a526f204a7f1418ffcda5aa159555dcb09f298299c736edce489089be497cae9

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
25/06/2024, 18:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

minorbluesscales.exe
Size

1.8MB
MD5

29a7b83e76a25365dc2b4d3aade0ad06
SHA1

a95d236c7502ae0cf9d4395d916ba5786f5a4199
SHA256

f80ec1f84039b4e93216ea96b34d7c06defe66d82b5ada8f3aacc8808d6e49cd
SHA512

b1c9aa7df0657a1aa6b34784d33ab34e97df8836ff5b5f10dd48af34667314317fb098f830b60d0ad8bd7e3471ac05ab938a45902e8285923f5a90a52c4ab619
SSDEEP

24576:jRS53NODMN2I6ukgJmcbEcKaDQ0HdeqhRHdOY4:jRS534DMhEgJmcbEc/DcwxMY4

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Windows\win.ini	minorbluesscales.exe
File created	C:\Windows\a3kebook.ini	minorbluesscales.exe
File opened for modification	C:\Windows\akebook.ini	minorbluesscales.exe
File created	C:\Windows\akebook.ini	minorbluesscales.exe
File opened for modification	C:\Windows\ANS2000.INI	minorbluesscales.exe
File opened for modification	C:\Windows\system.ini	minorbluesscales.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	minorbluesscales.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	minorbluesscales.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	minorbluesscales.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2232	minorbluesscales.exe
2232	minorbluesscales.exe
2232	minorbluesscales.exe
2232	minorbluesscales.exe

C:\Users\Admin\AppData\Local\Temp\minorbluesscales.exe
"C:\Users\Admin\AppData\Local\Temp\minorbluesscales.exe"
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\e\87946-111026-011541-65.a2k\index.html

Filesize
3KB

MD5
340c54c58ea4110f58558cb9ed76e20c

SHA1
479470a39d0131fd9b721c0fa91677623cba69ed

SHA256
7ca804b6204e9e35533b273937a2487f63f8ff84a628d91d80e42667c4d22aa4

SHA512
9b4b4b4ee94472d392aee95eefeb953e08d74bdbaa34f44cc2c7a14710215f84812b836363a0099cac54d5b9e191cdb22cbdb7fe792c85c7ed4bb1c64ceb0316

Download Submit
C:\Windows\system.ini

Filesize
276B

MD5
3616fc1b75289c592d54778b656e3cd3

SHA1
6bb7fc59d103338ba159e7436a019ad221d458d0

SHA256
9bf37661457841a2c228eba3df84f5ab8c778148165ba4446d915d9a6cc1a7b6

SHA512
2975abc8660d049726138dd51dafd167219eda05bdcd986b0cc0b512e14bb9262fb875677778ad05a1b8aa807ef35a106854cf2fd2c609fd91087e30cb7f6e18

Download Submit
C:\Windows\win.ini

Filesize
569B

MD5
fb1eaafe1c01291b800545c958f7ef58

SHA1
baff7e89df4c9ad792518d2b68d9b1ac3fdff61d

SHA256
72098c70b03068ddc950527b38a7df4d75b6b6e952418e18d53b9901f66dc6eb

SHA512
68ec323204e664f2d092b54bbdaf4cacc477030626ec54d8c7a43142e8913746d02f94a6040beafeb3dc9de2e87f5809ab678ab082cca95035d8c90168be4d00

Download Submit