a7b57cf2ce4a94e57569333a4deccefa91ee744490be6b87191e768b65816c4f

Analysis

max time kernel
139s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
19-06-2024 03:09

Target

2024-06-19_933770fb3e5e9762d7cfef6781436f5c_mafia.exe
Size

2.2MB
MD5

933770fb3e5e9762d7cfef6781436f5c
SHA1

4828659dbd888b5e4ea299ae0ad404e25fd1b6e3
SHA256

a7b57cf2ce4a94e57569333a4deccefa91ee744490be6b87191e768b65816c4f
SHA512

8abf1ebbdd13b1cec324ed55c1db930dd2318cea1677e85d3f30c4d16f3ca74c9789f2da59def03c66f46fd6fd7ca12bafaa696141d8dc418b3a875c23948785
SSDEEP

49152:C/I3Cf9S251VfogxifwOd5gDFmiirf908vu3AjmZI5GwCz8ETGP3yFLCsabSTl0D:GIZ2LV1ifwOdeFmisf908vu3AjmZIFXX

Score

6^/10

motw phishing

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
phishing motw

Processes:

flow ioc

3 https://launcher-rappelz.play2bit.com/launcher/us/
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2728 4736 WerFault.exe 2024-06-19_933770fb3e5e9762d7cfef6781436f5c_mafia.exe

flow	ioc
3	https://launcher-rappelz.play2bit.com/launcher/us/

pid	pid_target	process	target process
2728	4736	WerFault.exe	2024-06-19_933770fb3e5e9762d7cfef6781436f5c_mafia.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

2024-06-19_933770fb3e5e9762d7cfef6781436f5c_mafia.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-19_933770fb3e5e9762d7cfef6781436f5c_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-19_933770fb3e5e9762d7cfef6781436f5c_mafia.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 2440
2⤵
- Program crash
PID:2728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4736 -ip 4736
1⤵
PID:1040