Overview

overview

7

Static

static

3

2024-10-12...ll.exe

windows7-x64

7

2024-10-12...ll.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    12-10-2024 05:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-10-12_7fd7e8d15c002d5b78e4b6c0efb17319_mafia_stonedrill.exe

  • Size

    388KB

  • MD5

    7fd7e8d15c002d5b78e4b6c0efb17319

  • SHA1

    c74948b0b72a9a2c4365e3caa9788344a4631b7b

  • SHA256

    56ab59ce5ea456d97d2d9f8eb0fb842ef03ce8c68b6b1296dbbb7a40b074d847

  • SHA512

    ffba0076ec3c18dbaae4cb85bbb267b5d90762d5dc95f0fe153ec1d8725df17a64c36bd04407fcb15a74317e1becd8826b011cd25dfe368e105426d95310c860

  • SSDEEP

    12288:BqYXje0DF9k64/QSywqP0T8oIN1AHDFhY25fC2WF9s+204:BqYDF9k64/Q9j28okAHDHY25fC2WF9s3

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Modifies registry key 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 39 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-10-12_7fd7e8d15c002d5b78e4b6c0efb17319_mafia_stonedrill.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-10-12_7fd7e8d15c002d5b78e4b6c0efb17319_mafia_stonedrill.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2264
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2692
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\System32\cmd.exe" /c REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v RESTART_STICKY_NOTESS /f /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\StikyNote.exe"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2436
        • C:\Windows\SysWOW64\reg.exe
          REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v RESTART_STICKY_NOTESS /f /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\StikyNote.exe"
          4⤵
          • Adds Run key to start application
          • System Location Discovery: System Language Discovery
          • Modifies registry key
          PID:3020
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c copy "C:\Users\Admin\AppData\Local\Temp\2024-10-12_7fd7e8d15c002d5b78e4b6c0efb17319_mafia_stonedrill.exe" "C:\Users\Admin\AppData\Local\Temp\StikyNote.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2760
    • C:\Users\Admin\AppData\Local\Temp\StikyNote.exe
      "C:\Users\Admin\AppData\Local\Temp\StikyNote.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetThreadContext
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2708
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2844
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2844 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2664

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d2a237cd33987ed4f391f349206abaf0

    SHA1

    01c31af9f65f67c7d4fda0222c378be8a7b9b9cc

    SHA256

    bd2e0e74ba0e9c7fe319400a2489cf6300c744ca7c0a1bcb1cea9992d25295b2

    SHA512

    98ac868c79a24278234e877327857bf35ff54f78e2927ea9c47afdd57c2375b3d245f1071ac6703cca8e8dab8768671498cb0cedcf3e4bec1866abc2f4212bf9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5ae3fce2c3ac68c75197c10b67715a90

    SHA1

    d533dc68820ca7accd01f4493411df2a90c9a272

    SHA256

    7c80982b275f8ef435ef32326c79447f13201ddbe8f03491a63422e62f996667

    SHA512

    16ea0731d8db9271c755922a60c1f75fb94563477ed3896ef1f2ae9adba874f18d9f4daaa87049f12d14681a6bb051b69f9b6b9d66af8a39d5ea40e2ff347131

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3bb76c95fa84c728c1cda0782e377815

    SHA1

    e4a11d45cd7aabc088649ffb6795b310b8df3ac1

    SHA256

    50a5586f28dd8a121b966b4e234746b8c4df0a6b02cded46a96ef57623010572

    SHA512

    a2123bbd3a5fd5dbbcfc4f4278a32c6fcc9d4bc875c0ee1f74b524bdfb7e83620edb973313ca10dcf9915c7408f30bb84728d085916dc0a6fb909dfa5cf40846

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    13471b7836e1bc238dea7854493af512

    SHA1

    2f5d97cade672d20667426a4a78b6ae3d08c1294

    SHA256

    0d38008e0b00da5bf44b7e06ab68d5f52844b62869545aeee9144650ec09d7e1

    SHA512

    444725702f965e9e79fd841fa1b68dbab683ddb1bd1c72f98819bfade8477e421f180427ed5d9ab0d88f7005f1bd46b0452860313dd70b7c636dfbeb7a4d0118

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fd259b39d75b29714d954bd59e306bd5

    SHA1

    29da69b9f0b75a100260c8a3d317795e8cd29d4b

    SHA256

    dc7ec252a9936e6dc6fc233baf208a953c9ea62d1ffc72c7b7cc4e18843e6f12

    SHA512

    8a53a26c9992706b883c4277755a57ca0856414d5ae51190f94dcdfb601c681242df8e953224a68063026d37186d2b30d2bd31f41fd5c2b7b47d66eebba77d66

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    24980784b31c48db2623051e6bc3f99d

    SHA1

    1d0cd259d8f1ec22aee888bdaa26534c0b05df72

    SHA256

    d8857d57827ac168d21c41af3658b300cc96436e628e5529c70842d21d811bd3

    SHA512

    277c2d9243b9261fbe4ca4cfa8995a31c80de33c7ed77b890e0cb6b62c551e635d5def9daffe9e0b6b306b151d2260c1523d779f740fe02ded9ae5481327b3d3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0d6d0fce84d2b0fc34bc149f869dc158

    SHA1

    a2e410da5f4bb03d82e59baa1edad9b26cbd49d0

    SHA256

    d2d959413ac2c86e9d7f573b20b84d8ecc25eac515277ad0c5568a0ff73b4326

    SHA512

    7af92eefbff29c0c8af2967d114e6fb2dd5e7bf18d74dca1c92722c66ca70c41ddbba1b11748004e6d861aeee25c9749e9e7ae86e8a881e63b2874cbf450f551

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    65cbade863abf2aabf99c004ee57a2e2

    SHA1

    5d301c06af99b29f47b1e92c0bd0b36a35c08957

    SHA256

    dcbe62789e8b02a5415eefa7b6e26eca6e55375643c0d8741d8065bac7e899b4

    SHA512

    ba9fa56ad1a43d69aa56252328f9c9a5ef9e2b06ef6cdad7daf3da12d5d0dabdd3461f0bd762629db3e45cdac070a75d3e9e8658229649787dfd76ca8972a905

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e22f771d20d34189e9ddb0c7330f0b35

    SHA1

    2a1108dc8dbbbe3f334208b8fef36c1dc0a50347

    SHA256

    ec00514d3f8c63404b3a388840336aa3f3da0f1f9738d2a0c358122af741f29d

    SHA512

    b218d746022086794bf8adc1f0d820b8f52d3794ed0268f0ac3b43e9a730f03e8780dc7a163cf4739b3b86f108e584da8fb2d325bca1e0a945b633c172bef189

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fe9b1ee58a0800a97078b90ec21cabe1

    SHA1

    8f5e5fd8f627d4a757870c04b61bf37b75de7ac8

    SHA256

    84995e31bb0eb108760a2bb94f1bc04f7e238c63bc6bdc23a8dc8fab822d1224

    SHA512

    ae6033b720325f24d121c864b23f1d4599a3dbeda15c5d9849a0cdd3471e964bcf2e5822a96f990f6322bfe0575755ebfeb291d518991bb0386a9feed000af43

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aeef1e89d1769de7cafcad512c28e4e2

    SHA1

    f709ecf408d3c02613f88e385851a80228525a9d

    SHA256

    82adc9a30fb514940316f887419886caba143c1d59aa33767704997181ac0d66

    SHA512

    8330e540b4024d0913ddeb88864f8db305eb1938cb3738aa46b4f793f929a154fce3e3c24ba86ecd25219c6ddabf8b48fbeb7b2f2326f57f20a96181468cb23e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    91feb129459d66a3d774e3fe8f5784c8

    SHA1

    76087223e985a6edf61018fb056846510157be28

    SHA256

    b7d537d17215c82c2cbffcbeb474cba1e67488dbd0f959cba1a95b30e2468747

    SHA512

    0768b991610c0b01bc35614441481079d8bbfab5c9be4cf202853758fe7e70ddcf4efd78f9294520f8196e60c7e4e31e6dab682af893e15a3c46722142ce80fa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dfc2e5e85a4f3a966314a3aee549e2cc

