ff2bdda467b3bcee317cd6d270e6b449efcf2d42ca8360e10c6e2856e5402b04

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
31/10/2023, 17:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.2023-09-07_8b4c763cc74a9f0d6b996f02cc1791b6_mafia_JC.exe
Size

1.8MB
MD5

8b4c763cc74a9f0d6b996f02cc1791b6
SHA1

15fb65229458f74666265547b37e2cc5fd109645
SHA256

ff2bdda467b3bcee317cd6d270e6b449efcf2d42ca8360e10c6e2856e5402b04
SHA512

16b3e2b879fdc64ebdc1e4601906d469ab58f41e040876b9d4006f6c607186236bcba294ddbd49a342e27e05ab5853e589487aa02b8c8f114773af2bfa5fce57
SSDEEP

49152:B+Utaeu9O4j12BDoJ178C4TlUeXvp3cQ7HVSeLnMqChI3OeFqHLxngXFv:meu9PR2uJ1D4TlUeXvp3cQ7HgeLbjgHw

Score

1^/10

Malware Config

Signatures

Modifies registry class 19 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MarkdownEditor.Document\shell\printto	NEAS.2023-09-07_8b4c763cc74a9f0d6b996f02cc1791b6_mafia_JC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.md	NEAS.2023-09-07_8b4c763cc74a9f0d6b996f02cc1791b6_mafia_JC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.md\ShellNew	NEAS.2023-09-07_8b4c763cc74a9f0d6b996f02cc1791b6_mafia_JC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MarkdownEditor.Document\ = "MarkdownEditor.Document"	NEAS.2023-09-07_8b4c763cc74a9f0d6b996f02cc1791b6_mafia_JC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MarkdownEditor.Document\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\NEAS20~1.EXE,1"	NEAS.2023-09-07_8b4c763cc74a9f0d6b996f02cc1791b6_mafia_JC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MarkdownEditor.Document\shell\open\command	NEAS.2023-09-07_8b4c763cc74a9f0d6b996f02cc1791b6_mafia_JC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MarkdownEditor.Document\shell\open	NEAS.2023-09-07_8b4c763cc74a9f0d6b996f02cc1791b6_mafia_JC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MarkdownEditor.Document	NEAS.2023-09-07_8b4c763cc74a9f0d6b996f02cc1791b6_mafia_JC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MarkdownEditor.Document\shell	NEAS.2023-09-07_8b4c763cc74a9f0d6b996f02cc1791b6_mafia_JC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.md\ = "MarkdownEditor.Document"	NEAS.2023-09-07_8b4c763cc74a9f0d6b996f02cc1791b6_mafia_JC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.md\ShellNew\NullFile	NEAS.2023-09-07_8b4c763cc74a9f0d6b996f02cc1791b6_mafia_JC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MarkdownEditor.Document\AppUserModelID = "MarkdownEditor.AppID.NoVersion"	NEAS.2023-09-07_8b4c763cc74a9f0d6b996f02cc1791b6_mafia_JC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MarkdownEditor.Document\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\NEAS20~1.EXE \"%1\""	NEAS.2023-09-07_8b4c763cc74a9f0d6b996f02cc1791b6_mafia_JC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MarkdownEditor.Document\shell\printto\command	NEAS.2023-09-07_8b4c763cc74a9f0d6b996f02cc1791b6_mafia_JC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MarkdownEditor.Document\shell\printto\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\NEAS20~1.EXE /pt \"%1\" \"%2\" \"%3\" \"%4\""	NEAS.2023-09-07_8b4c763cc74a9f0d6b996f02cc1791b6_mafia_JC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MarkdownEditor.Document\DefaultIcon	NEAS.2023-09-07_8b4c763cc74a9f0d6b996f02cc1791b6_mafia_JC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MarkdownEditor.Document\shell\print\command	NEAS.2023-09-07_8b4c763cc74a9f0d6b996f02cc1791b6_mafia_JC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MarkdownEditor.Document\shell\print	NEAS.2023-09-07_8b4c763cc74a9f0d6b996f02cc1791b6_mafia_JC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MarkdownEditor.Document\shell\print\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\NEAS20~1.EXE /p \"%1\""	NEAS.2023-09-07_8b4c763cc74a9f0d6b996f02cc1791b6_mafia_JC.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2572	NEAS.2023-09-07_8b4c763cc74a9f0d6b996f02cc1791b6_mafia_JC.exe
2572	NEAS.2023-09-07_8b4c763cc74a9f0d6b996f02cc1791b6_mafia_JC.exe
2572	NEAS.2023-09-07_8b4c763cc74a9f0d6b996f02cc1791b6_mafia_JC.exe
2572	NEAS.2023-09-07_8b4c763cc74a9f0d6b996f02cc1791b6_mafia_JC.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-07_8b4c763cc74a9f0d6b996f02cc1791b6_mafia_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-07_8b4c763cc74a9f0d6b996f02cc1791b6_mafia_JC.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2572

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads