Analysis
-
max time kernel
144s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
03/10/2024, 07:46
General
-
Target
2024-10-03_96b12aefc7c2376dd6d1194a600d0323_mafia_stonedrill.exe
-
Size
387KB
-
MD5
96b12aefc7c2376dd6d1194a600d0323
-
SHA1
191ead2c228c4b75817a39601532bde648786748
-
SHA256
5ee79e4c6e89e7921a4d61c0c51fce1bda4d9be8d3f43546a9c4232d411a638b
-
SHA512
51ba3585b2e440e5eac431d24e8546f92006edd8cd1f270aadb2e1286b7b39e03254c17ffc164fdcd46b7cd26c057e2698264b7eb3c43f210a40c6f0ee19d045
-
SSDEEP
12288:BqYXje0DF9k64/QSywqP0T8oIN1AHDFhY25fC2WF9s5204P:BqYDF9k64/Q9j28okAHDHY25fC2WF9sS
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 7 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 28 IoCs
-
Modifies registry key 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 39 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-10-03_96b12aefc7c2376dd6d1194a600d0323_mafia_stonedrill.exe"C:\Users\Admin\AppData\Local\Temp\2024-10-03_96b12aefc7c2376dd6d1194a600d0323_mafia_stonedrill.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v RESTART_STICKY_NOTESS /f /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\StikyNote.exe"3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\reg.exeREG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v RESTART_STICKY_NOTESS /f /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\StikyNote.exe"4⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Modifies registry key
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c copy "C:\Users\Admin\AppData\Local\Temp\2024-10-03_96b12aefc7c2376dd6d1194a600d0323_mafia_stonedrill.exe" "C:\Users\Admin\AppData\Local\Temp\StikyNote.exe"2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\StikyNote.exe"C:\Users\Admin\AppData\Local\Temp\StikyNote.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2744 CREDAT:275457 /prefetch:24⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5b81b5fd42f42bb30393a4d5b786d498f
SHA1c99cefef58e5fc01a8df22675ab467149819bd8a
SHA2569d5498b5f635f3db1d30655c8a84aa9feabc59cc54262467ae63c5d0e37ba481
SHA5129da26fadc7d85290628240af969f617f02afe2c07fca7c634c0073aafa48d8c90bf78df1f5775a0d6f37a930a1f28acf8db5c150a8b522bb43ae7373aee06121
-
Filesize
342B
MD5bac0531e625456006cc8bf69946bbeb9
SHA1f011269303f1e2e1f591854641b6fa6baa282d1d
SHA25678bd17b6d5edcc32987d8a1a0ce0ebbae906b797fe67f6fc1b52289d48421047
SHA512b1a289b1d958f0bbd5884685380d404fba91c102fa15dcbed4e6c880b50206923dac8dfeaead521742d6b538effc828bb67542a656b2b19bdf4d69e35729c11f
-
Filesize
342B
MD5bad48b1de4ddc3bf1d7d0a528e9899db
SHA1d5c01ac44d00c4c955c1919a0fb960c2988446c6
SHA25693b26c73d85c2c3f2f711ffd02b103913ad3e46718688b1ba5b7daf6e87bf3a6
SHA512036b3a583b536975666b49f8a5aca5a218783d8133808e155c05c1d01663ea990b050106fa96d56ec658433bfea389b2bf1b791326399d93078610a44669aded
-
Filesize
342B
MD53ab806f423ebfe1de82bcaf14fc1a8a7
SHA1997ea526e8d5d332b372318e83361c3fe370d1a1
SHA2567ab15c44bc3d997944b61c0b66520d0dc47374720c7f8bb2e3f69d35434c42e0
SHA51289339c9a2a1d27841c6149729fcc315fefa9c86bd27b3225d6693f8218776a20eab2c3e430a6a2faf7c1ad2ce1870607a2e5ee21d42a4cf8cd6f6d28cc0f857f
-
