Overview

overview

7

Static

static

1

2024-05-22...ia.exe

windows7-x64

7

2024-05-22...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 02:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-22_4891867495f58f015e87efec62a18452_mafia.exe

  • Size

    4.8MB

  • MD5

    4891867495f58f015e87efec62a18452

  • SHA1

    97910be8d968008b8ccde2c77bbfb097688ecbe3

  • SHA256

    079443127bd95c4a0c5f597de811f398b5292e4ac6ae85ffbfdef9e209332624

  • SHA512

    0b65658acb30cd18cb6998cf6a30b38f00f4e2f66f066f4a513dfe50c28da4f67eb860ae3ab7275264f8ec93be47e64a854973c972d161bc5a8fba88f460ab82

  • SSDEEP

    98304:QeVs+uvt0+sKdEl1uKO8GV0zLULIJq0do/puWRtyv6gGJCgPDwECE4iVyxx4hFrK:LW+uvtXdhg0htU6xiE4iVqmGIk

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-22_4891867495f58f015e87efec62a18452_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-22_4891867495f58f015e87efec62a18452_mafia.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2212
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.stardock.com/products/windowfx
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2532
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2532 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2608

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d6c9cc2762c4a410439c6382b1f04035

    SHA1

    7d2e65cd8f28d31da18a411a1399e61de295cc87

    SHA256

    c757e9f8d8ebfdd7a99f0dceebf419703e8ab245c0dc8d4d405d0bd4f82beb99

    SHA512

    db271d9444aa744c03f8f91561f3b0733991dd9ed38751e9d624bdaa9ffc91e1e4b0de9e99556f3e91d684d71a6063de3422cbd0d46e25d8d8f792f5a0eacf64

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e2c1d068f0efe9dac65d5b03ca1cc4cf

    SHA1

    f1dcdc38f7e3046b6b55283f8b6824b83d820b8b

    SHA256

    6d0a2c42f24a51f35f3436be7a9209f5e6caec8223aea9e14f7c00a143c6212a

    SHA512

    1015ed60d7c8e201195d206449b5f76aefcc6cc9f4b5cdb2ef984cfd698a8a8f8b95b29396dd7bdeb5669697b8ecaa66f028535e5d43856115fba91f15dfdfc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7bb7b247c99cce115c15a239cd513bd6

    SHA1

    f307d3e767431d837afe28e97dccd6f7e82d734f

    SHA256

    4d6c855fcf9a303efb776bf85c42e61a532036ee1fd8df3a3e2348a68ebe5ab8

    SHA512

    98d0d4754e134df0b19de8b5d0f291f87c26285ec609cc7bce92980727b9a7602366d513ab1cbf3d9416b2a966b60c9f12bf9c08470ce9a2983e590fccc092b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    63ef90d58099bed6843c78dfbe2aaad8

    SHA1

    065530aa681f0c77731c8300e6d49bd2c82b80a1

    SHA256

    611e7f771714d2bdd01593ae2154026a49f0a056dfde2f8ab509c6f86ddc8f4a

    SHA512

    a9663d6d36f5ad1627638f60d22ccad0de60a206dc6ad7035693d44d2d9c9cff399a01e5167a83d5f73135437731a9498356005eff4bd71159884c5700d8131d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    43e48211906c806e3c410bafbaa74465

    SHA1

    c76adbd82542b843dc3e1d1b9584807bafe95ba7

    SHA256

    f5633989210dd41b3073c3226199081e4b585bf6a8c1974cf8117e3ef6162bdf

    SHA512

    38a66a771d0c0d034fd3e506df0365faef8f33929226f7bd1bf31f41f8ebbdca45af599d79f66295a565aa9c690247902cfaf379082c3bebb03cb99c40f670c9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c5ca76153da19cdd64f6fa3128ae4f0d

    SHA1

    cbcc307939afe1c70259d891dd8d0ed18b0e4927

    SHA256

    74aca5f23f2fc665470635ad630b3ff8b07e97b73e64cd81480a4d18751b754c

    SHA512

    62728732e246f87b1a38603ff00d80a31753754a9f4ed48493ee19f5c1d455a39bdd3a85da5c0ad38244676903be1430cdb90f7f57009a70c0ca3d95bc934675

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e3e64dab60a63b074484482709cd86f3

    SHA1

    41da5d8686c9f0c8b737ba8be18e51959da7095e

    SHA256

    375c4d7c3aa4c467c8a4d56c3829f0ee92e87b0436371279739e2e6c553e2044

    SHA512

    97b77f48cfdb0d815e846b1a722e4dfc4dbee93a69588167da9e7ca7feb7de6c3ccb8f88085f9698a35433b84719ddffb0d1603ccd4bec04987d03ea0a9c97c1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d71cd7d4ade1cc0415303aa520504b78

    SHA1

    7b49319f07bc4b922d0ce877501e200daf4e08c3

    SHA256

    3b6e48d48cfec49dea77ed2b939e7014731769f01beba61805ffd065ab289756

    SHA512

    4bcb86f9ded81f88ae17acac676a3c0e53ed752d0530223ea93c78acb07eafeb1e540177bdb98355fea3ff06af8b8bee416e33b68d12e614710410bdd1f5713b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4b371fa6e5c4798cb89b0a48c2738d28

