Overview

overview

10

Static

static

3

2024-01-25...py.exe

windows7-x64

7

2024-01-25...py.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2024 15:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-25_fb4c18480dd15904e8a452f9b3f198c8_mafia_nionspy.exe

  • Size

    288KB

  • MD5

    fb4c18480dd15904e8a452f9b3f198c8

  • SHA1

    3e2af18484ba0f03a2e7f312100fd6da5760661e

  • SHA256

    f375f846f74202c26c8c98f67d6270d37eb401375d455af0d502f14fb9ad2869

  • SHA512

    90b0ea5c6c2ef445545f40b4da6ba3d90899934ff00ee0e50b55cfa8272aa45cae93cdce63b69a9a44523493a50cdb48ff199556b707594de03083409b608995

  • SSDEEP

    6144:cQ+Tyfx4NF67Sbq2nW82X45gc3BaLZVS0mOoC8zbzDie:cQMyfmNFHfnWfhLZVHmOog

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-25_fb4c18480dd15904e8a452f9b3f198c8_mafia_nionspy.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-25_fb4c18480dd15904e8a452f9b3f198c8_mafia_nionspy.exe"
    1⤵
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2312
    • C:\Users\Admin\AppData\Roaming\Microsoft\SView\SearchIndexerDB.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\SView\SearchIndexerDB.exe" /START "C:\Users\Admin\AppData\Roaming\Microsoft\SView\SearchIndexerDB.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2804
      • C:\Users\Admin\AppData\Roaming\Microsoft\SView\SearchIndexerDB.exe
        "C:\Users\Admin\AppData\Roaming\Microsoft\SView\SearchIndexerDB.exe"
        3⤵
        • Executes dropped EXE
        PID:2576

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\SView\SearchIndexerDB.exe
    Filesize

    256KB

    MD5

    66695418c60b9574ee8bd6d246a56425

    SHA1

    3e8a825577ac9558c9158b01a9327bf6911405fd

    SHA256

    95fc8a2efb64656ba3148d796066762de15ca3dd77474bf73caaaaf7d01356d8

    SHA512

    59ffb5b823c86c2fc6a22645879caa124ee472aa4b243d480dbc2027cea60823afa2613696898cadfe2e29e64a17c52bc599db22978c344a5d86dfa373964703

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\SView\SearchIndexerDB.exe
    Filesize

    91KB

    MD5

    dc7346e89581edfa1b7cf7ecc8886ca7

    SHA1

    cbb1df763ae106cbd2e8e4d48acda0bf2b42825a

    SHA256

    d1c21cc68fbe2207c2b8b775a5e9c4f801a78663c4dafa7f389d811e0eb330a8

    SHA512

    d2978d88b21e48fe91863af06c0613c4c5c4c1b0785b1bc2c04c29b73e52bb47ad3e68ec029c7ffed28db6e9f18b680c2d3cd5a31c3b0679f5071b264400a250

    Download Submit
  • \Users\Admin\AppData\Roaming\Microsoft\SView\SearchIndexerDB.exe
    Filesize

    288KB

    MD5

    90ac4cddacc3559088480c45df719183

    SHA1

    c9b528093672841a8dc1265cf12420dad0069cad

    SHA256

    b60f93a0223222ee3cfed82236d46049bd2960c5929296b68d97202827937ff9

    SHA512

    31edc9b8d19e4c69918a158ccf3aa9523b7d1a3d932dc18230e1c7c3ebe55f0803dd8e9b50b9b1e220780b9ac7c4f608e16fb4cefc3bc81be25dc9b323a3d07e

    Download Submit
  • \Users\Admin\AppData\Roaming\Microsoft\SView\SearchIndexerDB.exe
    Filesize

    179KB

    MD5

    01850944a89f56376f195f86bfaeb06a

    SHA1

    b4fe4032455dd13ba090973add1869663811b17f

    SHA256

    afe0d64db7bcd8aefe7cd0a91c158da817c26af24170fbf62d452b59c9e8e52a

    SHA512

    8fecffdbcaf4ea8c8c165509ef2e5a743648dbfccdadc986ef78a4555a7d874af842f50b6f54cffe7901d03a83d96bffede82b569683b35166864e8b21fa120b

    Download Submit
  • \Users\Admin\AppData\Roaming\Microsoft\SView\SearchIndexerDB.exe
    Filesize

    128KB

    MD5

    2ab2e6b73367b8f568ebaa426c4b647d

    SHA1

    87b217d3cf71bba6b5850c5faa6c31bf90a89303

    SHA256

    681936f5df99189577a30c639cb77fd76c2467890736ace905eaf9f61028ac71

    SHA512

    ebde507ab02380c0eec5b5208e41c093702f19800a2d0746eb4f920e970779380cda00c2356b4a7e677666f62857cc7488d2aaf65a98a283f0ae169d34dcfc85

    Download Submit