Overview

overview

7

Static

static

3

2024-01-11...py.exe

windows7-x64

7

2024-01-11...py.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    123s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    12-01-2024 06:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-11_98462100c1d0f5ba0d31c5ccec1d4e6c_mafia_nionspy.exe

  • Size

    280KB

  • MD5

    98462100c1d0f5ba0d31c5ccec1d4e6c

  • SHA1

    c294aed020960fc3966830a743b0a95c6ff89317

  • SHA256

    63845e9634a6e29a742672bf3f8839042e3ba5e555a4721fb0ddd36b12d44636

  • SHA512

    2115fa9cc02f20e7f487d5eb87b14893228e6606f308b862c648c8471c3039194b4cc41abfa32fa7dad29a7e173aa36014bc900c5aa03530da9894c95f170489

  • SSDEEP

    6144:/Tz+WrPFZvTXb4RyW42vFlOloh2E+7pYUozDK:/TBPFV0RyWl3h2E+7pl

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-11_98462100c1d0f5ba0d31c5ccec1d4e6c_mafia_nionspy.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-11_98462100c1d0f5ba0d31c5ccec1d4e6c_mafia_nionspy.exe"
    1⤵
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2312
    • C:\Users\Admin\AppData\Roaming\Microsoft\SView\csrssys.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\SView\csrssys.exe" /START "C:\Users\Admin\AppData\Roaming\Microsoft\SView\csrssys.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2752
  • C:\Users\Admin\AppData\Roaming\Microsoft\SView\csrssys.exe
    "C:\Users\Admin\AppData\Roaming\Microsoft\SView\csrssys.exe"
    1⤵
    • Executes dropped EXE
    PID:2600

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\SView\csrssys.exe
    Filesize

    278KB

    MD5

    28f4ac9b76eb91c56a072b1f34466425

    SHA1

    f5128b0dd30ea1ced1334d8f9e5cc41aafe2d851

    SHA256

    06aee6a795abf8205cacc797c7e81ec6fde66d638307bee452c7f9037fe0305f

    SHA512

    e0d07211d17ea72e1043284937454216b95bcb85436e435c1dcb221c0a80c6aef2b58353d008cbd8d33dbd4724350cdc47ae1786c532fb22c3cc4a52cbf60b02

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\SView\csrssys.exe
    Filesize

    115KB

    MD5

    c2d1be67683b282769b497083aff3e7e

    SHA1

    fef6923a3b8777727cf482f58b73d79f3b7af457

    SHA256

    53682a3fbdbb3ad8c5a9dd12add1da33847e671c472300b5265bd8237d0dfbb3

    SHA512

    8bfd005974dc4b85348862bf00c2edc50b8050be0928188e3794508093e0fc80d8ea59efb221c6ead7709dbb19b2f0c67380a2f4e9d2a9b702fddaef0dc3665c

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\SView\csrssys.exe
    Filesize

    144KB

    MD5

    345daadc4ceee10635fbe6f68734d48e

    SHA1

    5c1972b5a0bacd0b1da7874448e104d13c453580

    SHA256

    d5066dfdca979319c4e6ffa714eba268041c4809db9fa7271a4de09e9e042185

    SHA512

    8878dfa466eacf6d292a5ffa397751e5808088fc871d528e39f1549148d8af3fc2550ed1cd391d221017b12b39a91a17b0ec43b5f7117546b84c1eadad5bde0a

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\SView\csrssys.exe
    Filesize

    131KB

    MD5

    de7a0afffb5db93d17303c3012108892

    SHA1

    62a219b73356e607fb9e6a4812a146b06effbfc8

    SHA256

    00316448c7bb44888033ac04eb611d29abc8a9c357005870f23e30c2f80aff27

    SHA512

    87470c6a9336ff082e373f883e6d43ee85fdadc62aa63d58549b33dda58541e059f308fcac43af2295a0018faa04b5a86e4e7243d847f47daa7c325c06e29dee

    Download Submit

  • \Users\Admin\AppData\Roaming\Microsoft\SView\csrssys.exe
    Filesize

    129KB

    MD5

    ec74a94cb4ac7f2fd4e34594977ade30

    SHA1

    c4de23ef6a6faf83c80d136ef60437edc1a19cfe

    SHA256

    d18386f3ee3406951aae6f910c6e4f263468fbd2a60ccd373ad73a874369c634

    SHA512

    ce6a6743181fc59106341e1c03611192c6f3c4257ceddc5b5c1c875f86efb8ed232df3c637d6478deca27c905c1f4a1d18707fbc4fe2008ac1fd7c58a92cce8d

    Download Submit

  • \Users\Admin\AppData\Roaming\Microsoft\SView\csrssys.exe
    Filesize

    44KB

    MD5

    2edebcb488e490899e4162f497c1ad0c

    SHA1

    aba7d31dc709e21e7851df9f088fac5d2213d646

    SHA256

    96d83c3b5b9d604310a472625255ad7fe2cb63f90dc9ed8a8937c775829014a5

    SHA512

    41b964c632ea2d612239faa598fec3034f43b6f196c100f38cad48cf9e8e8d390e69293ea6b9233ccf8cc02599e602f9a45c8f8acdc2882d0599b7d3e79e6d6f

    Download Submit

  • \Users\Admin\AppData\Roaming\Microsoft\SView\csrssys.exe
    Filesize

    108KB

    MD5

    5a1892e78be3c857b95a448ac78f15e9

    SHA1

    41fdbdb401edb0db4fdaa5456dddbc9f858a6cb3

    SHA256

    85af513596305c383ecbbbb53591485e8e4ba97252d82636cec73ddb54b076da

    SHA512

    728c9aff5041b1ae02c390e3e8834e527b724384dd8871d1035db22bb920f78e5986c5440f6a640d91027b8ff52b77ba2ecaae85a5ff8d44ab7bab48cc2b4207

    Download Submit