Overview

overview

7

Static

static

3

2024-02-11...py.exe

windows7-x64

7

2024-02-11...py.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    11/02/2024, 16:22

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-11_4f9610658fb390f8f7de6dbb0e6a94a4_mafia_nionspy.exe

  • Size

    280KB

  • MD5

    4f9610658fb390f8f7de6dbb0e6a94a4

  • SHA1

    4288ea314c50f6f5f389a59234f5f243cab324d1

  • SHA256

    93ed0f50245532143857a91972cec7858bff72933bdc625529d3aee88e2e44ff

  • SHA512

    97228a80e16a99cac476862a5d7a615f5e2adbbe2af1a03892f1903873c950286c813ca9a262f9dd30e076de4256e97f17c3d0180ea0504073683d813e5dde86

  • SSDEEP

    6144:FsTz+WrPFZvTXb4RyW42vFlOloh2E+7pYUozDK:FsTBPFV0RyWl3h2E+7pl

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-11_4f9610658fb390f8f7de6dbb0e6a94a4_mafia_nionspy.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-11_4f9610658fb390f8f7de6dbb0e6a94a4_mafia_nionspy.exe"
    1⤵
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2480
    • C:\Users\Admin\AppData\Roaming\Microsoft\Sys32\sidebar2.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\Sys32\sidebar2.exe" /START "C:\Users\Admin\AppData\Roaming\Microsoft\Sys32\sidebar2.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2884
      • C:\Users\Admin\AppData\Roaming\Microsoft\Sys32\sidebar2.exe
        "C:\Users\Admin\AppData\Roaming\Microsoft\Sys32\sidebar2.exe"
        3⤵
        • Executes dropped EXE
        PID:2584

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\Microsoft\Sys32\sidebar2.exe
          Filesize

          64KB

          MD5

          9d2339dbe714b518518fc64179399d99

          SHA1

          8494f7ec662f443851e52bad5f6841bdb0a6bff0

          SHA256

          e6205de79fe5b95f58a99ce3d8e1e0f82575f69b9ab89638aef8f00fc38bacfc

          SHA512

          fb25e1f90202d5f924868f834e879f9baf9db603601463402ab76895afbc04414ea2e261905a7921c171ba4b780da7f7d95548d7bfa2aa940c38fb9b00382401

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Sys32\sidebar2.exe
          Filesize

          41KB

          MD5

          5d3149b334765d6ca34353d7a85ea013

          SHA1

          c08e4c3f85b41d336cc640d3902e9d08d36f228b

          SHA256

          4f80e6c6446fd0ad3f9c51bfa1819966bf8c24e54c459cfabc9c019fb7543275

          SHA512

          615b1e46636abb3e58286c55ad1cfc754458e482ad23351c71e72f72dd52d39849f32d4690fc45618efaa5d2c843676a69d99366026b7068c5bad600ee54fa33

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Sys32\sidebar2.exe
          Filesize

          280KB

          MD5

          d03e3c6c34628a903623f7c31cb59439

          SHA1

          1e40f0cba9c8ed40f1710f5b06e88c6c67d44834

          SHA256

          87614d570d72f687e47a3a28d2eb1f3f7f8c1c31ac0afc8be784f47ff5b8d46d

          SHA512

          8059f9c899cd47eccc0449c1a923fa3dfee7e41066f6f9afef3d097fee8fdd268b55e3f997d7c434cf5f7a3e6c4eda1c605a1535d41ce533ac4afc196f170324

          Download Submit

        • \Users\Admin\AppData\Roaming\Microsoft\Sys32\sidebar2.exe
          Filesize

          128KB

          MD5

          58dfa9efc8ed7078ae9a25bf2e7a53e6

          SHA1

          8320aaa96204cf93f69e8ad7c7c82f760e878661

          SHA256

          d14f1e39855ae3ecd6037a2a07e0c2577bc5ea8a6f35085b0650d279040250b3

          SHA512

          63b31cee4103392c4eb27ad375b854a059212c3c2d7adc2e4d6802b10c8af1ce33a20dabec02eb4593cbe3096e2554f20605a5e7ee88fa0fb24ea99e0fedfa19

          Download Submit

        • \Users\Admin\AppData\Roaming\Microsoft\Sys32\sidebar2.exe
          Filesize

          75KB

          MD5

          cfaa62cc95b9dbabfc1f0a944dc701a4

          SHA1

          f6e6eddb1a962513f6c8e33258f3d2858a683ae9

          SHA256

          3a58ebce6bec8611abcf3a2ad9b1015febf439d97f58f904c8cd99a4777b81d4

          SHA512

          e4e9627bc2efbd84da2e2a897fb383f4a16798c2ade8ea22b0ee4c0b84ad9c9a091733dd2b098b7717368f865c55a124a4957e00c44ec9e21bbf923857c421aa

          Download Submit

        • \Users\Admin\AppData\Roaming\Microsoft\Sys32\sidebar2.exe
          Filesize

          42KB

          MD5

          2671ee880c0a8c8f4e4346356d8a8020

          SHA1

          bde89a51141aa57580c78551961f30923b99fbd0

          SHA256

          67de86cd64fb272bf36183e762ca5446690c787f3997d40b07ebb5dff4cf6e92

          SHA512

          74f69e4826a44d3bab0bcaf0bc98a0a92cac390e5fcfc75d3897b83c308972589875a3df949935dfde7d68148cefc3b0a44f92bc025cbe7668361bbcf56d80ea

          Download Submit