2ebb03a90db6094ac68e675cfd1cbfb3e64b20736788b4d0091571affb108707

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
06-07-2024 06:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

majorbluesscales.exe
Size

1.6MB
MD5

89f5a86b645076bdbf61890f0158161b
SHA1

bfc71f839e1fd3372ed9c040ec28a76b04ace870
SHA256

755f3c6bb6c9acf3b2a53e99976a0cd1f7092c313c56a79a1b3c15e66315d60c
SHA512

ed5931feac32333298b73bcb9f65a2c0b27a97c665da3cf462b1a27864ccbc20e66fc3a3dfa224c9af349d913ea6000b8914b5b2c246bebba29c01878cc6feff
SSDEEP

24576:jRS53NODMN3II53p8HvaIgAmJtPlTfxTUFfCxZeR:jRS534DMms3maIgrtPlTfuFBR

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Windows\win.ini	majorbluesscales.exe
File created	C:\Windows\a3kebook.ini	majorbluesscales.exe
File opened for modification	C:\Windows\akebook.ini	majorbluesscales.exe
File created	C:\Windows\akebook.ini	majorbluesscales.exe
File opened for modification	C:\Windows\ANS2000.INI	majorbluesscales.exe
File opened for modification	C:\Windows\system.ini	majorbluesscales.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main	majorbluesscales.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	majorbluesscales.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	majorbluesscales.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2804	majorbluesscales.exe
2804	majorbluesscales.exe
2804	majorbluesscales.exe
2804	majorbluesscales.exe

C:\Users\Admin\AppData\Local\Temp\majorbluesscales.exe
"C:\Users\Admin\AppData\Local\Temp\majorbluesscales.exe"
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\e\87946-111026-011617-65.a2k\index.html

Filesize
3KB

MD5
a6cc4301c959fa080900e93f32a9add9

SHA1
2da5b7fcbb566a4b7726756641c60db5ec47493f

SHA256
87eb14dc156706298cffc711b98d8f00b818c1433bbeeb263d13b7d8dea34d3e

SHA512
0e60f81713aacb85758f1dc547f5c9a7e816908d6e3ae1a13910de2bec5cabd36f660535a626b20df9754d4a167c3780f9f1c898d82f1f5d4c12eac750e152e1

Download Submit
C:\Windows\system.ini

Filesize
277B

MD5
33c1a54ad5baf8a2074c739038e91952

SHA1
8b2ad2cbaad0035707071e105223bba8f7198f8b

SHA256
3ccb00a3d5058fc197cfc94ae65a88c10919e48fa677e232244642367be18ed0

SHA512
5a0541d40a38ada1244dcda3db9c1850ceb0eb95961bb70484201e5d8eb3b3da97f4dcb8a9fb6b01ff08125d137c4accfe918bd9a80f58fe9ec3249516b61134

Download Submit
C:\Windows\win.ini

Filesize
569B

MD5
c5093a4085ee2f14a15fbfdc288ec0c4

SHA1
a35c3a1dec6e4a6481d5158415e5778c3d423853

SHA256
aab8a37ec2a877d4d0cf4c9c070fc398b49f0722b1a1f401c885435334f7664a

SHA512
a4f996874462f491c027e466e9832cf8aa028122a370dc4cd7964cfea33312afd80e0d6f2ea06634c6018df85adaa105ff87ddffa90aa22eeb14d9424f42a197

Download Submit