mafiaware666 | ee376851cb318f77b9c8b715a09c5c0ce11043f679bb39fa5b5d67242c1c3bb9

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-02-2024 11:11

Target

221012-nb9nesddb2.exe
Size

2.3MB
MD5

3b2d877b0316f3ec4b20b79fe664c6ce
SHA1

e004d6285d6921c788d6f5dc3ab02dc6bd9fe6d2
SHA256

ee376851cb318f77b9c8b715a09c5c0ce11043f679bb39fa5b5d67242c1c3bb9
SHA512

b4af15ee358c0e89c45cb70d3f867a5d455381fcff720411d2165cb7abd6cc43ef4f4c44ac779cc9790b35db543e8eaf60e81899b6bccb264dcc0397073882de
SSDEEP

49152:JxrztpiklXTvvObVGrhmLql8a/LEmvUGw:ucvvOe4gq

Score

10^/10

Detect MafiaWare666 ransomware 1 IoCs

resource	yara_rule
behavioral1/memory/2856-0-0x0000000001010000-0x0000000001258000-memory.dmp	family_mafiaware666

MafiaWare666 Ransomware
MafiaWare666 is ransomware written in C# with multiple variants.
ransomware mafiaware666
Renames multiple (68) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops desktop.ini file(s) 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Documents\desktop.ini	221012-nb9nesddb2.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	221012-nb9nesddb2.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	221012-nb9nesddb2.exe

C:\Users\Admin\AppData\Local\Temp\221012-nb9nesddb2.exe
"C:\Users\Admin\AppData\Local\Temp\221012-nb9nesddb2.exe"
1⤵
- Drops desktop.ini file(s)
PID:2856

memory/2856-1-0x0000000074A20000-0x000000007510E000-memory.dmp

Filesize
6.9MB

Download
memory/2856-0-0x0000000001010000-0x0000000001258000-memory.dmp

Filesize
2.3MB

Download
memory/2856-2-0x0000000004FB0000-0x0000000004FF0000-memory.dmp

Filesize
256KB

Download
memory/2856-3-0x0000000004FB0000-0x0000000004FF0000-memory.dmp

Filesize
256KB

Download
memory/2856-56-0x0000000074A20000-0x000000007510E000-memory.dmp

Filesize
6.9MB

Download
memory/2856-63-0x0000000004FB0000-0x0000000004FF0000-memory.dmp

Filesize
256KB

Download
memory/2856-71-0x0000000004FB0000-0x0000000004FF0000-memory.dmp

Filesize
256KB

Download