9f98b52b11e769d47f7c6293a26ed53e426a5ae26f0585b01e44f4d5c2e0cc00

Analysis

max time kernel
79s
max time network
69s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2024, 10:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Mafia II Definitive Edition Arabic.exe
Size

7.3MB
MD5

5d699097a26a81f53a052d36dd8f0a84
SHA1

0ca62a59a064190fdde032069385b400a44c7a98
SHA256

977133a0a8dde6b5f0329bec11f9a7707fd3b989256f2e007edf6b043f5ee350
SHA512

cb2572a55b5083965f99412b8c3a7b86d0b0a2878db52d180a9369604a2369f22efc6b9f0f853bca624034bb2fb2ca2e3df14c0d86781b7b723b487abc805b10
SSDEEP

196608:2mY+up2JUWcrX6akwp6nZ35iAWfOPakCVkIP8:itXj6Z38AiCakiE

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2280	autorun.exe

Loads dropped DLL 1 IoCs

pid	Process
2280	autorun.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Mafia II Definitive Edition Arabic.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	autorun.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2280	autorun.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4616	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4616	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3696	Mafia II Definitive Edition Arabic.exe
2280	autorun.exe
2280	autorun.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3696 wrote to memory of 2280	3696	Mafia II Definitive Edition Arabic.exe	83
PID 3696 wrote to memory of 2280	3696	Mafia II Definitive Edition Arabic.exe	83
PID 3696 wrote to memory of 2280	3696	Mafia II Definitive Edition Arabic.exe	83

C:\Users\Admin\AppData\Local\Temp\Mafia II Definitive Edition Arabic.exe
"C:\Users\Admin\AppData\Local\Temp\Mafia II Definitive Edition Arabic.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3696
- C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe
  "C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe" "SFXSOURCE:C:\Users\Admin\AppData\Local\Temp\Mafia II Definitive Edition Arabic.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2280

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x518 0x514
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4616

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Audio\Click1.ogg

Filesize
3KB

MD5
93270c4fa492e4e4edee872a2b961dde

SHA1
7b3c079d55d00aa5390662f0a2059e60546ed003

SHA256
25d49cbbd65d48ad462455f1143f73ee997df8f747e7d2213daab18e321c028b

SHA512
3d12721eb229d9227efc51c8e93d5f3ff6cabc305b643b764fcd6da76c031db4c8218b76b1f6158891995f23ce323c13826f59477924361cfb0dee2b9f94fb42

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Audio\High1.ogg

Filesize
3KB

MD5
fc2a595f574b1ead82a6dcf06492c985

SHA1
400626784368fb9825a954ab8e14238054a277d1

SHA256
ee9a4903a8df90eff4c5b65a8073e564a3581cf73772a72eb82396e69932e769

SHA512
06506e70170a85a2d697550bfb555a19e210e93b972a38a482448cf8eca335605583d04f74f5fdd2911203c58aaca2f55b946c2dfe754ecf17c6b1763b7e37db

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Audio\Mafia 2 Soundtrack.mp3

Filesize
939KB

MD5
e361e9ac3411574e6ac279619e19509d

SHA1
de0de6d9786c006242963fd5d344355110af5316

SHA256
1b9061b0cb0f4768566debd7a2a4a68f9f4c48c8d86c67d3462809401f847752

SHA512
585e920849e68e4fa7d436c26001821102882a1df856fd6723403dc5228dc185838524678e484c4716e5d4ef4181ed7e3d9ae5c20f58fb3c94623b73c112db02

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\Discord.btn

Filesize
20KB

MD5
290e2c1ae520efebcff62445b6f68d24

SHA1
d7c1c1b5b6bb566cc76b7770b44484b0e9c9f0b6

SHA256
d5d20708b3db048bf1e90b166b0a42f6e05a8b3978e3b062e9af8b240a95cf8d

SHA512
88ee2a7c4d4b923e8ff79390aa08917d3e52da021649d3150d94f016776de6057c930f25733735a680031020020188ccae24345263f62e28cb941bded3258ef4

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\Exit.btn

Filesize
5KB

MD5
aaeb6f13f130396dc404d3bf4ad81f89

SHA1
f29108dfffe089fc8437e33960ac5e9deedebabb

SHA256
6da1f1b370f07b71ca1155dbbf48d4547c970189ab27b899e06abb7e72b932dd

SHA512
20fb0004d2cb4f7180ed6ac700ce29cbe1d1056d6f23f004d57ed264dcf5bfa888632c4916a155923689c23380175e7d6fe1677b0c78943f20f9673424929030

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\Exit_1.btn

Filesize
5KB

MD5
3cb0779e82e95cc4d4e6b3834db43d6c

SHA1
f757e2671776de6d40b81b559a745d1a622c46b2

SHA256
f249120b09c51d1ca9677a8db72df8d9ed943e03d8ba154341cb4d96c9337a36

SHA512
3f87edf1974104697d16dfb7034e0617ea94c0a0a56f5f62ed7c56887000d535f65b376488ca0587308afdf2e7f3107af533167d1098eb74ba6191f4a05f515d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\Patreon.btn

