Overview

overview

7

Static

static

3

ad80e06eb6...JC.exe

windows7-x64

7

ad80e06eb6...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/08/2023, 15:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ad80e06eb653195c9200caaf0e8a23dc_mafia_nionspy_JC.exe

  • Size

    327KB

  • MD5

    ad80e06eb653195c9200caaf0e8a23dc

  • SHA1

    3ccb6eeb927e6e195ff7c66642d208c84604c62b

  • SHA256

    76e1cc15f9690c188b01bcf6aaa8efc26074dbbe234ebc1ecbd3cd859a52a0c7

  • SHA512

    0ec2f081e7819fb80c27c8e80564bb4c80bdb327324a7c296b817e22ea035627328adb4a2a6eaf2bd53a07a274b669a67117c6575903a8d2f22c0998423687a7

  • SSDEEP

    6144:92+JS2sFafI8U0obHCW/2a7XQcsPMjVWrG8KgbPzDh:92TFafJiHCWBWPMjVWrXK0

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 30 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ad80e06eb653195c9200caaf0e8a23dc_mafia_nionspy_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\ad80e06eb653195c9200caaf0e8a23dc_mafia_nionspy_JC.exe"
    1⤵
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2904
    • C:\Users\Admin\AppData\Roaming\Microsoft\SView\csrssys.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\SView\csrssys.exe" /START "C:\Users\Admin\AppData\Roaming\Microsoft\SView\csrssys.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1120
      • C:\Users\Admin\AppData\Roaming\Microsoft\SView\csrssys.exe
        "C:\Users\Admin\AppData\Roaming\Microsoft\SView\csrssys.exe"
        3⤵
        • Executes dropped EXE
        PID:3696

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\SView\csrssys.exe
    Filesize

    327KB

    MD5

    b933dedafd831dc4f37d8da4be4b2c65

    SHA1

    7ce0153d96023db11f10d6f7a19f723e49467c00

    SHA256

    de5bfa9ab2564d8cebc49ce0d0929d89afa59e68747180a5b49a4cbbf314de2a

    SHA512

    0d6510f99bf9042df7c718419171b036d6828a6f18c64229e2e7f0741de9036cbeff90675f27f40fc7992cffdf250f0e023e14d47dba636858327fb66cdfc911

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\SView\csrssys.exe
    Filesize

    327KB

    MD5

    b933dedafd831dc4f37d8da4be4b2c65

    SHA1

    7ce0153d96023db11f10d6f7a19f723e49467c00

    SHA256

    de5bfa9ab2564d8cebc49ce0d0929d89afa59e68747180a5b49a4cbbf314de2a

    SHA512

    0d6510f99bf9042df7c718419171b036d6828a6f18c64229e2e7f0741de9036cbeff90675f27f40fc7992cffdf250f0e023e14d47dba636858327fb66cdfc911

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\SView\csrssys.exe
    Filesize

    327KB

    MD5

    b933dedafd831dc4f37d8da4be4b2c65

    SHA1

    7ce0153d96023db11f10d6f7a19f723e49467c00

    SHA256

    de5bfa9ab2564d8cebc49ce0d0929d89afa59e68747180a5b49a4cbbf314de2a

    SHA512

    0d6510f99bf9042df7c718419171b036d6828a6f18c64229e2e7f0741de9036cbeff90675f27f40fc7992cffdf250f0e023e14d47dba636858327fb66cdfc911

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\SView\csrssys.exe
    Filesize

    327KB

    MD5

    b933dedafd831dc4f37d8da4be4b2c65

    SHA1

    7ce0153d96023db11f10d6f7a19f723e49467c00

    SHA256

    de5bfa9ab2564d8cebc49ce0d0929d89afa59e68747180a5b49a4cbbf314de2a

    SHA512

    0d6510f99bf9042df7c718419171b036d6828a6f18c64229e2e7f0741de9036cbeff90675f27f40fc7992cffdf250f0e023e14d47dba636858327fb66cdfc911

    Download Submit