98d180c775920c29b1d2ade772c574ff68a099e98cbb79cf6840e9cb635b7dd8

Analysis

max time kernel
137s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
24/07/2024, 06:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2024-07-24_58421940e21eb4fdbcc0c8411085364d_mafia.exe
Size

2.1MB
MD5

58421940e21eb4fdbcc0c8411085364d
SHA1

b5bbc78af243b4d7710781abbe2fc89b9aa16df6
SHA256

98d180c775920c29b1d2ade772c574ff68a099e98cbb79cf6840e9cb635b7dd8
SHA512

6cef45ae9755859e775cf8e7ef69c70ec742e713913727d739857a530bb463a6883f9e7a70785c255e12f430e401fc86ad2b7156b10a221aec7bad2a544b382f
SSDEEP

49152:eHWctcqT6Okm7k0ok4l7lTtBT5p/4qtFCALW:sJukUvTpQqfL

Score

3^/10

discovery

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2020	1076	WerFault.exe	83

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-07-24_58421940e21eb4fdbcc0c8411085364d_mafia.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3044	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3044	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1076	2024-07-24_58421940e21eb4fdbcc0c8411085364d_mafia.exe
1076	2024-07-24_58421940e21eb4fdbcc0c8411085364d_mafia.exe

C:\Users\Admin\AppData\Local\Temp\2024-07-24_58421940e21eb4fdbcc0c8411085364d_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-07-24_58421940e21eb4fdbcc0c8411085364d_mafia.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1076
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1076 -s 18408
  2⤵
  - Program crash
  PID:2020

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f8 0x4f8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 1076 -ip 1076
1⤵
PID:3976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Log.txt

Filesize
4KB

MD5
7e31191b54147587059db7571d7e1b79

SHA1
da5364253a48b5d50c4e6f8d5ebc1c62472b195a

SHA256
267e4841d3f7d08236d2f27debd6b731d3d46c7a1fc2daf0ba8bd41dbbda4cf1

SHA512
c142445352e22f4dd15aff918abe00e898d03dd7caa94abe4c7d559877ba467045f58ab9480350e46cb0aed77f3b6d41b708339173803760f634905e53f0cd8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Log.txt

Filesize
4KB

MD5
e453be186399076629d4fef9b16978c5

SHA1
8a0371eb0587eca31b9b0eaebf37535e12a4eb28

SHA256
a50bfc72bceecf2d3cf7fc5211fd788c3d76e7d2698216c6c735ef353798a61d

SHA512
05bd01d0465d76694ea807b118d9f19c5cefeed35beeeee1073f7321293175e74d8cbf394866862625e2959146e37022bff9ff61460c904b0773a4e3743a6ed9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Log.txt

Filesize
351B

MD5
15f463380db4571e2d5772b34eecda61

SHA1
0851890f2cba1c43d2532d9f9c04ee3862bdc3ff

SHA256
4a6d15f81f12fcbb941e8e2a7840e19a1ca6685df099809118f51a2301680b5f

SHA512
eb6be195e3411b6be7ed664f8fcc0cc99782347eb8234fcc176bdc288984fc6b0fdb7b256c98c7ad137c2a1e2a511228402a8aac79ad739556fba39fa2465082

Download Submit
C:\Users\Admin\AppData\Local\Temp\Log.txt

Filesize
667B

MD5
34263fffbcd63c213441302e905c698e

SHA1
88d23176de5259091881dcdc5baaf9508141fe75

SHA256
494e7a495fa3316525c7f21838f55cbcb0c006df297f3d4cf6712ef99e79b286

SHA512
2285d4fa55ba126c0f52df1e1528c170c57f16c2624a031f09f7539d57cdc1174e79019f955f6cf217da15b03da528318ab18b1c9bad71f0cedda64f1084a258

Download Submit
C:\Users\Admin\AppData\Local\Temp\Log.txt

Filesize
120B

MD5
99551861335b1db4631cc9403033f52c

SHA1
67ef8ba747bf2e3eb36bfea0a3e66dd50d4cb930

SHA256
0d00c742de7fa6e2448c6fc2e76a2669f2a8173931ec571b589fd4e749963d40

SHA512
de158df59f29622adfe997147570c213616f5a7d7332a3df19fd07cf73bf28fc7b995a38733db7c755c6fa198fc29fed496c874e7ffc9fb537800f0d6049dfc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Log.txt

Filesize
1KB

MD5
2a0207738ed2508ddbe8cccfa63ae60a

SHA1
c536c723904da9c6d427187abcd674eae125518a

SHA256
d41903655f7c4827ed7ec50852a53799d6595e99fe2a0aa132ae992707bbe246

SHA512
91b54a7c2eae9ebb34cc6f52ce6629f0de80f5a4f479527a939a2970db322224f1f3cd22ad999d570bbfaf61d4c3ff2fc1b03de84846df6ca195122916ac8648

Download Submit
C:\Users\Admin\AppData\Local\Temp\Log.txt

Filesize
3KB

MD5
69ed6d4145c562e48364e2df4863b1cd

SHA1
0dafb6b3e641ce5e79026327875b009fb92911a1

SHA256
ecea8c50d148b665e89efe2e1d578cfc4d558162cd1f61cc95468a83d6103713

SHA512
9dea269d31471f0df7b8390d00590f76be0212381afc36bd1b47994e3155f637547970fdfc326ec56bc3e97985804effab17b7828f59e6c57efd932f1b4e630c

Download Submit