fc007d0708c44200fe1a255c3be193b5b54f3a03f46348a8f229bac4d9fe6243

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 07:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2024-05-10_4f3b7ceafc2bb3186481addaac525286_mafia.exe
Size

2.0MB
MD5

4f3b7ceafc2bb3186481addaac525286
SHA1

8de2d2aeb9d37d957c42c4af00a968d4666f4bf7
SHA256

fc007d0708c44200fe1a255c3be193b5b54f3a03f46348a8f229bac4d9fe6243
SHA512

34d090926ba094a5f1ef9c44e12a54857b98d5695ff34ee68277a952fd7cc0958beb5604934016a4f97f4a23c726b9d36c59074d015aaad33df06e7031334931
SSDEEP

49152:OU1V0o0Cku9PPEXO2MWUFCIUqNPEQyjNascyBKAPV1Olj30Z61aZzoqtB:fV0o0CxUXGWUFCHqNPEQyjNa2PCF30Z9

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 20 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	2024-05-10_4f3b7ceafc2bb3186481addaac525286_mafia.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	2024-05-10_4f3b7ceafc2bb3186481addaac525286_mafia.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	2024-05-10_4f3b7ceafc2bb3186481addaac525286_mafia.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	2024-05-10_4f3b7ceafc2bb3186481addaac525286_mafia.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	2024-05-10_4f3b7ceafc2bb3186481addaac525286_mafia.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	2024-05-10_4f3b7ceafc2bb3186481addaac525286_mafia.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	2024-05-10_4f3b7ceafc2bb3186481addaac525286_mafia.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings	2024-05-10_4f3b7ceafc2bb3186481addaac525286_mafia.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	2024-05-10_4f3b7ceafc2bb3186481addaac525286_mafia.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	2024-05-10_4f3b7ceafc2bb3186481addaac525286_mafia.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	2024-05-10_4f3b7ceafc2bb3186481addaac525286_mafia.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	2024-05-10_4f3b7ceafc2bb3186481addaac525286_mafia.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	2024-05-10_4f3b7ceafc2bb3186481addaac525286_mafia.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	2024-05-10_4f3b7ceafc2bb3186481addaac525286_mafia.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	2024-05-10_4f3b7ceafc2bb3186481addaac525286_mafia.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	2024-05-10_4f3b7ceafc2bb3186481addaac525286_mafia.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	2024-05-10_4f3b7ceafc2bb3186481addaac525286_mafia.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	2024-05-10_4f3b7ceafc2bb3186481addaac525286_mafia.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	2024-05-10_4f3b7ceafc2bb3186481addaac525286_mafia.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	2024-05-10_4f3b7ceafc2bb3186481addaac525286_mafia.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3008	2024-05-10_4f3b7ceafc2bb3186481addaac525286_mafia.exe
3008	2024-05-10_4f3b7ceafc2bb3186481addaac525286_mafia.exe
3008	2024-05-10_4f3b7ceafc2bb3186481addaac525286_mafia.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-10_4f3b7ceafc2bb3186481addaac525286_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-10_4f3b7ceafc2bb3186481addaac525286_mafia.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads