Overview

overview

7

Static

static

3

2024-03-11...py.exe

windows7-x64

7

2024-03-11...py.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    125s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    11-03-2024 23:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-11_decd00defd7750461472b3bd19651b7b_mafia_nionspy.exe

  • Size

    274KB

  • MD5

    decd00defd7750461472b3bd19651b7b

  • SHA1

    3d24c653e76d00aefd95f553bcceb3820ccb23fc

  • SHA256

    98f50f6e0ef0a766a27f06c9bbd8df049e07ed360347a440bf48b755a50bd6f4

  • SHA512

    147d8e2bdec4f066a8e0483ea18cea6b47d6d80422334b5e7f6fbf610dae43b41bf311e5958ec47367894b83a49419d85500e53f90f8577ec312a67516aa90d4

  • SSDEEP

    6144:EYvZ6brUj+bvqHXSpWr2Kqz83Oad3Jg4PlPDIQ+KLzDDg:EYvEbrUjp3SpWggd3JBPlPDIQ3g

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-11_decd00defd7750461472b3bd19651b7b_mafia_nionspy.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-11_decd00defd7750461472b3bd19651b7b_mafia_nionspy.exe"
    1⤵
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2716
    • C:\Users\Admin\AppData\Roaming\Microsoft\SView\dwmsys.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\SView\dwmsys.exe" /START "C:\Users\Admin\AppData\Roaming\Microsoft\SView\dwmsys.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2524
      • C:\Users\Admin\AppData\Roaming\Microsoft\SView\dwmsys.exe
        "C:\Users\Admin\AppData\Roaming\Microsoft\SView\dwmsys.exe"
        3⤵
        • Executes dropped EXE
        PID:2488

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\SView\dwmsys.exe
    Filesize

    274KB

    MD5

    0d84e2b9d96cab457b277f99a5ee5ea3

    SHA1

    a107fc82b8b1382aa2b074a8d09bdab1b28d063c

    SHA256

    0d51abe7b342ac46a11b60b9d2dddc31b6eb685a71efd66efbc0216d03b06c64

    SHA512

    b546e7561f79541e030cb5b608c731b650224bfd3f111fe2f989b242b345eaf1ef828fac51e52b11291aa947fc2d52863322aaf2773ef66f5ea6db03c57276e8

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\SView\dwmsys.exe
    Filesize

    124KB

    MD5

    11525c7a3e9699f553c560f188763cc0

    SHA1

    2a38e1052aa77c4d02a3e985318387de77f66a85

    SHA256

    dc2f1df75760015df7efcd65acfc925388e7fa471cf2c34bda1dfd7159ec1b9a

    SHA512

    f9f16429710554d79e910b825ba97f2dfa2afa604eb02bd514a5c4fa6c093e3e477298af8649a6b3f287d7a888c38e0e86c3c0ceeaf043c4bc2f655b577dbeff

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\SView\dwmsys.exe
    Filesize

    156KB

    MD5

    23efe283184ec0476c51a96d5c93b523

    SHA1

    2e2285d07280c59ffba2410de207d44c2e5ed6f1

    SHA256

    395a283885cef086e86a996b7511d69e2a9a59a26b8e82c2e4361f09efccf590

    SHA512

    47c64c04029c6da6cbe8f17993bf336c763f43e5e01e0f370de6bd93322376112093f7c7d6f9ea42e42712c49f0e8cd331d944c0b5486de10246eb5ac631b594

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\SView\dwmsys.exe
    Filesize

    119KB

    MD5

    0f7e268ff11c2243690c207801216fcd

    SHA1

    ce21b364e8a92411c3e521f223775a32a9c0a3df

    SHA256

    a76c4533037b391c0f715d619db3c6b5d74a2801ba854c8e62350f76430db796

    SHA512

    2c71ef2c0fbc27236df101e16f68057f5e9ecdeb6a58184cb045b8be6ff84cd79e272f33f9a6d1f5e154ac1f231e9b31910be58667ecf00314c0ca717a2c71f3

    Download Submit

  • \Users\Admin\AppData\Roaming\Microsoft\SView\dwmsys.exe
    Filesize

    75KB

    MD5

    7cc3efe6a9b3b823277ef238cf18c973

    SHA1

    6726a1a77b5e8e8aa182e8b36560e2f6a29216f4

    SHA256

    bc4fc25cb87141275519859d288273396c8c30b1a520fa81892707473b3c1d86

    SHA512

    710c25ce18874b7d09c73aad063304bbf5bd16cf1f6b5d3894a47e410951c7b7e4c7a45b91ecbc8e29ad5514702062da43f9218ca3ff2b5e0f78c4214825200d

    Download Submit