Filesize
342B
MD5060016d3bb058369915af51a46f232f1
SHA1defa9be2632dd9a9cc83206237b21f0d127dc8a2
SHA2564d3e977fc3f294a71a19a8fb40390b8079dbd6847a62c661986a902ea7836574
SHA51271c4dccd70e240624f016e04fc1cea4d56aaf1355a09e659a65a891877fe7c135d9fb813a1ad342d53d8122a88af275653c66a0c61d7c3c3f0ec58f8b4001f57
-
Filesize
342B
MD5c242e7d56fafe10a28d3df6d8171ec74
SHA1c0e2fb13f03a893f25571a000afb88038f5b3a4b
SHA256b03dfd7264409da18c9d0b1c031514913533cbe19bc06e018261bb19f9b14695
SHA5127334678afe3f39a1c58b798a125a47a52463e7c9aa8b34e158da482ce3f330edc938be7e48b32ea97f14e48a66db379a2476fd3abf0457ece93606ef3a3868d7
-
Filesize
342B
MD5a5651892c8845621e7e5ff59702b3c60
SHA103a77f19c86b8800d0a8b53ee7de624a462eab02
SHA256d56d4e20f15e1040f2b583b24e7fd0bd63acae790fbee0b8fc460b7fb31f4be1
SHA51257294215eefb2450c44fa6faaf2774599b34c1eb2c0137abe97c719d2c019dbe52d7aed2b27c69e6dccd48c98719b8ab042d7fad7d1e6bd0d939971d6dc8c859
-
Filesize
342B
MD5172c861eb33a3c5356b5ccaaff77b9fb
SHA19e38307f1ab56d5d434be2dc4fa2baa1909c6049
SHA25655abfd77dec703276c2980d49423ec43d525ad3e9830a2704df5ea3259dadacb
SHA5121c179a74406cda9bc510f4b680cc70de47e227a0c5ec2e644519d4b8f95049ab7b550835b8c9a540417519b89a00853c591a4f37cc43959aedd89e2bd5550186
-
Filesize
342B
MD509279c69e45cfded8b39270d9922a122
SHA100c2628cae7380118a7c9971a6d8b55c73e04543
SHA256794cda316329d50be6ff2418cdd2c4faaadeeca70c4227db2f6e2f86351569d1
SHA512286e17dc9437f76867ded0875e0e9d84ca45be022be7980a165c8e5ed867f40561f4275911343bb81a9f4eb33a26f09964f9be997e50a94dd3295de5fd597d75
-
Filesize
342B
MD50ed70f09d3cdf4b1f3ca2036df3d02aa
SHA1037bc45d25970fc212b14b8bdabbdcb8a575b6d7
SHA2562b2cdfb3e6f49c6b3623e9c3af1e4023bc65ccc649699313ba493e6ff3812da6
SHA512f7e84539b333a47419803453d151a7eddb8b61517a6dece30476a3aba4bebcfd3506eb06a59f18fcf4bedff7de51a4d72024dbd6f8e975ebf8ca235cb038395c
-
Filesize
342B
MD553409d3407d391cc9c050d3bc1fc0663
SHA11355ffc952ed941fd5ed19a8ae79c546f6af4437
SHA256afb071f6d0d1aae53433866670710c46b0c7386f4cde648370a5c2ab3a61ba78
SHA512e47a46c57a06c538c940c43e567f603850b5c9800dd9c3e132119261fcb4dbeadf18e72ab1148bbc07841d1309dc4d9958287a033c9df1b774ab730c4eb71902
-
Filesize
342B
MD54e3694b47c03819862388730b3d1d159
SHA16d56953f3adc34ee6b52ea1c39a9bd5b8d88c7c0
SHA256519a22ba9d47618f67e7965a28ec2563bdf0540b1ddc505445af268215c65dbc
SHA5129f32900b0cf9179c4d505fc380d62e5f702c46d44c6ad21eb12d2a8681c1232431533353bfb821bf2b3a718c5d45009bfeb4af5df81b16e753840b330d8199f1
-
Filesize
342B
MD5d8b00374d61120475909a900bc19db13
SHA186920e28d9d3031facbda2e14082cf8b913c1ed5
SHA2566438cef2068b593419c727390b2226a76335658d93a41bd1ac4e2070d57128f0
SHA5122528cbe510bae9ee99630d14aabc1b16e113ac9b83126d3a79d4bad7ce0c61ad2bc2354c3a4d1d51423c396b1ee2f3e6521afad435e73e72015954a2577d1617
-
Filesize
342B
MD5f6f3ea30e819de500e98e9aa5f28c572
SHA13806a013789f808355b1bf2e87b9c6b44e04b448
SHA25619280f3b5be2057b090f2bb0f39893ff4c02457f2272528df216d17c4c2cbd8e
SHA512a32d7d334da57396e23bcd3774d8f0ae823de176d1e686f3240a2792a5b1135acfcd85e0004f1b0682f300a7a57001ef1ce909824368ecdd083ddae2aba4efb0
-
Filesize
342B
MD5cd06bc03545d0f6259bd4511ec2a9111
SHA174c8e538dbcb9f15a5213c48c25865f70482058b
