784358512ca2bc828e531b0eef7078f23c0c4343a4b0132c7c45bb8e9ff04e3a

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
15-06-2024 10:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-06-15_3f578601bf69dcef3ada278473dd875b_mafia.exe
Size

1003KB
MD5

3f578601bf69dcef3ada278473dd875b
SHA1

459046e601e6fdd6fe663440c51f0eda6318377a
SHA256

784358512ca2bc828e531b0eef7078f23c0c4343a4b0132c7c45bb8e9ff04e3a
SHA512

4d98ca110b1bcd368e6927d27fff5f456e1bddc0fd6f05a110f5d01d749a98a1d5a43cb4c49df84fe775c4201f4fd5baaf6126e8b8bf5c2d600c018b7ca45477
SSDEEP

24576:qCF3zBpmk05EUvYzr/AqR9b+R2gLUddfss1QaH1bIe3K07oJ4cTz+kQeS/:lhzBpmkIEIqRhd0aVbIev7oJ4cTCkQee

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1768	2024-06-15_3f578601bf69dcef3ada278473dd875b_mafia.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	1768	2024-06-15_3f578601bf69dcef3ada278473dd875b_mafia.exe
Token: SeDebugPrivilege	1768	2024-06-15_3f578601bf69dcef3ada278473dd875b_mafia.exe
Token: SeDebugPrivilege	1768	2024-06-15_3f578601bf69dcef3ada278473dd875b_mafia.exe
Token: SeDebugPrivilege	1768	2024-06-15_3f578601bf69dcef3ada278473dd875b_mafia.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-15_3f578601bf69dcef3ada278473dd875b_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-15_3f578601bf69dcef3ada278473dd875b_mafia.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads