cb5a5d63542543a4dd71c6a23be7211bec9a57890d4aafa1e12228470589914d

Analysis

max time kernel
121s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
03-02-2024 07:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-02-03_95b20602c49e89bfa816fabb561a2cbc_mafia.exe
Size

1.4MB
MD5

95b20602c49e89bfa816fabb561a2cbc
SHA1

958999ba755d020c66dddfb4c162d00edf3c8262
SHA256

cb5a5d63542543a4dd71c6a23be7211bec9a57890d4aafa1e12228470589914d
SHA512

9b17f47ad5c9448652e5ea074476791ad0f78ed7eb6335d249ddf45765731380d3f0ac90b975a98dfd52f408885bc1888a0b812a2bfee74a30dc0bbe870a8145
SSDEEP

24576:R+qu3KXnUamt4pAEm4cut/Hp8DltH+9+NcQzsMVZW/bHQBnRvcwDqRC6TDTLr1rP:/u3K3UnBEm4n8DltH+cNcSsMV8/LQBnY

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	2024-02-03_95b20602c49e89bfa816fabb561a2cbc_mafia.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	2024-02-03_95b20602c49e89bfa816fabb561a2cbc_mafia.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	2024-02-03_95b20602c49e89bfa816fabb561a2cbc_mafia.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2228	2024-02-03_95b20602c49e89bfa816fabb561a2cbc_mafia.exe
2228	2024-02-03_95b20602c49e89bfa816fabb561a2cbc_mafia.exe

C:\Users\Admin\AppData\Local\Temp\2024-02-03_95b20602c49e89bfa816fabb561a2cbc_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-02-03_95b20602c49e89bfa816fabb561a2cbc_mafia.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\8731-79f7-0d29-fb90\css\ie.css

Filesize
48B

MD5
dd342be525372f9f85aae3a75c7b0ea0

SHA1
41c7b8f3fa1741e23fc311320ff1e9aa376887c8

SHA256
624bfd434580c9734162a09d758df7e1e4770dfbbb5b30a59f2c0a89966ea817

SHA512
bc5d2808c4ecec7e4f216c9aa3667edb7ec9ab228cbf7f36814c0b9652f5c386f319a3326dbdea4e0cd4e1733a5815a04d0ce73739aaeb26f9570fe4314078f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\8731-79f7-0d29-fb90\css\main.css

Filesize
1KB

MD5
46a3c11603f66d03c9bc6d0bdc316266

SHA1
52c37ebb8892eec4cb393b6f9373199639647035

SHA256
21d21962436ff9336a4aee3aaa59c431099f46ab5dfda02e3000e7df3b9a6bb7

SHA512
4bf34ca4d83bfca3a6dbfd9e2b23064feb777355c9de6c977a4335fe66dc059b80523d8a82f99ac0fcd02dae4e47b808f3ca7392becf7a0eb9cf65e7e98e944f

Download Submit
C:\Users\Admin\AppData\Local\Temp\8731-79f7-0d29-fb90\css\reset.css

Filesize
1015B

MD5
626051fa84406cc381bc2de13764a375

SHA1
013a3c4d3dce1e6e4bac756c042d5c9f79dc9d01

SHA256
02199a3a74aa01644afe138e531c68a97bd44616553748399d12bd25a19d3ba3

SHA512
cd7d082bccf9f4e04cc3aa03e0e54fe9cc459a6fa2af7659e664c716a99ebb448318ba93a4a294f99939e1fa89aa3ffbefd3711fe6c419308f6d5da11a86075a

Download Submit
C:\Users\Admin\AppData\Local\Temp\8731-79f7-0d29-fb90\index.html

Filesize
8KB

MD5
8034ad8d4c9d5cc63880cb33114316f0

SHA1
535d66a62053b336a91ad98417ea41fc0e4e768a

SHA256
b79f79c6a313d8a88a356383d48feef268a69a13d6d7739ee2f72896f323f0b4

SHA512
95054ae24f68e8e5376f4dd51b75697be919813be7bec937e73770e74f05d06ceb7863406ee45ed17b59bf797df4c61a54247d5d44d53fbddb2fea40d4215364

Download Submit
C:\Users\Admin\AppData\Local\Temp\8731-79f7-0d29-fb90\js\application.js

Filesize
15KB

MD5
fe28c28b8e70060e44eb4bad9ff670ea

SHA1
3ef3a060709ee3e7ff090cdcb1b36665d0feb7d2

SHA256
7eb52dcd63dc08f3b1c05f68093e715247e45b5956942d8861f90a195c1395d5

SHA512
a1268b4ead52272412d09738a8aa8e939078276af9c8d5cecfc745d66e70e57f00d841cf325525f3c085fc7566f8a7639aac6d40d8a0af61ac32a17073c6718a

Download Submit
C:\Users\Admin\AppData\Local\Temp\8731-79f7-0d29-fb90\js\close_handler.js

Filesize
896B

MD5
c4acf73977e03ccc8dfcf5d7a10edab9

SHA1
6558b605aa4226e4ffdfbce82f739b5855c8e45a

SHA256
714d3323b24c9270ecf1aa171db12796b3fc1cc3ee774a8a2675ba21eab89edb

SHA512
9059d4b9ecc788f5971bc9398047b23412cfa182a4c84ce4c2bd0f0b7d041de6e6550938aae7648f2ffd125d6be8d2a4da6a52ba51b6ef0f533d8260b152c448

Download Submit
C:\Users\Admin\AppData\Local\Temp\8731-79f7-0d29-fb90\js\jquery-1.10.2.min.js