    SHA1

    d7f9c032e295d52705255804303a87e49a4ece78

    SHA256

    32278f4126b7b73c1e99f08d958a310a9b5919c641f0e2ec604824238f9c61a6

    SHA512

    9702faac51af7346827adfc6ca3cefdf78192ed81f39ad3d6fb4cf93511391a0631a3ef6a6158a3be6e88a7c137912f4f1b7b7bd5130dbb8b1c8afbca38c8602

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    12651c4000990decee6ff97d427245ac

    SHA1

    34b367667aed786d87c56ac7344dbbd29e5417c9

    SHA256

    b237054b5e45987473dc9352d7d2e6e241e7127bd9e50325ad3e8406c0962639

    SHA512

    fe0ec9b8f7788bc8b01ae82ff7a50e0d68caaf7dabd269baa2668d5ecb6b2e5835db41c4e8d5f81dc4909b370d7c9ed64b6e990e157450d14f72049b5d77d917

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8630a6ebd0bc855a1d1f4870bb5b9ee7

    SHA1

    2f9ab641bb87fad91d0d3d1530a918895978c251

    SHA256

    c83ee93c34d94fbfcb167138ad0381ca67944169dd06ea76363f93be4774a73d

    SHA512

    19c3f05a7015fe38d5b494bffd1e8a3b34a11328570404651f5fcebe1fab92a2931ace3cdba0f6b011f1d53d8d3ca098c22dd9264e950574dfbcc701b6452bea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2a5561f43564eb1d75d920cdb8425936

    SHA1

    86e73a917c0f1f63b12285d5e427a2c027ef9995

    SHA256

    0195877f1089950fa69cab81d90adf90afd33ca77f185e0f716393b5bca2b2d7

    SHA512

    22f9e1777817d86aad57ae39fe11403290b1dbf5a4d95a7d6d4ce33aaa969413de1a39d48ded8d21f323bab3429d229bd138c96d7bd67f868654a28a70dd31ba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e0c789e5e32034b376283ac4e2ca6323

    SHA1

    c5a8026ea5834f3564348710596b7f7f0cc8470b

    SHA256

    d21c6e517e1675f145b5289a5b7caf375bd4a0e4b5c70caffdc1afcdc5e605bb

    SHA512

    7445787b4a27d2b20c3f9c60eaa4911c5d4a77d7760f2394c14b7e097bd20e05f93abd76d4a972f50a7ecdf9fb5eb3884cd9295a865cced45893be54461f0fc7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4e932ce5c9f4b6b956c2772a21e2b5c5

    SHA1

    9010dc25f202e05e69e4321b9ca5b955f074001d

    SHA256

    6a01db6efac053b4557475a5e39def73ed69220a57a0744faca2bce63f0e9193

    SHA512

    0bf5501688142f75eae3d4372d029b20eea50c6c0bba2ec548ed5fceae628bf24a0f5ce7777bccdf832473376ca78e15aa46d7d25c2ecb751db3dba0e97829f0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bc13c5674d8b30a14ebd7e6691dd61ec

    SHA1

    f453958aec501015fe29129996c17af5f880055b

    SHA256

    1cd482e6fb724ffc268ffda4999b9563ed3fcde7e07221e2da3f71841efd8236

    SHA512

    d779cc9832dd773c2e2602e48792c2b97cb54b06f063e84b9e4f98dea2d330c257da0fc28725524fb2b5a8c6ca5352eee76127bd679de5a6bd29ea0c9a3dfd67

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    53d0110663bdbee7950ab36451931c72

    SHA1

    cbb309e1fb86c299402e642c56df55cf3792f7ff

    SHA256

    5fa46121e65d875aaaceb500ca839662f57f1266b68d987030578c9a5f75b103

    SHA512

    3832742765babc99a8a33cb05871233b8b799329bf6036acb08b11f8b3897c53860de77ba7260c901cafb39488d738da7d855737770ce6ef9af7f5cc425d8a5c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cd228995facb656d682976c1402af398

    SHA1

    bd78b6ed5273922f61fd2d827b836b8a5c28f270

    SHA256

    5cadeb24904059e889727c63872dcd80c1e701d3b04683dd3262052a62e78ab7

    SHA512

    0161cf01250e183343358a3fba213073bad8a50ef75a4d78e629ca732fa7b8817afec4f7a58f048bddea0cde2366840dc83324b93191f9107279ec756300a5f4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4efa867f0858a90c742aa2aaa5026209

    SHA1

    59900e22fe46b76c282dad13ac3b25fe6703bbb8

    SHA256

    3ead65b84f5c548ae1dd569658a688b62aeb90e51b78f34cdcbaedf32464c3d8

    SHA512

    644d5e5fda5ae5685f4808a34c3fd09913c2485147191d3f47220caab649db6565ad484deca4f7ba7f95016e087c8b948832b3a8a58a1401459ec4a202cdca3c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarAE31.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit