Analysis
-
max time kernel
101s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
25/09/2024, 06:46
General
-
Target
2024-09-25_2d141c2641ffeab2f4fe3f5e530d8ee5_mafia.exe
-
Size
18.9MB
-
MD5
2d141c2641ffeab2f4fe3f5e530d8ee5
-
SHA1
f6d7cd830ffca1f55bee386d6a50ce3dc1e8e73b
-
SHA256
dfaf22637b1cffb47e5113ea69964a388b99a23540945d07f8134ddbf2f703e5
-
SHA512
8d008357751a00a2f9615d941ed81aac89cd82540557c3ee86e8ed20f91ba6be0aefce2ba064de6a39e86d7b63d95484e42c7ba3d6c73009e7e30b59dc76f095
-
SSDEEP
196608:zv0570MfJEyYz6w0pvOoRZY78UbiIuLQb//MX0ZPzNEPiUkR0r17NicSEC449g:z85a+LdUcEhg
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-09-25_2d141c2641ffeab2f4fe3f5e530d8ee5_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-09-25_2d141c2641ffeab2f4fe3f5e530d8ee5_mafia.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx