Analysis
-
max time kernel
139s -
max time network
102s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
19-06-2024 03:09
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2024-06-19_933770fb3e5e9762d7cfef6781436f5c_mafia.exe
Resource
win7-20240508-en
windows7-x64
6 signatures
150 seconds
General
-
Target
2024-06-19_933770fb3e5e9762d7cfef6781436f5c_mafia.exe
-
Size
2.2MB
-
MD5
933770fb3e5e9762d7cfef6781436f5c
-
SHA1
4828659dbd888b5e4ea299ae0ad404e25fd1b6e3
-
SHA256
a7b57cf2ce4a94e57569333a4deccefa91ee744490be6b87191e768b65816c4f
-
SHA512
8abf1ebbdd13b1cec324ed55c1db930dd2318cea1677e85d3f30c4d16f3ca74c9789f2da59def03c66f46fd6fd7ca12bafaa696141d8dc418b3a875c23948785
-
SSDEEP
49152:C/I3Cf9S251VfogxifwOd5gDFmiirf908vu3AjmZI5GwCz8ETGP3yFLCsabSTl0D:GIZ2LV1ifwOdeFmisf908vu3AjmZIFXX
Malware Config
Signatures
-
Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
Processes:
flow ioc 3 https://launcher-rappelz.play2bit.com/launcher/us/ -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2728 4736 WerFault.exe 2024-06-19_933770fb3e5e9762d7cfef6781436f5c_mafia.exe -
Suspicious use of SetWindowsHookEx 5 IoCs
Processes:
2024-06-19_933770fb3e5e9762d7cfef6781436f5c_mafia.exepid process 4736 2024-06-19_933770fb3e5e9762d7cfef6781436f5c_mafia.exe 4736 2024-06-19_933770fb3e5e9762d7cfef6781436f5c_mafia.exe 4736 2024-06-19_933770fb3e5e9762d7cfef6781436f5c_mafia.exe 4736 2024-06-19_933770fb3e5e9762d7cfef6781436f5c_mafia.exe 4736 2024-06-19_933770fb3e5e9762d7cfef6781436f5c_mafia.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-19_933770fb3e5e9762d7cfef6781436f5c_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-19_933770fb3e5e9762d7cfef6781436f5c_mafia.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:4736 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 24402⤵
- Program crash
PID:2728
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4736 -ip 47361⤵PID:1040