Analysis

  • max time kernel
    93s
  • max time network
    122s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-02-2024 07:33

General

  • Target

    2024-02-03_95b20602c49e89bfa816fabb561a2cbc_mafia.exe

  • Size

    1.4MB

  • MD5

    95b20602c49e89bfa816fabb561a2cbc

  • SHA1

    958999ba755d020c66dddfb4c162d00edf3c8262

  • SHA256

    cb5a5d63542543a4dd71c6a23be7211bec9a57890d4aafa1e12228470589914d

  • SHA512

    9b17f47ad5c9448652e5ea074476791ad0f78ed7eb6335d249ddf45765731380d3f0ac90b975a98dfd52f408885bc1888a0b812a2bfee74a30dc0bbe870a8145

  • SSDEEP

    24576:R+qu3KXnUamt4pAEm4cut/Hp8DltH+9+NcQzsMVZW/bHQBnRvcwDqRC6TDTLr1rP:/u3K3UnBEm4n8DltH+cNcSsMV8/LQBnY

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-03_95b20602c49e89bfa816fabb561a2cbc_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-03_95b20602c49e89bfa816fabb561a2cbc_mafia.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1136
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 1608
      2⤵
      • Program crash
      PID:1184
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1136 -ip 1136
    1⤵
      PID:2588

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\53ec-2f63-b06c-87bc\index.html

      Filesize

      8KB

      MD5

      8034ad8d4c9d5cc63880cb33114316f0

      SHA1

      535d66a62053b336a91ad98417ea41fc0e4e768a

      SHA256

      b79f79c6a313d8a88a356383d48feef268a69a13d6d7739ee2f72896f323f0b4

      SHA512

      95054ae24f68e8e5376f4dd51b75697be919813be7bec937e73770e74f05d06ceb7863406ee45ed17b59bf797df4c61a54247d5d44d53fbddb2fea40d4215364

    • C:\Users\Admin\AppData\Local\Temp\53ec-2f63-b06c-87bc\js\application.js

      Filesize

      15KB

      MD5

      fe28c28b8e70060e44eb4bad9ff670ea

      SHA1

      3ef3a060709ee3e7ff090cdcb1b36665d0feb7d2

      SHA256

      7eb52dcd63dc08f3b1c05f68093e715247e45b5956942d8861f90a195c1395d5

      SHA512

      a1268b4ead52272412d09738a8aa8e939078276af9c8d5cecfc745d66e70e57f00d841cf325525f3c085fc7566f8a7639aac6d40d8a0af61ac32a17073c6718a

    • C:\Users\Admin\AppData\Local\Temp\53ec-2f63-b06c-87bc\js\close_handler.js

      Filesize

      896B

      MD5

      c4acf73977e03ccc8dfcf5d7a10edab9

      SHA1

      6558b605aa4226e4ffdfbce82f739b5855c8e45a

      SHA256

      714d3323b24c9270ecf1aa171db12796b3fc1cc3ee774a8a2675ba21eab89edb

      SHA512

      9059d4b9ecc788f5971bc9398047b23412cfa182a4c84ce4c2bd0f0b7d041de6e6550938aae7648f2ffd125d6be8d2a4da6a52ba51b6ef0f533d8260b152c448

    • C:\Users\Admin\AppData\Local\Temp\53ec-2f63-b06c-87bc\js\jquery-1.10.2.min.js

      Filesize

      90KB

      MD5

      628072e7212db1e8cdacb22b21752cda

      SHA1

      0511abe9863c2ea7084efa7e24d1d86c5b3974f1

      SHA256

      0ba081f546084bd5097aa8a73c75931d5aa1fc4d6e846e53c21f98e6a1509988

      SHA512

      3aa68568ff2592ead412a0c7f5c39abc37ac562f00b7c16af07cd5eff881aadce77ec71040b36c0ad9c2d2aa4edd7744fa72b0f44cb8b485d4f283b1b49c2141

    • C:\Users\Admin\AppData\Local\Temp\53ec-2f63-b06c-87bc\js\json2.js

      Filesize

      17KB

      MD5

      f97cd64fa7f3d3d3728786288fef56c8

      SHA1

      adccfcf83e6ffb151f7853cd70b76c50028cf512

      SHA256

      49341399c4801527cc40f534238ec5bfb28e4f88a219d094f0a9d339107d7f26

      SHA512

      d96eaae1d617c74c023ec230e7fe84d6036771adf8f4af5bab97ed113f2a78e50345a5c58f4e04e040b6c31587be2198cdf4f482d45fa9d26075070123ff06c2

    • C:\Users\Admin\AppData\Local\Temp\53ec-2f63-b06c-87bc\js\reactive.js

      Filesize

      3KB

      MD5

      03f91c5946bbcb32432f6d21c1560071

      SHA1

      b1a650969ffe3819ceeb858a0bd67f3985c0627b

      SHA256

      d6ea40f41fa496744b8682e527890dc597c1b8b9d8cbd5b5999ae3989d2b1161

      SHA512

      f3d5cd5a1f97dd9eb21ef93d35595354b0d66c624e14855a24b9b641d70549091df543b4a40b246e8c8f63ff7a4d517a777fc25f3b92998962b417a4b0d5eecf

    • C:\Users\Admin\AppData\Local\Temp\53ec-2f63-b06c-87bc\js\select_disable.js

      Filesize

      190B

      MD5

      32488d0c21111c2b0a56bbb531e60090

      SHA1

      312fd13b337041658e69018b60db23074673ecee

      SHA256

      42b279194f0aaaf74b5aefe7ebbb19f6fc8006445f75047177f08dbde5cfa9e6

      SHA512

      ef2cff9b8f74dbd495796589f5dc0122e63133fc833e38549c71c3b8bd669f11a61b6a2c41effea71cebf2df3647b01750ed0a59341c7ca4d36a35b6bcc0af44

    • C:\Users\Admin\AppData\Local\Temp\53ec-2f63-b06c-87bc\js\set_title.js

      Filesize

      275B

      MD5

      44231a11264b3a740c1382d3a9e6523a

      SHA1

      9948e0eb948c8512780afdbbd89bf502e1ccd556

      SHA256

      dd55d2603cb89dc7eb87315db695e977db3e208ec9e5506a06a9fe8a256ea860

      SHA512

      5aed86990a234fbd3a3dbc7c0a15a275a5a20206b10afdc1574ddb674c60c255ff29e85ba1af55e8138755639e64311389a59d702cdf79f995655db95e311acb

    • C:\Users\Admin\AppData\Local\Temp\53ec-2f63-b06c-87bc\js\sha256.js

      Filesize

      4KB

      MD5

      e865bd9952e46357b2572dc64c6e7b78

      SHA1

      eccc807fdb530896a424138f2f793d440fc66fe8

      SHA256

      f7bfb9a64082e0371de86c3b3ed83e05f22be1eac3190d73736298f2f0ec8425

      SHA512

      ffad58787ec98197260c53560630b9d6277a6ff70f6f36713fd9a4d70cb2b2efac1519d899e553bf57d339e38a9bb2058e90324850928b9b65182c6cd1624e4a

    • C:\Users\Admin\AppData\Local\Temp\53ec-2f63-b06c-87bc\js\system_styles.js

      Filesize

      589B

      MD5

      f76440d8ed1053e8ead47593addcba3c

      SHA1

      9cd1005f850e6b6186893f8555ce3aacc7464ccd

      SHA256

      e51484b39f3ed5eb9e153ea740d323afbf8f18b88f0c0b434471f27bb6139f5c

      SHA512

      797f24dc79865aae30912572178b1cb526c50ede2d1ee52a6f8358954cf408dcbe4726403f5abf1bc51478c925fa6c8a9dba149adbb534fe05dea4b9370dfb71

    • C:\Users\Admin\AppData\Local\Temp\53ec-2f63-b06c-87bc\js\underscore.js

      Filesize

      42KB

      MD5

      1d4e786b5e92a3c936043bd5d0981000

      SHA1

      0e8faebf9505c9b1d5462adcf34e01e83d110cc8

      SHA256

      023f31d6996b4ff1b3543fea50be852ecbdbdce8b9e8d0610b72918e1f9d91c3

      SHA512

      4862f1dacf19a1f51923550b8f1a1d8f305e3c9358475ce7b902a3679340b9cfee1fa8d99ef7f2474eda61c3230a9aa359049dafdb0f4471f74b309d325abf31

    • C:\Users\Admin\AppData\Local\Temp\53ec-2f63-b06c-87bc\js\utils.js

      Filesize

      1KB

      MD5

      c32a1d42f926d393a5c77b6b991453d6

      SHA1

      bf5ec79a1bc1f49c0fed95cbb5ac3074b7b75f75

      SHA256

      684c4f10dacaa328e2892c4cb626547a889efaacfaa53c02176a1f78f6f261b2

      SHA512

      9764645efdb105b06659fbd64192a3120a51435c8c94f0984933c701be8d0b026723c26b7b66f0b6e71bac157fcec1f142440b447c70cfde33fed1af01949e26