce574160f22be14d87cb5ba0f60d25453473a66deeb26a91498e3f4b639743fbce7bd9968c06093624511ad324da649d2b637eb3fd7c87b90d45dced69