Overview

overview

7

Static

static

3

2024-01-08...py.exe

windows7-x64

7

2024-01-08...py.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    09-01-2024 06:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-08_10b79bd646e5d7a181a6add9610f126c_mafia_nionspy.exe

  • Size

    288KB

  • MD5

    10b79bd646e5d7a181a6add9610f126c

  • SHA1

    d8c66b6966cfc2bcdf2ed713b553799e05a37ea0

  • SHA256

    6e1b4a470c9b5150d47c21ac7207ce30c554e66f805dd874831e150486d3a6d3

  • SHA512

    a697411f116726f9ffcfe486ebe0cb99e66fe96e411be9a58b888ca32ad4c789c88bdae33b1bb369da89d78debf562872c3eaa352a62de36a2e64a1b0c9ab969

  • SSDEEP

    6144:TQ+Tyfx4NF67Sbq2nW82X45gc3BaLZVS0mOoC8zbzDie:TQMyfmNFHfnWfhLZVHmOog

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-08_10b79bd646e5d7a181a6add9610f126c_mafia_nionspy.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-08_10b79bd646e5d7a181a6add9610f126c_mafia_nionspy.exe"
    1⤵
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:3024
    • C:\Users\Admin\AppData\Roaming\Microsoft\Sys32\taskhostsys.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\Sys32\taskhostsys.exe" /START "C:\Users\Admin\AppData\Roaming\Microsoft\Sys32\taskhostsys.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2688
  • C:\Users\Admin\AppData\Roaming\Microsoft\Sys32\taskhostsys.exe
    "C:\Users\Admin\AppData\Roaming\Microsoft\Sys32\taskhostsys.exe"
    1⤵
    • Executes dropped EXE
    PID:2828

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Sys32\taskhostsys.exe
    Filesize

    17KB

    MD5

    0e7fb9e1f4c2af9a0e24ea71abe9081e

    SHA1

    446bb4ecb60210d8e1449db76f633f5c3587290a

    SHA256

    9b6933e04bf918ec2184fb71758e1a10f8392e660379c6d82fcb5751ab7f30e2

    SHA512

    f3ad329d1c78299197935d4ec25ea5beb18d4471bbce1057bf254d3199b1bfdc33cd3aa980ad650516c0f0d0e10509237cdfd76c6686f0377cd8209fedd0fdaa

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Sys32\taskhostsys.exe
    Filesize

    7KB

    MD5

    00a8dd3209eeb95e56a5caeaadc9abdf

    SHA1

    e1200f665da552c45763a8834bf62f2420b590b8

    SHA256

    3a79e06e1dd260927707cb79abfb2db678622c5addc014eaadc76a026a359d03

    SHA512

    9e30a820eb6568e3221cf8691bce88120231e51b25cfab82b4e3ab29be79d09a4d7c65211deff5befc9b9d7b7cafe7b42a34a01ae577e510b5afd5c6206fc9b5

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Sys32\taskhostsys.exe
    Filesize

    29KB

    MD5

    d07e2d6f7c5c9e66386887084132546e

    SHA1

    b7da92429c602e58ee6c11dca728865a9f8262ef

    SHA256

    eb9d49c2fe432f7218262adace59cd236f7040bf863ef94ced7e0fee6382bbc3

    SHA512

    f8f3f0393ded37252a62d52cfe3946a43c7f4f13c251c8227a84bc2b4ffd015f0c3d95a53ccf51e04a6fc1dc463e3361e881415675413d5b49172f992b1d2451

    Download Submit

  • \Users\Admin\AppData\Roaming\Microsoft\Sys32\taskhostsys.exe
    Filesize

    32KB

    MD5

    5abc22100c09af678036a3dbd29e6000

    SHA1

    30ae87a8d8610ebe52812f99f7af26235eed520e

    SHA256

    11481b972f20c2e3a6c79bf0e85be1d9b1521d1ae7572b095455cc14a7092fff

    SHA512

    4c80f559b0384061a1df29aa582c3981a107f000c3f0e87b1f1ae96e63a39e2826f51dbc5257de06dede2955e4aeca60b55473fc18861f55b220d92aa3198806

    Download Submit

  • \Users\Admin\AppData\Roaming\Microsoft\Sys32\taskhostsys.exe
    Filesize

    288KB

    MD5

    cdbfadb73669d8f7f9da71220a216f3a

    SHA1

    5fffc691c8ef65b5f987645743fa04655cb44895

    SHA256

    f1249312a741fc02e5c8a56f07595a876bf8e35335d3dbf8212ca8664ee63b78

    SHA512

    6da1dddda523840eb670ad092a2aaa7e4a148133efa054b69e4d85a55bcc9a4eefe4227de0f293b9e1db101c72b16368ecac289e950cd6e4a4ec57f6f4b9372f

    Download Submit