Overview

overview

7

Static

static

3

2024-03-05...ia.exe

windows7-x64

3

2024-03-05...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    136s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    05-03-2024 13:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-05_2e8e3e9f88587fc1d8965b4f45648c6e_mafia.exe

  • Size

    367KB

  • MD5

    2e8e3e9f88587fc1d8965b4f45648c6e

  • SHA1

    72c3db1c0b9be7aca8a6c4817256c7e967be310b

  • SHA256

    435a919e28721fa30911ee164da4631386b99743440e2373b7d846ac135df3d3

  • SHA512

    9aa9efb49a4edc97e79ad4cbbd3b33c5a1f2d3835c6f0da226974a299202764898c42c0ed2a9c758215da84127e6b1ab9865adfe653483c4313930a73548d93f

  • SSDEEP

    6144:vNgF4DxNuJc06j4YBa77xMQxA5i5knmv1SL/mQXCD47l5Olw8l:vu4lNAtYytvS5Aku1YLCWN8

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-05_2e8e3e9f88587fc1d8965b4f45648c6e_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-05_2e8e3e9f88587fc1d8965b4f45648c6e_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1204
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://skjp.zcjczj.cn/ds2taob.html?s=154&v=155&c=185&a=376&m=&t=1614219382
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1508
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1508 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3004

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    42608ede43b71e6c312caf8bbe2e7010

    SHA1

    3e9cde26e924379aa51b7db525916b547fdd8114

    SHA256

    9e07ab0fb300f40042aabccd17553cd3b854d39ffdf9d168790a41266b4bca35

    SHA512

    8cf8f0ead1f012edcde6f14253705b9303c080f1f06faa9c09a98493b7d0f4fd98240189609fd470baa96dea46db66e4936b055f04a8f25dc60dc388a201d583

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    37e9c22930a9c4909ad236036d4b6062

    SHA1

    4b8f23f7fae8acca358783e4447cbd4fcbc65c53

    SHA256

    29b1f7a1c0aa07785050c573652329ef6483c84f55b90ed6d3804909544c2d0f

    SHA512

    d8b2572161b5efce533a015980b7dab54e7ad1d608e81ecb9cfc18a1d63b74e5271dbc1169d7fceda5f4fc54ee923c4c2eb3c05d410b19ec973a28d121442d79

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bbb35894e26e9f126b2efbadb1c2d59a

    SHA1

    826175a10b0e587df011f28cafafa200e65685bd

    SHA256

    5a1ce075638181b9c6ceb1dc012971ebebdf8174746a7d87a3c11465501f544b

    SHA512

    3b661179111a5739e7eb88a3f4132505c4e860e1cbba3ecfa97a1dbe0f0b3282df031ba39931f616fc5c5f97327800f8779e31839c5bf3a40ffcdd9b13f17f5c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    417ebb2362fca077212a7c88a4d881f1

    SHA1

    619896a26c29e4bedaf31e2720969d3f1cc69df3

    SHA256

    73208f73caffa8f86e4ddd5ec8c07bc553360724a896563113582199e6e9913d

    SHA512

    06e5f0f9b60bc31b034493809eb95e0aec0f8b0145e4af8c71fa61a131e2317191032ab674a07152234296bf56c16834cc9f58cc7c8b45ee7d61a70f695266eb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    463a89a8c3763d7dc29139f729e84cb8

    SHA1

    8e647bb6c67b422e103f0687a9452f9808689d66

    SHA256

    5d2fa850ff4c7bd6aad8c71fc8cba09af6c50079ac6ceacdf443f2fe52a1935f

    SHA512

    a1ac685ffc40de14a89c9032edbe1f80f3e88053c8321036aabb245f3a6b13df1604d647b039ba61ddc259235c813d3a9aad3d8fa32c3f7c5099c7e80b1bc934

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    638b1fa54f43f84877034f0324ef9835

    SHA1

    804d119a7f09190fb551e096949bc01ba2a2c7c5

    SHA256

    89e87161aea51907a36f9303822392828ac4c3e152f0d90f1c7125702ae3ff0f

    SHA512

    dbfa19f6fb833111ecabe90c54247c9fb411e5b8aacb1c45c341bd856622f829dca9985e73514c1bfb6573edd3945169573fdfb609d44f987c51124d0e856ffa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cdfd45c0852682c67444f47640d5793d

    SHA1

    cefb44302128b3914e8c735efd0e2b12ac55dc2f

    SHA256

    b602a3198fedf795d2b9e1d7df5c306967f2d5445a605965eac2e577804901d3

    SHA512

    dd84428edd2a754e5aafabf6e4a92e71c6ad33b2351298470e511f9cfb0f2e573be9fa485aaa57885093bdb47a4a339bfea39876a45c3bafab874da0539ea311

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cdde004cf01b62b2148f6c8a7814a714

    SHA1

    4be309a5417141f1ee3ef7caab0545889b484df4

    SHA256

    a7cfbad815b41c0c31a7c816d81f796a10b52aaf333483778d448c22c2a9d62a

    SHA512

    91da468dc8d2863a377229bfb58e9e1d738a7349fdfc6c4f2dc1680e5f4bda90b1a8e15e3bbaa15730a6d57662e245e6f045fbaf273776900fab93b732ff9c51

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0e3ac723a916981ed717835add1fb2b0

    SHA1

    b39d338218f2e81dff7f2a465e50f092bb987331

    SHA256

    57af46245346e4aae02d898bf9839aaf0332904f39ff46dd67c5d98c1e7b2794

    SHA512

    d2a1a0cd7f67cd67c298fc4e4acd75804394164c618f9c4b3c0d048f56559a27435a29a7b4d0bca588f0833d4d68866de133d77f1f5b652981f8d4a9065270de

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    98fa980405ad657e6900e35f424df1ca

    SHA1

    b2b067f648a625d61abeb8de83a84865214db9d4

    SHA256

    a73436c025c23ae084a2e1a5f0cfc933f36788b2308663f23606a1d683aea58c

    SHA512

    0f8862353cb384eb63dddc9e755199b3421c971388f1a69d18624982c0581e37d8d5f335a99607221ead7aff3c4b2c497a8f6b56a7a74d3fb492766f4d828ce0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4b9d081a69524a734fcb13ce7ea0fa6e

    SHA1

    a5fc380ac273062987000e40d450d050fd408fde

    SHA256

    114242a2e7d25d29dd07b39e8a65ac86949cab9423a06699b77b6cc1b5b278c0

    SHA512

    38ebc96680db92592b9f30bea79f5e9e646c6ba0a53d0ad3124289737a85e35c762067fcda4e3e25e7cb0df4865a4a3f405315acc778e1cb94cac0a4318254a8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab1316.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar154E.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit