mafiaware666 | ee376851cb318f77b9c8b715a09c5c0ce11043f679bb39fa5b5d67242c1c3bb9

Analysis

max time kernel
96s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
21-10-2022 11:12

Target

ee376851cb318f77b9c8b715a09c5c0ce11043f679bb39fa5b5d67242c1c3bb9.exe
Size

2.3MB
MD5

3b2d877b0316f3ec4b20b79fe664c6ce
SHA1

e004d6285d6921c788d6f5dc3ab02dc6bd9fe6d2
SHA256

ee376851cb318f77b9c8b715a09c5c0ce11043f679bb39fa5b5d67242c1c3bb9
SHA512

b4af15ee358c0e89c45cb70d3f867a5d455381fcff720411d2165cb7abd6cc43ef4f4c44ac779cc9790b35db543e8eaf60e81899b6bccb264dcc0397073882de
SSDEEP

49152:JxrztpiklXTvvObVGrhmLql8a/LEmvUGw:ucvvOe4gq

Score

10^/10

Detect MafiaWare666 ransomware 1 IoCs

resource	yara_rule
behavioral1/memory/1368-54-0x0000000000D20000-0x0000000000F68000-memory.dmp	family_mafiaware666

MafiaWare666 Ransomware
MafiaWare666 is ransomware written in C# with multiple variants.
ransomware mafiaware666

Modifies extensions of user files 10 IoCs

Ransomware generally changes the extension on encrypted files.

description	ioc	Process
File created	C:\Users\Admin\Pictures\ExitOut.raw.cyberone	ee376851cb318f77b9c8b715a09c5c0ce11043f679bb39fa5b5d67242c1c3bb9.exe
File created	C:\Users\Admin\Pictures\InstallTrace.tif.cyberone	ee376851cb318f77b9c8b715a09c5c0ce11043f679bb39fa5b5d67242c1c3bb9.exe
File created	C:\Users\Admin\Pictures\NewEnable.png.cyberone	ee376851cb318f77b9c8b715a09c5c0ce11043f679bb39fa5b5d67242c1c3bb9.exe
File opened for modification	C:\Users\Admin\Pictures\ResetDismount.tiff	ee376851cb318f77b9c8b715a09c5c0ce11043f679bb39fa5b5d67242c1c3bb9.exe
File created	C:\Users\Admin\Pictures\PingBlock.png.cyberone	ee376851cb318f77b9c8b715a09c5c0ce11043f679bb39fa5b5d67242c1c3bb9.exe
File created	C:\Users\Admin\Pictures\RenameClear.tif.cyberone	ee376851cb318f77b9c8b715a09c5c0ce11043f679bb39fa5b5d67242c1c3bb9.exe
File created	C:\Users\Admin\Pictures\ResetDismount.tiff.cyberone	ee376851cb318f77b9c8b715a09c5c0ce11043f679bb39fa5b5d67242c1c3bb9.exe
File created	C:\Users\Admin\Pictures\SwitchBlock.tif.cyberone	ee376851cb318f77b9c8b715a09c5c0ce11043f679bb39fa5b5d67242c1c3bb9.exe
File created	C:\Users\Admin\Pictures\UseLimit.tiff.cyberone	ee376851cb318f77b9c8b715a09c5c0ce11043f679bb39fa5b5d67242c1c3bb9.exe
File opened for modification	C:\Users\Admin\Pictures\UseLimit.tiff	ee376851cb318f77b9c8b715a09c5c0ce11043f679bb39fa5b5d67242c1c3bb9.exe

Drops desktop.ini file(s) 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	ee376851cb318f77b9c8b715a09c5c0ce11043f679bb39fa5b5d67242c1c3bb9.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	ee376851cb318f77b9c8b715a09c5c0ce11043f679bb39fa5b5d67242c1c3bb9.exe
File opened for modification	C:\Users\Admin\Documents\desktop.ini	ee376851cb318f77b9c8b715a09c5c0ce11043f679bb39fa5b5d67242c1c3bb9.exe

memory/1368-54-0x0000000000D20000-0x0000000000F68000-memory.dmp

Filesize
2.3MB

Download
memory/1368-55-0x0000000076071000-0x0000000076073000-memory.dmp

Filesize
8KB

Download
memory/1368-56-0x0000000004BA5000-0x0000000004BB6000-memory.dmp

Filesize
68KB

Download
memory/1368-57-0x0000000004BA5000-0x0000000004BB6000-memory.dmp

Filesize
68KB

Download