SHA256922f5bd1d2a4b326f84382b7e2c668ffc649ee8b9c9c405ea6beebe36d9ffee1
SHA51231da487421f5e5df4abe25717047e5f0ff1e2bb5d9d4417f715bc4e54ac8b8a880d4a5a8d629736002b7607a46e91ff0d7e6c4e2e0e5f38bd63620b8d1115a8f
-
Filesize
342B
MD5660ff88a781ed26001a267f6e995285f
SHA1dd3b93e66349f32c57fed138314b36e12e79025f
SHA2567a549f8c13f3c97c72c0b05772a2a6ed6a9ddfb4ba844f382ca8568231bec9e6
SHA512aa1c7d833dde924e9347274fc52d4344cc5d76b783165dd12c52bd21bfb8cca72457836a330cb98dd19577bcfeb2c193f90db5700b9f26bbdd5658a6e2c510e0
-
Filesize
342B
MD5062af2fe938a8af9f7d36ef4b12d829a
SHA182170959007b6eb64e3f23e8a238a0b91f417159
SHA2564e0c844f8b0afe12903470874b4548dde46482051df3548d390122d7336ec144
SHA512a87805f0776ec748d687900d29ab9e99d50f2164a5f5a682fb2d7d448632c11c8d1389cdace58f123dc0fe3a3664dad5da8b39289dbb339e2d7a21878bb0b216
-
Filesize
342B
MD5c98b4676dcb1d59fb15e5a9f5db297ef
SHA1173c1fec6bc025e7d5e7169e041192dabdedcd38
SHA25665d1c5270476603077c7fb82d37ac652f3c3550d9eeaba3452ded25d9d4cac35
SHA5123b1ca2604b898e0c0f49046a1cdfbeac768168b9207266972a39f04d0fff54d44de5a3c70263caf8b9f05a62824c36b73801f6104277d9f93340b1e60309f50a
-
Filesize
342B
MD50d6f53d24b84fd7f07e379aeec17990a
SHA1ffca1ef1811ce7387f2c8030d259a1cd5d1ecc34
SHA256491e7b3268ed8f0f183b52782c3deaae718ad40c8aefe339150a854f7d73f86a
SHA51208fb8ec95f315f4c454b35ecd1e881758daf6d2d186a49fea743f1dc9b01f8253be1fbca898ba4c3d9988b402d7d1b1391456aa24a2a59295a65b3f2124dbcfa
-
Filesize
342B
MD5fca15806ac4a99d9afcf487943069e7e
SHA13b3065b6558a2986d5060dc771a389fd5dd4baa1
SHA256f8c273c3455c3ffd533c64197fe3c0d10403a172ee7f4c6a8c53b7c21eeb94be
SHA512858482f1f9d176c1744b245fdd4dbfa8e8f821855a2b1ae4b96d8715872d5bdddc8758a38d386775ce8fad6f34fc7d09a663bec44841c60efd851702d70a8905
-
Filesize
342B
MD58496f5e5da864552071ba6733812e8c7
SHA14c4c4620798221a79b3c9dfe194162f3c4e669a0
SHA256016966d8b07068d576ffa6b1d7077ba1e6566a8a128e61d6cd2ad9dad46ed90d
SHA5129421a8e76fba0a43ad42e8f4571685e741a2acd9534e04f6ca4c178f461ffb9223704ae653bb1519d3379adb2ae9bb77d6fa886bef14abce2004ec98804e2506
-
Filesize
342B
MD5a74151842850e8c69df7ad2c47aed429
SHA169108a9a3f0cf387ae3fea880193a4fa7dc57a1e
SHA2562123b8eda58a176cb46074512dedd55e789b7c1cb7dc29d0bae7aede27beacc7
SHA51244a76e74aa9ab37d08f1490237c233216fd8219196d56ce9a6c12df6053c523bc117dfb78d9b17ebe3a2ab5a0ac97812fb41c9e348e61b3a2400b08f8c44aaba
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
387KB
MD596b12aefc7c2376dd6d1194a600d0323
SHA1191ead2c228c4b75817a39601532bde648786748
SHA2565ee79e4c6e89e7921a4d61c0c51fce1bda4d9be8d3f43546a9c4232d411a638b
SHA51251ba3585b2e440e5eac431d24e8546f92006edd8cd1f270aadb2e1286b7b39e03254c17ffc164fdcd46b7cd26c057e2698264b7eb3c43f210a40c6f0ee19d045
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
47B
MD572a392628d7f368bb9bc9689a694f55a
SHA1feacee9c66028a333446f2c968bcb3d567a4033d
SHA256afa60141aee93d7e3f3d8d296e36de9956f588a6cad99f8e79ce36ab88e828dd
SHA51276f40be7d3e0de960c7bc199fd094c64588841e5b6a1b99bd7fd2e3b53f9e381ded992ee6d67848dd4fda755416792ff6e29bf0acf1a348796dcf7e9bf96229e
-
Filesize
12KB
-
Filesize
12KB
-
Filesize
12KB
-
Filesize
420KB