Overview

overview

7

Static

static

3

16aa90611f...JC.exe

windows7-x64

7

16aa90611f...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-08-2023 16:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    16aa90611f367f20eacd4f384e1254e7_mafia_nionspy_JC.exe

  • Size

    280KB

  • MD5

    16aa90611f367f20eacd4f384e1254e7

  • SHA1

    43e4e2be7e578ee8fcd6f55bf443d98b077039d9

  • SHA256

    5e9cc688437de2af468f2286704c73888ba3476be3fc2f829d41b6fb01f485d8

  • SHA512

    90e2bdabff65ebc7d6baaeee3a57afeb64a2dec8c2417622e5333b274ca3689cb1bd555546f7471341dbf25a6dc99ae058e5b978f084c17b1c8c02725a1e1410

  • SSDEEP

    6144:NTz+WrPFZvTXb4RyW42vFlOloh2E+7pYUozDK:NTBPFV0RyWl3h2E+7pl

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 30 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\16aa90611f367f20eacd4f384e1254e7_mafia_nionspy_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\16aa90611f367f20eacd4f384e1254e7_mafia_nionspy_JC.exe"
    1⤵
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:700
    • C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_amd64\SearchIndexerDB.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_amd64\SearchIndexerDB.exe" /START "C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_amd64\SearchIndexerDB.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3772
      • C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_amd64\SearchIndexerDB.exe
        "C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_amd64\SearchIndexerDB.exe"
        3⤵
        • Executes dropped EXE
        PID:5052

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_amd64\SearchIndexerDB.exe
    Filesize

    280KB

    MD5

    a80d778931d945f8cf65537b8ff49b5b

    SHA1

    cd41a1db302b07527080f6d565c9edc2ef68ee76

    SHA256

    e61a683b7f0cbd2232b861446d0eb13f1b8ea57150e3e48a9af9acd177bfcda5

    SHA512

    3dd998d988a631a6e2c8ec273dc89ffad8591cecd3281c0294400d934b9d67574b675a01ee7920a8d446b42429c2db3e66f006292210a99ff706a9fbf74685c5

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_amd64\SearchIndexerDB.exe
    Filesize

    280KB

    MD5

    a80d778931d945f8cf65537b8ff49b5b

    SHA1

    cd41a1db302b07527080f6d565c9edc2ef68ee76

    SHA256

    e61a683b7f0cbd2232b861446d0eb13f1b8ea57150e3e48a9af9acd177bfcda5

    SHA512

    3dd998d988a631a6e2c8ec273dc89ffad8591cecd3281c0294400d934b9d67574b675a01ee7920a8d446b42429c2db3e66f006292210a99ff706a9fbf74685c5

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_amd64\SearchIndexerDB.exe
    Filesize

    280KB

    MD5

    a80d778931d945f8cf65537b8ff49b5b

    SHA1

    cd41a1db302b07527080f6d565c9edc2ef68ee76

    SHA256

    e61a683b7f0cbd2232b861446d0eb13f1b8ea57150e3e48a9af9acd177bfcda5

    SHA512

    3dd998d988a631a6e2c8ec273dc89ffad8591cecd3281c0294400d934b9d67574b675a01ee7920a8d446b42429c2db3e66f006292210a99ff706a9fbf74685c5

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\SysWOW_amd64\SearchIndexerDB.exe
    Filesize

    280KB

    MD5

    a80d778931d945f8cf65537b8ff49b5b

    SHA1

    cd41a1db302b07527080f6d565c9edc2ef68ee76

    SHA256

    e61a683b7f0cbd2232b861446d0eb13f1b8ea57150e3e48a9af9acd177bfcda5

    SHA512

    3dd998d988a631a6e2c8ec273dc89ffad8591cecd3281c0294400d934b9d67574b675a01ee7920a8d446b42429c2db3e66f006292210a99ff706a9fbf74685c5

    Download Submit