1a8c216f793eda490ac1d41634fcc5fa02fc1d5774f59c7b89b2d88c9b989d40

Analysis

max time kernel
146s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
23/09/2023, 13:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2023-08-26_36c879046504f9e342e4d9c6e823f461_mafia_JC.exe
Size

2.1MB
MD5

36c879046504f9e342e4d9c6e823f461
SHA1

251662defa2171ac4b2bb572785e94710323d197
SHA256

1a8c216f793eda490ac1d41634fcc5fa02fc1d5774f59c7b89b2d88c9b989d40
SHA512

4fecfbdb27f99cb185958c6bfa007c4455b2e380880e703563c478c663f65f3f62e0351918064b107e5b723b2b33ab92ada2ffa15552f2942910b94b080142b2
SSDEEP

49152:Hyno1CD0ErFpUQGeKD+JoEnykAP+MC589u3mxRbxJKhwnV9yjn0uH1RFpt3DhcEx:SDQErFpUQGWJBykc+Nmu3mxRbxJKeojT

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	2732	svchost.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1376	2023-08-26_36c879046504f9e342e4d9c6e823f461_mafia_JC.exe
1376	2023-08-26_36c879046504f9e342e4d9c6e823f461_mafia_JC.exe

C:\Users\Admin\AppData\Local\Temp\2023-08-26_36c879046504f9e342e4d9c6e823f461_mafia_JC.exe
"C:\Users\Admin\AppData\Local\Temp\2023-08-26_36c879046504f9e342e4d9c6e823f461_mafia_JC.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1376

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:1948

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\MeetingRoomInfo.ini

Filesize
3KB

MD5
e8cd59f1559102e3b72c87852169c305

SHA1
82b1836d76c985a224f74e8c8920f137f719a186

SHA256
f9bbcfd64f53dc17aff9956f85600a91113e8bf919d3e89f0de5cdb2e6d80801

SHA512
d0f5694ab9b79956cb2d42a81b2d2f36fcfc330f7fe911b4e30e5072a05f405915c243fdf9bd63eb87a066a803ef385c9f82b03a0ed002864def80cced75cc08

Download Submit
C:\Users\Admin\AppData\Local\Temp\MeetingRoomInfo.ini

Filesize
3KB

MD5
a409b4b70466657c1bc328b02f19dfaa

SHA1
ab23cc1eca84d293f19a226d638e41057edeefef

SHA256
6e7809568015325aced8f6d817a862fd353b89cb2bafbc6089d806cdb3244c04

SHA512
fdc55f2d230a1d9203e5d87cf4a021c70f81125d65233fd8d5466dd692ad0ffd92765262d7835662bb3a7d8d27ef36d6da81ef44a3da02ef3cd1a77c38550ecb

Download Submit
C:\Users\Admin\AppData\Local\Temp\MeetingRoomInfo.ini

Filesize
3KB

MD5
dd908c46fe248ef4b7859fba96f6979b

SHA1
d94a9eea1612571ade0e51c56edca48530e835d6

SHA256
791b540bc1fbef5d4ec6c3b4257df7e00bab01355e9e64868dfa24cd50f65903

SHA512
08d349c415da367baeffa13da3c1aa64c3acb82dde179f2398a4e9194a9e989a02b25ab12afcc1ee53735dd5f1cec43eb5dd9fb2b095d94a701990c53aeffc4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\MeetingRoomInfo.ini

Filesize
6KB

MD5
ae4735bd96e923b3bddb43694aea51b4

SHA1
c9b98071c7619065e90cc8fae2fb2daef5a83347

SHA256
bf81fb7e7f5fdc44defb121aa3c5b6fad782f1abc505f954bbf5effdc07a135e

SHA512
e40e69e35b1c245a5baf4873d3106a3231718cef3754a8586cc46811de51a3d3c4d185d4685e1519b3d6cdb3e4f9b5556aaf9778c26169db4b814e7502af7efa

Download Submit
C:\Users\Admin\AppData\Local\Temp\MeetingRoomInfo.ini

Filesize
1KB

MD5
9df3ddf68dc811e60005e35d08cf4fea

SHA1
85311da3979297c4a83960f43be489dd8bea050f

SHA256
9deddf93d86c98b8f32055e059c02a522abe62acee41d37c46a1bf0b55485640

SHA512
3cdd137bb5b902ebbe6d4440c23ac9c4119c2787196717aac6bf057a28f5b2078ad55738d5c317588bac686fbee3f100fd4631aaf7c123421273244a54f7ff5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\MeetingRoomInfo.ini

Filesize
1KB

MD5
b6290aa26c2c76339c5f84316037d569

SHA1
cad8a6d38e8c408701e00da130cda65f813d0233

SHA256
29023bffa7223f5f4c5aec2e51aa9f643465e9181fd43cd79b8924c74bdc522b

SHA512
72c34da34826bd96a19096c0db4c679f1795846c0187174cca3b0d23de3d841d04cc2b075d0347f2ed13264cfc0651ba50f59c4799b1d7bc6d8ce33377729933

Download Submit
memory/2732-298-0x000001B467C50000-0x000001B467C60000-memory.dmp

Filesize
64KB

Download
memory/2732-314-0x000001B467D50000-0x000001B467D60000-memory.dmp

Filesize
64KB

Download
memory/2732-330-0x000001B4700C0000-0x000001B4700C1000-memory.dmp

Filesize
4KB

Download
memory/2732-332-0x000001B4700E0000-0x000001B4700E1000-memory.dmp

Filesize
4KB

Download
memory/2732-333-0x000001B4700E0000-0x000001B4700E1000-memory.dmp

Filesize
4KB

Download
memory/2732-334-0x000001B470200000-0x000001B470201000-memory.dmp

Filesize
4KB

Download