Analysis
-
max time kernel
145s -
max time network
143s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
02/09/2024, 03:23
General
-
Target
2024-09-02_0b3284e46874d7535223d2cb972afa4d_mafia_stonedrill.exe
-
Size
404KB
-
MD5
0b3284e46874d7535223d2cb972afa4d
-
SHA1
c26e3090aa7954e27912c7446d303b1489e60116
-
SHA256
198e86e7c949072afeb963832ea396a5e21e52dad479ca84ed39ce03c8d63256
-
SHA512
59d91721c7e17673f3dd14424671153ff8e1aee93baf6fbba536e27279831cc3f5282fc9c33e24f646a448801fcb5f4d10f66b709e072d48a4abc6c5d8029bfa
-
SSDEEP
12288:NqYXje0DF9k64/QSywqP0T8oIN1AHDFhY25fC2WF9ss2/4P:NqYDF9k64/Q9j28okAHDHY25fC2WF9sU
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 7 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 28 IoCs
-
Modifies registry key 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 39 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-09-02_0b3284e46874d7535223d2cb972afa4d_mafia_stonedrill.exe"C:\Users\Admin\AppData\Local\Temp\2024-09-02_0b3284e46874d7535223d2cb972afa4d_mafia_stonedrill.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v RESTART_STICKY_NOTESS /f /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\StikyNote.exe"3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\reg.exeREG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v RESTART_STICKY_NOTESS /f /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\StikyNote.exe"4⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Modifies registry key
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c copy "C:\Users\Admin\AppData\Local\Temp\2024-09-02_0b3284e46874d7535223d2cb972afa4d_mafia_stonedrill.exe" "C:\Users\Admin\AppData\Local\Temp\StikyNote.exe"2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\StikyNote.exe"C:\Users\Admin\AppData\Local\Temp\StikyNote.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2668 CREDAT:275457 /prefetch:24⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD58e1b8b53403b6de17202d0ce927505ba
SHA1554bffa62f37c9b98cb165930a58fe73301b184a
SHA256b4ae37705c6d0922c5550f3524a6f98996d2fe5bf1d33b2801a502a26adb0c6d
SHA5125573ee66106de4d6bebd008ac8efb145d93296c85f106a7366c219d2d5360d4d8c2b63760b01bebe10ccea5fac3f0a4399a13017e9d9dabd7a2d8a87845e73fb
-
Filesize
342B
MD52c7a26ef11b1355ccdebfbea6badcb37
SHA1cb9fba782726cdcb6c635559c864e2ae45615330
SHA2564352be189b911aea35cd5730c7cdd0e836ffad39e202f38acd9d1f19bb0f1143
SHA51216631e86a4537636ab90c9f99d55008d280a72ecaf7b93f8f553df3d4d2292d4a7888423f4ff02a084a42b13ab1e44c54e8eae9731d00b57fe396b9dfeda12e9
-
Filesize
342B
MD51d088eabefec517c6039e81ba05bb037
SHA16edfdc8adf7d15d3bd0bb903269de69b3c67216b
SHA2564ca20104aabbc3b7c11005d1c900d29f1cab7dec5d362ce758b03156e7b215cb
SHA5123ec7cb0bbfb944fac39b90428d92c09d488e1c8a9d7f81bf7943f3cd7e399dcc1adf1eceb7abc77f21b731a4f7ea2bbde837b8565850c4b51bcc6953f24bdd21
-
Filesize
342B
MD5a91394cd46db9441d497f5a8e2c236f8
SHA1d1c247e3f8d86ac020e1bfd26233bdcb04672dc1
SHA2562aec6df1bbbf377e0b0eb074d7ecdfc43998795d430a824a8436eadab8d4fc1a
SHA5121b2dbe0004861dd564434548edd1828d97354a04b903b378283dc10d3aff02c42a6ae8bbc458e43a575da6f25badd210770ebffd15f42e83ec288e948496c0ce
-
Filesize
342B
MD58b34156dd36fa1b0fd5e91b165a9a722
SHA1982d710626b023d847df30a95894eb1960a88b09
SHA256a0ef15be79087b90c397738f0c1eccc2406f2d910d3e4e7b264b40d50161b074
SHA512c07731ed3fffbce9ae52b500d9bf3690a3b0eff3f8544bf6492fa9f8a4a23e7665921392917a301cf07160ceaf4325f94e41774de7385994ed2a96ce476acc6d
-
Filesize
342B
MD57a9720d4b833ca406c2c46124ca52aa1
SHA16903dbb4867fb3050147e7ccb48a9a9c735455bf
SHA2561d7afc848ecaf5cae59aee9ff099696e1379faf37e410ff669247e40ed12e28f
SHA51255b4be577241722a7c0316b6339acba92ac6fd343c3e065e89235dad3c0720622f4fe743d7f40659b83934e61641c9eb287d8994d7e66e9a567601e4879a42c9
-
Filesize
342B
MD5b70181a71a4d4742648c1ed53871ce49
SHA1cce8bbee17420b8b247b5b3b9f8de61ef9a502a9
SHA256c9c922835cda355b063d32ba27677eaeb4d1cd27ff56625497718dc534ad0d31
SHA512a9786944bf7d739f1649787e57b1627186bc0c2984844ded4a7d810b667f07664f564f68b4d11c71c42e16db5b252042b5c83dd2248eec965034e20caadc8316
-
Filesize
342B
MD570d81be17c4ce3023c9e0f350d48e809
SHA101cd0ee5267615c675e44d19b5f2b9c5f31b1ca6
SHA256db43d329e6d7dccc61315480197b870138550df8fb8d07c9e2428a12de97f359
SHA512c88b15b04e0180a81a29e1a81e114b9f37c7da384e731a4133badf60266638a3f8f32f856b140f273b5cccb6c227224410ccdeded1b479640abec7c08acc204e
-
Filesize
342B
MD52d7d23b77c39393ee1c1526bb24fe11c
SHA163b3fbf33d337de23b6f378ec5b92fcb1ca64e2c
SHA2562d65483d50f29b68edef34ec5313d758009812c23b70bdc4f587556656ce945d
SHA5124228effff8bc7e8ce8c5c0c3d54213ee75bafd1e8936400010ea8a25bc9ccf5862e772a19f20a52f178b8d2774db0b60638543e201bd07e5944f7eaf684f7962
-
Filesize
342B
MD566a71744f6a05ad8a29565b722a344b9
SHA1af845c073cee2ff8bef7c4f1fbe6a08146b0fd33
SHA256c1dbd76db143fa545fa15983b07c890260f2fbfb424d0445370fa22244ef979b
SHA51207667d7fbd004cedbae634210fb0aeae16f36d8d7fac14521d6eb2e2a1f8f283ac59c4ac6b9da7fbdb67a1c25448fd616dd43756c62c3614f3eabc7780f88e01
-
Filesize
342B
MD5097ed5d76e38adc41bc518eec3d82209
SHA1c7e20a381d8c8f94a6cf6f782138f4ae92c6a683
SHA2564847cd3b9b5c319fe322679894bc09521144b656495a595a50043b38ca732702
SHA5129f84c446a2b51c6122da2f9612e1287b652a808880a4bca10a8a5dfa8b04338c5b647d8be2b63547edb4896d5e856fcd6a4a8d19e6ce6dd8bc7bd381f32c99fc
-
Filesize
342B
MD5434ad24abfe168ec032cdd0b3f1c6879
SHA11cda14bfa4195a36ac6d066185d5d9bc933e8989
SHA256355c00fe3e38229f3dbc476a55cbc42f8fdd7dcf76c5b58efbab599458fc5fba
SHA5126e2fda60d5bd2190a611f39ab1227cff285eba16489b86ca143c673d4e11bd1d2cf0add1d27c57f97cecb83497074e05f9dd7459bc6edd407280e600846af5fc
-
Filesize
342B
MD54a1ad187f95c7f1bff832757c3713f4b
SHA12e58182a9ab8f218b2f672240a8fac6c969795d1
SHA2569e8ae7ead81d72771b55541931e4675646a82ac6b4647eb3273080e530b882b8
SHA512806506cdd359c66e1ce31b75b3f15ec887af11aac13b1274bffc37ef23321f0f9ef35c0142b83984383658dabbaf5f41f6505271e70ba0bbe130fec52fac68f4
-
Filesize
342B
MD5d6da458c8ee51d7564015a9e896d1330
SHA183f2a5b71298bd738845f251bf4577cb6d044213
SHA2562b1f1cf60ed31e434294e6d8c2a31d5ef7fa196545480027793afa65d19b34e1
SHA512d8a64974274be1bbf339476cb8562f0a2f8f5de3208de9010a1667e21611ee369f6afd1067b556feb9211bd919c7cd11c401c69197d2b19862b962b6252f765a
-
Filesize
342B
MD59fb2f2dca095cd3b9f199308ee77dfc4
SHA1112e7614948d08647b993272736c06ff1c0edcd8
SHA2566f9c185b950afbf34dfaafddfc5d45151b8c245def39507e1b7f178f5abf6e22
SHA512653970f1d106deacbbc5cbccfb18888829fc0121997d0d0abe2d14fb8d14e3bb7f3c4102fb746f88c8320ddb002165f4d98064700d4b2c61b38dba46b5f944fd
-
Filesize
342B
MD5b9c6869a5cd56084951174f1f28e8e9e
SHA1cb0a88329982834edca6555158f28f7d2657ed3b
SHA256a667f66e3a1cca06b7a7a461e766591e205a13031bd2b6b09f0012aa5468a17d
SHA5129891c76e0ec0e0dc5e53e2873b755aa89685956bb61132c5221d596421753afecb66c3fd3309a9d44f9ee98d32976733431e1fef1c06b3e3d6f4ddf445fea778
-
Filesize
342B
MD5927ee54e16b3b9c821093de0f7ae7c2d
SHA15b345de32de9c2796539d120ecbb09d1f1a7e919
SHA256689215e19ee886d8d3cb05b937d7ea11b7fe7fd66725fb96035186e2870af0a2
SHA512f8f1da1fdec966ab7371be16a3186413501aa27c8ae0215668195719f79045b0baea515837d465aa295760fd8497eef8529933c28b1a009c9aa257f635fe51db
-
Filesize
342B
MD5b856b915ef9f89ca4473bbd1e92d767a
SHA168589c68f7b065fd902e957520833e4a79be6504
SHA2567b7dbb46d4fd4b2851e37f7e4e85443a98156af1f65a0168c109088bdf3cdaad
SHA512a22746a57255a9d73e54e71d51cfb622b4c5b1b48f8aedeb67cc1739a7a36c0aa4370f7fefc81e2767a66fec6c4803ac256c720cdcf98bca1948e55c69de0649
-
Filesize
342B
MD59090ed8965dd0198e26f0dedb4dbfdca
SHA151995615b1755192e845a8055eeb1b4551fb646e
SHA2562025fc8e870fbd338c7ce9e2bf5f1c68379cbf536c15a816660c20428b3377c7
SHA512883c636cd3c9d3c79f1e6a2267c104be09038588de0817f65280a173b9b0bdc95c41d43ace6c997a2b9ff9c5e0d6f4c61bd6e16b174825103d05e4e68f2095d6
-
Filesize
342B
MD59fba33d37586600078fd801b2bc012cd
SHA148d25971a49da465b3c10f658bfdd1d68755a442
SHA256609a0be93300a7aff88c6c9704448e87ed1829bcc420fbd28e0cdb0bf5240a38
SHA512f9f1c9076c882f0aa837f26b05ad991b29ca31461c5c537fe621502b428bfc155ea6743d767e3f440bf3f09744deba48528e9832b77a94a4c1c3e8213ee30a14
-
Filesize
342B
MD534f3a327446a9db082aa17339d101054
SHA1ee9f1cbb7e1adc6d38faf739c1f4434c148c1fc1
SHA256eac090f1dff7310e06d59fca4a59a93a970a6c7c37183aa7a974b2a0814b7c7f
SHA51264e0f6ab98216b1136ae0149ab1e2d5f661a7fe8dece173126e4f6c8f0a63dffb821db3886ccb7d5142fad076df55440ebc041c8005ef14a302ea3b56e3ceb45
-
Filesize
342B
MD5c6b3e214b07bb1fc9b0de019a3a642b2
SHA12a6da9edf6cb152b50b3f5ccb67b63251bd06196
SHA2560cb82e1a31e2cb2fc6a866bb87abefcd12f59bc100ba745ffa74a3d72a8c2503
SHA512a19d60532852142cdd67f68a1f5b367c06b51e3803aa0a9f4fd5a27a2f7da284e20c8a1952aa8adeda741d8d469faa089ad97ec345df3edff121394dbb556b4f
-
Filesize
342B
MD5d7a533b64431253d5ab6e3891cc0a8fe
SHA1e2a25594e85b601be9c41365d0b55199d94e1290
SHA2567483c08eebce5af5d4665a2476d7ea8bcbcb2bab8fe1cfccede677834629fda9
SHA51213208954253a546c838fd61abb0e64c905dec64f398804be2837387ce0d4e599adc17924765520fdecf7fc305191fb30839467684f900200ba9c87bb8ac31e23
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
404KB
MD50b3284e46874d7535223d2cb972afa4d
SHA1c26e3090aa7954e27912c7446d303b1489e60116
SHA256198e86e7c949072afeb963832ea396a5e21e52dad479ca84ed39ce03c8d63256
SHA51259d91721c7e17673f3dd14424671153ff8e1aee93baf6fbba536e27279831cc3f5282fc9c33e24f646a448801fcb5f4d10f66b709e072d48a4abc6c5d8029bfa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
47B
MD572a392628d7f368bb9bc9689a694f55a
SHA1feacee9c66028a333446f2c968bcb3d567a4033d
SHA256afa60141aee93d7e3f3d8d296e36de9956f588a6cad99f8e79ce36ab88e828dd
SHA51276f40be7d3e0de960c7bc199fd094c64588841e5b6a1b99bd7fd2e3b53f9e381ded992ee6d67848dd4fda755416792ff6e29bf0acf1a348796dcf7e9bf96229e
-
Filesize
12KB
-
Filesize
12KB
-
Filesize
12KB
-
Filesize
440KB