a526f204a7f1418ffcda5aa159555dcb09f298299c736edce489089be497cae9

Analysis

max time kernel
79s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 18:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

minorbluesscales.exe
Size

1.8MB
MD5

29a7b83e76a25365dc2b4d3aade0ad06
SHA1

a95d236c7502ae0cf9d4395d916ba5786f5a4199
SHA256

f80ec1f84039b4e93216ea96b34d7c06defe66d82b5ada8f3aacc8808d6e49cd
SHA512

b1c9aa7df0657a1aa6b34784d33ab34e97df8836ff5b5f10dd48af34667314317fb098f830b60d0ad8bd7e3471ac05ab938a45902e8285923f5a90a52c4ab619
SSDEEP

24576:jRS53NODMN2I6ukgJmcbEcKaDQ0HdeqhRHdOY4:jRS534DMhEgJmcbEc/DcwxMY4

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 6 IoCs

description	ioc	Process
File created	C:\Windows\a3kebook.ini	minorbluesscales.exe
File opened for modification	C:\Windows\akebook.ini	minorbluesscales.exe
File created	C:\Windows\akebook.ini	minorbluesscales.exe
File opened for modification	C:\Windows\ANS2000.INI	minorbluesscales.exe
File opened for modification	C:\Windows\system.ini	minorbluesscales.exe
File opened for modification	C:\Windows\win.ini	minorbluesscales.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Internet Explorer\IESettingSync	minorbluesscales.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	minorbluesscales.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	minorbluesscales.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	minorbluesscales.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2252	minorbluesscales.exe
2252	minorbluesscales.exe
2252	minorbluesscales.exe
2252	minorbluesscales.exe

C:\Users\Admin\AppData\Local\Temp\minorbluesscales.exe
"C:\Users\Admin\AppData\Local\Temp\minorbluesscales.exe"
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\e\87946-111026-011541-65.a2k\index.html

Filesize
3KB

MD5
340c54c58ea4110f58558cb9ed76e20c

SHA1
479470a39d0131fd9b721c0fa91677623cba69ed

SHA256
7ca804b6204e9e35533b273937a2487f63f8ff84a628d91d80e42667c4d22aa4

SHA512
9b4b4b4ee94472d392aee95eefeb953e08d74bdbaa34f44cc2c7a14710215f84812b836363a0099cac54d5b9e191cdb22cbdb7fe792c85c7ed4bb1c64ceb0316

Download Submit
C:\Windows\system.ini

Filesize
277B

MD5
e8f605bef48ae2a7a5cdd579d4d82a15

SHA1
9577bd33817440ee88913740adaf6efef2869240

SHA256
54176c808b9deabd9fbe13d49c8fdfa9cf3cc875e423f7041493d6429dbb64ce

SHA512
cb37fd2c6c462b818cad72d1f978c321d970e1df052ddb41101efc558a2054b146b0b30cfb1675a9aef81d2ed3d82d1ff1361c70565552862648cf8a583d3cd2

Download Submit
C:\Windows\win.ini

Filesize
183B

MD5
9b0049f3d57fa0f5b98060e0a74e10e7

SHA1
876050a5fe319806d493ef7de4886574fb4c8300

SHA256
9e67ecd456b8ea09261952e5cf264385561be46d021952b6d567c4e75214fd2a

SHA512
6deabc3e70378edc8f0e2d7a13cfea807633281d5441368c27f56884447fe4dcbf6f2739fc9fe1222f0954dbb74179ab31ef7e51d0f095664fc571dc61309562

Download Submit