mafiaware666 | ee376851cb318f77b9c8b715a09c5c0ce11043f679bb39fa5b5d67242c1c3bb9

Analysis

max time kernel
154s
max time network
183s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
21-10-2022 11:12

Target

ee376851cb318f77b9c8b715a09c5c0ce11043f679bb39fa5b5d67242c1c3bb9.exe
Size

2.3MB
MD5

3b2d877b0316f3ec4b20b79fe664c6ce
SHA1

e004d6285d6921c788d6f5dc3ab02dc6bd9fe6d2
SHA256

ee376851cb318f77b9c8b715a09c5c0ce11043f679bb39fa5b5d67242c1c3bb9
SHA512

b4af15ee358c0e89c45cb70d3f867a5d455381fcff720411d2165cb7abd6cc43ef4f4c44ac779cc9790b35db543e8eaf60e81899b6bccb264dcc0397073882de
SSDEEP

49152:JxrztpiklXTvvObVGrhmLql8a/LEmvUGw:ucvvOe4gq

Score

10^/10

Detect MafiaWare666 ransomware 1 IoCs

resource	yara_rule
behavioral2/memory/4056-132-0x00000000004C0000-0x0000000000708000-memory.dmp	family_mafiaware666

MafiaWare666 Ransomware
MafiaWare666 is ransomware written in C# with multiple variants.
ransomware mafiaware666

Modifies extensions of user files 5 IoCs

Ransomware generally changes the extension on encrypted files.

description	ioc	Process
File created	C:\Users\Admin\Pictures\ProtectRedo.png.cyberone	ee376851cb318f77b9c8b715a09c5c0ce11043f679bb39fa5b5d67242c1c3bb9.exe
File created	C:\Users\Admin\Pictures\UnblockSet.tiff.cyberone	ee376851cb318f77b9c8b715a09c5c0ce11043f679bb39fa5b5d67242c1c3bb9.exe
File opened for modification	C:\Users\Admin\Pictures\UnblockSet.tiff	ee376851cb318f77b9c8b715a09c5c0ce11043f679bb39fa5b5d67242c1c3bb9.exe
File created	C:\Users\Admin\Pictures\CompareEnable.png.cyberone	ee376851cb318f77b9c8b715a09c5c0ce11043f679bb39fa5b5d67242c1c3bb9.exe
File created	C:\Users\Admin\Pictures\LockResize.raw.cyberone	ee376851cb318f77b9c8b715a09c5c0ce11043f679bb39fa5b5d67242c1c3bb9.exe

Drops desktop.ini file(s) 5 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Pictures\Saved Pictures\desktop.ini	ee376851cb318f77b9c8b715a09c5c0ce11043f679bb39fa5b5d67242c1c3bb9.exe
File opened for modification	C:\Users\Admin\Documents\desktop.ini	ee376851cb318f77b9c8b715a09c5c0ce11043f679bb39fa5b5d67242c1c3bb9.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	ee376851cb318f77b9c8b715a09c5c0ce11043f679bb39fa5b5d67242c1c3bb9.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	ee376851cb318f77b9c8b715a09c5c0ce11043f679bb39fa5b5d67242c1c3bb9.exe
File opened for modification	C:\Users\Admin\Pictures\Camera Roll\desktop.ini	ee376851cb318f77b9c8b715a09c5c0ce11043f679bb39fa5b5d67242c1c3bb9.exe

memory/4056-132-0x00000000004C0000-0x0000000000708000-memory.dmp

Filesize
2.3MB

Download
memory/4056-133-0x00000000056D0000-0x0000000005C74000-memory.dmp

Filesize
5.6MB

Download
memory/4056-134-0x0000000005120000-0x00000000051B2000-memory.dmp

Filesize
584KB

Download
memory/4056-135-0x00000000050C0000-0x00000000050CA000-memory.dmp

Filesize
40KB

Download