    SHA1

    196a908fadabd2c43d1c8749d728f0453137d408

    SHA256

    af1bde2123a2c2a25e8ca47f2be96ad9d1fbf5a1099b342a24f926c0c013ddf6

    SHA512

    5445e60d7e1ad80e3523a1f6b4a08e17f6d629d70c4497a5bc0be106aabd525303686e9454eb7c4c9f723b07f91ed619b455cf2ea6668ef01a63930a264f0ea3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    173ee31cf9a60108a864542dd53705b8

    SHA1

    368bb2032aceb7a290bf0b3a3787fb69f1b22786

    SHA256

    bb87909e37e1beb89a73369ccb49c541293df11100f60285d57c251e75e077ca

    SHA512

    d135e9afab4170f5e96f1f9d88565568abe4a84550d38fb38ac672e8016dc581310d367828ee7e50bd0ca99c758ecafe4f30a3e5bbd260ead17ac4933836c37a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    abd25ffcbe0113e02a7d9d7109832388

    SHA1

    f61f8c62150bb8697369c27a94a5b6e6e7efc1ed

    SHA256

    43af2e09e255d1920d6187d86574f62b3aaa768fbfcc1f9b46adc444478651b3

    SHA512

    c8559a879913b75fd8c9e962efabb101a7d8555315e8b859987c268efd8a62422bf9842e5b636fa986e79141aa7bb2c81294fcf24e099d8700eb9271b65971c2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    facded6143adc9ddd1780b05df83d42a

    SHA1

    2c375ba71e5a15a4163c003f56737e09cbc637ef

    SHA256

    76be5dc7f3dd3fea5e9495d2cf7e0e909d2da95c16d7636a641fcb2cb871a765

    SHA512

    6f577222507dc79304e81bde6be1040ab7e24f2b498bddb26c10a39265bae3aef6d564314eb88f67754781ef5db1af78f413e3b9a0e8b8089e1b26a99b9e667c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    05db725fb930f4210dc8d7dcb5ef604e

    SHA1

    fa677a4dde86b279dd6b5d3ae8c97b013f358de5

    SHA256

    c60f1dfbad3a08bdaf41d8e7ffb132a28b40c6c82e05004c727c00814302cce4

    SHA512

    7878f554c2d8ebfcb456e7378eb127e65a323756dfd3b05c2037b5b09d3477d67ad4ae569597d4d783dc227505ca6e665347a773ba12de86a2dd3bacce9f9f85

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5d2bd2f6fd686f0eb1c3c65d53c1238a

    SHA1

    ba0ad1f79b4620bd69cd36bd46a098e3910603e7

    SHA256

    2ba0280bc9e0f01fe19a2d4b5b4fbf5ead0c343f81dc3837382e93d22cb40ea9

    SHA512

    3a92a7b52d3c65cf0099c56f8181247854b5f182676b8e01d3d43f758b99ea576eefd1f7bf485bc8d02a4a8df4df616ca8773b0d73e992b506eb7176536302ec

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab258D.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\StikyNote.exe
    Filesize

    388KB

    MD5

    7fd7e8d15c002d5b78e4b6c0efb17319

    SHA1

    c74948b0b72a9a2c4365e3caa9788344a4631b7b

    SHA256

    56ab59ce5ea456d97d2d9f8eb0fb842ef03ce8c68b6b1296dbbb7a40b074d847

    SHA512

    ffba0076ec3c18dbaae4cb85bbb267b5d90762d5dc95f0fe153ec1d8725df17a64c36bd04407fcb15a74317e1becd8826b011cd25dfe368e105426d95310c860

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar25EE.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\setup.tmp
    Filesize

    47B

    MD5

    72a392628d7f368bb9bc9689a694f55a

    SHA1

    feacee9c66028a333446f2c968bcb3d567a4033d

    SHA256

    afa60141aee93d7e3f3d8d296e36de9956f588a6cad99f8e79ce36ab88e828dd

    SHA512

    76f40be7d3e0de960c7bc199fd094c64588841e5b6a1b99bd7fd2e3b53f9e381ded992ee6d67848dd4fda755416792ff6e29bf0acf1a348796dcf7e9bf96229e

    Download Submit

  • memory/2692-2-0x0000000000090000-0x0000000000093000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2692-1-0x0000000000090000-0x0000000000093000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2692-4-0x0000000000090000-0x0000000000093000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2844-14-0x0000000000400000-0x0000000000469000-memory.dmp

    Filesize

    420KB

    Download