mafiaware666 | be9ed7b1e2219fb64293248dc95d0de3e74c27daa26e5f7ef743c74b58ef950d

Resubmissions

12-04-2023 11:41

31-03-2023 17:39

max time kernel
96s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
31-03-2023 17:39

Target

Ransomware.exe
Size

322KB
MD5

39f33d6842fa6495ccd7a41e8ddcb9b8
SHA1

61cd2b3e22e2e6e514d611d3154e001f7e9fd195
SHA256

416d2f821b7cb984859cfce43be981c5c9bc1489446ba41951c041d5801b65cb
SHA512

97e8b15b82b70efebbf5cbfbbd4ac4925a7300049f5866bf01b59396de43c633342b5bc2ed657aae573c9f77e2dd20fe67234110aef048c49a2af9c8bd45dc29
SSDEEP

3072:iMMFnguNpdYSkMXV2KMMEuWgY792XaY6UTuuAk2usbA+klAGPqhdp4efHxub8ehY:ideMXVeuWgY79OWpmq/yQxuAeS9Jb/

Score

10^/10

Detect MafiaWare666 ransomware 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1692-54-0x0000000000160000-0x00000000001B6000-memory.dmp	family_mafiaware666

MafiaWare666 Ransomware
MafiaWare666 is ransomware written in C# with multiple variants.
ransomware mafiaware666

Modifies extensions of user files 4 IoCs

Ransomware generally changes the extension on encrypted files.

Processes:

Ransomware.exe

description	ioc	process
File created	C:\Users\Admin\Pictures\DisconnectSkip.crw.Locked	Ransomware.exe
File created	C:\Users\Admin\Pictures\ResolveApprove.tiff.Locked	Ransomware.exe
File opened for modification	C:\Users\Admin\Pictures\ResolveApprove.tiff	Ransomware.exe
File created	C:\Users\Admin\Pictures\ResolveUnblock.crw.Locked	Ransomware.exe

Drops desktop.ini file(s) 3 IoCs

Processes:

Ransomware.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	Ransomware.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	Ransomware.exe
File opened for modification	C:\Users\Admin\Documents\desktop.ini	Ransomware.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

Ransomware.exe

memory/1692-54-0x0000000000160000-0x00000000001B6000-memory.dmp

Filesize
344KB

Download
memory/1692-55-0x0000000004270000-0x00000000042B0000-memory.dmp

Filesize
256KB

Download
memory/1692-56-0x0000000004270000-0x00000000042B0000-memory.dmp

Filesize
256KB

Download
memory/1692-83-0x0000000004270000-0x00000000042B0000-memory.dmp

Filesize
256KB

Download
memory/1692-87-0x0000000004270000-0x00000000042B0000-memory.dmp

Filesize
256KB

Download