Filesize
90KB

MD5
628072e7212db1e8cdacb22b21752cda

SHA1
0511abe9863c2ea7084efa7e24d1d86c5b3974f1

SHA256
0ba081f546084bd5097aa8a73c75931d5aa1fc4d6e846e53c21f98e6a1509988

SHA512
3aa68568ff2592ead412a0c7f5c39abc37ac562f00b7c16af07cd5eff881aadce77ec71040b36c0ad9c2d2aa4edd7744fa72b0f44cb8b485d4f283b1b49c2141

Download Submit
C:\Users\Admin\AppData\Local\Temp\8731-79f7-0d29-fb90\js\json2.js

Filesize
17KB

MD5
f97cd64fa7f3d3d3728786288fef56c8

SHA1
adccfcf83e6ffb151f7853cd70b76c50028cf512

SHA256
49341399c4801527cc40f534238ec5bfb28e4f88a219d094f0a9d339107d7f26

SHA512
d96eaae1d617c74c023ec230e7fe84d6036771adf8f4af5bab97ed113f2a78e50345a5c58f4e04e040b6c31587be2198cdf4f482d45fa9d26075070123ff06c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\8731-79f7-0d29-fb90\js\reactive.js

Filesize
3KB

MD5
03f91c5946bbcb32432f6d21c1560071

SHA1
b1a650969ffe3819ceeb858a0bd67f3985c0627b

SHA256
d6ea40f41fa496744b8682e527890dc597c1b8b9d8cbd5b5999ae3989d2b1161

SHA512
f3d5cd5a1f97dd9eb21ef93d35595354b0d66c624e14855a24b9b641d70549091df543b4a40b246e8c8f63ff7a4d517a777fc25f3b92998962b417a4b0d5eecf

Download Submit
C:\Users\Admin\AppData\Local\Temp\8731-79f7-0d29-fb90\js\select_disable.js

Filesize
190B

MD5
32488d0c21111c2b0a56bbb531e60090

SHA1
312fd13b337041658e69018b60db23074673ecee

SHA256
42b279194f0aaaf74b5aefe7ebbb19f6fc8006445f75047177f08dbde5cfa9e6

SHA512
ef2cff9b8f74dbd495796589f5dc0122e63133fc833e38549c71c3b8bd669f11a61b6a2c41effea71cebf2df3647b01750ed0a59341c7ca4d36a35b6bcc0af44

Download Submit
C:\Users\Admin\AppData\Local\Temp\8731-79f7-0d29-fb90\js\set_title.js

Filesize
275B

MD5
44231a11264b3a740c1382d3a9e6523a

SHA1
9948e0eb948c8512780afdbbd89bf502e1ccd556

SHA256
dd55d2603cb89dc7eb87315db695e977db3e208ec9e5506a06a9fe8a256ea860

SHA512
5aed86990a234fbd3a3dbc7c0a15a275a5a20206b10afdc1574ddb674c60c255ff29e85ba1af55e8138755639e64311389a59d702cdf79f995655db95e311acb

Download Submit
C:\Users\Admin\AppData\Local\Temp\8731-79f7-0d29-fb90\js\sha256.js

Filesize
4KB

MD5
e865bd9952e46357b2572dc64c6e7b78

SHA1
eccc807fdb530896a424138f2f793d440fc66fe8

SHA256
f7bfb9a64082e0371de86c3b3ed83e05f22be1eac3190d73736298f2f0ec8425

SHA512
ffad58787ec98197260c53560630b9d6277a6ff70f6f36713fd9a4d70cb2b2efac1519d899e553bf57d339e38a9bb2058e90324850928b9b65182c6cd1624e4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\8731-79f7-0d29-fb90\js\system_styles.js

Filesize
589B

MD5
f76440d8ed1053e8ead47593addcba3c

SHA1
9cd1005f850e6b6186893f8555ce3aacc7464ccd

SHA256
e51484b39f3ed5eb9e153ea740d323afbf8f18b88f0c0b434471f27bb6139f5c

SHA512
797f24dc79865aae30912572178b1cb526c50ede2d1ee52a6f8358954cf408dcbe4726403f5abf1bc51478c925fa6c8a9dba149adbb534fe05dea4b9370dfb71

Download Submit
C:\Users\Admin\AppData\Local\Temp\8731-79f7-0d29-fb90\js\underscore.js

Filesize
42KB

MD5
1d4e786b5e92a3c936043bd5d0981000

SHA1
0e8faebf9505c9b1d5462adcf34e01e83d110cc8

SHA256
023f31d6996b4ff1b3543fea50be852ecbdbdce8b9e8d0610b72918e1f9d91c3

SHA512
4862f1dacf19a1f51923550b8f1a1d8f305e3c9358475ce7b902a3679340b9cfee1fa8d99ef7f2474eda61c3230a9aa359049dafdb0f4471f74b309d325abf31

Download Submit
C:\Users\Admin\AppData\Local\Temp\8731-79f7-0d29-fb90\js\utils.js

Filesize
1KB

MD5
c32a1d42f926d393a5c77b6b991453d6

SHA1
bf5ec79a1bc1f49c0fed95cbb5ac3074b7b75f75

SHA256
684c4f10dacaa328e2892c4cb626547a889efaacfaa53c02176a1f78f6f261b2

SHA512
9764645efdb105b06659fbd64192a3120a51435c8c94f0984933c701be8d0b026723c26b7b66f0b6e71bac157fcec1f142440b447c70cfde33fed1af01949e26

Download Submit