Filesize
21KB

MD5
42f9c56f7a52f4d3445f90c9b9a25d24

SHA1
861ac091e3bb67d1d745ff6c201d31b13f539a96

SHA256
cc381c1fe05c6c95bffecae62c33f4d0c9fc21486e6ac374d9727ab5769602b6

SHA512
607628080b0bdd9332e04436e1aae74b1c365fe31e3019120aad6b9805e7fedeebcff75a82af666cb9c5521745e9e1310acd2a6fbcaf303dff2dd2e5e465adfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\PayPal.btn

Filesize
27KB

MD5
8cebf6a3b52102d7598387b1f885cbe1

SHA1
1a288a30fb28d3ccc2c717f96a6bfc73b0866f93

SHA256
94d30c667279359683e5b9dcf2a20c7bd4f0f9a5c88f3b03cb4356d3e42172c0

SHA512
a50894519b9e01dd9d292f21ff80b466c72663e2a12d22040cf02b9e203ead3cf75921ca26e3f404c501bb64ae6ca2abc21d0b401f949da7dbd2d0819daec85d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\Youtube.btn

Filesize
30KB

MD5
5c5fb9ec861063f6e64e1eab7b3dd467

SHA1
94938e7754a31d4ceeb576794f4f2ce8a9c38b51

SHA256
c542cee8a24d5dd112b5fe3e6d37ccb8f795c3d504574330fee8dd4acf1d415f

SHA512
c4fcfda00ac46e61e5081da73d554068ca5801222f14624528e8da591eb9d6643b73f06832d993607f47517a7608ba023587b5341ef5a9ed90cd957f1f265503

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\button.btn

Filesize
3KB

MD5
0de75b15ceea331012eece176c3a8c7c

SHA1
fc2a88c627c53c280879dd5e85d0aed26f587026

SHA256
de16e0369e6ebe52d0bce306d216a61a90bd1e02ac6e51ac1a610a2677ca1d55

SHA512
3225c9f5abee7f42e65352bbc7020f0807a1e9b47b4d2e844e539b6ed6840090169181be80db7080da4d4977e04bd3120dc5b9933f62966a3d50acedda24f5c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\button_1.btn

Filesize
3KB

MD5
57d5cd2cfb2ee9c65bbb73d056e85355

SHA1
c9659a619b5db4e433788c6f67d489dcab421eaf

SHA256
128dbf94b895cefb60ee7f3609e93ffffef0a5c9decd4a63be99e369989dcc9c

SHA512
ecf4f5e65edb2687b40f0299bf93d7faa9a88f3de4ffc487d12589bf338790ef8d863839a8e12febfb1d426843050912351eb93503106e5c0189f4faa6c3ced8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\minimize.btn

Filesize
6KB

MD5
0817cc7fecfa8c77729ae5c1f5cdf6ca

SHA1
0e62d6aef9b67140b47b1ecfb52b2f5e9039e1c6

SHA256
2c1fa95bbb0cc8b3ff13b2fcf1c432530325e2d065f84e200da42f2ed853f1f2

SHA512
7451e57e809d22e1fdb328d244ab58ab601c74323a434bfe57862f601d0d7edf6ca1a49dd5cc473a0a31f9c5be2267e66fda6e486b99c9998d80718a4203488a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\Input_1.png

Filesize
2KB

MD5
ffad5426f53d8fd6680016d5bfc650dc

SHA1
1ad572f05a9e78d631cbdcdb7556306e8c2dd521

SHA256
aa6a603b893aa5280849c7586052c8ad7815471d19c55e30488c95c43f74525e

SHA512
4e31b0c4b713fa63d8698971cb822975e9f5d8ef14d9643c4f1ce3edfc31b9019dc8447c8c9d466cefcba409d8a5a28bf5a1fdf63e0e39c8ca045be6811bf809

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\bg.jpg

Filesize
45KB

MD5
08fc0d0901c5d6615ed80a17c4d873ca

SHA1
7a54e902cceccc608a988b412502289699d563ee

SHA256
9a4f10a1010db2add89aaadeb271d4cc6064fb1d09b4f549e9b905b44fa86a6c

SHA512
e35ade6c249a5984dc1ad4338c80a643a7142ca88ecdccb0d71e17fdee5a3f356f7e2ec9da0348ffd807cb9a927eff1e356675ee7dce88b322340df1e5549d2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\border.png

Filesize
4KB

MD5
06819e7f323f45ac9face3e371c66208

SHA1
84bad47d3683e321ca2801dcf0e604c8a5e37eb9

SHA256
acb84ecf9508b26721172836be142db14c3c24603cca2ed9f193c1d964303d24

SHA512
8b39fea27ebc2f6cfe0637aadf22be0a7498a68ef237e4900de033f20d72321ae1db81e652df680c19dab10e0101be6548fd91b772a7610e54fa38bc18771df1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\logo.jpg

Filesize
41KB

MD5
82a8e3073a438e3435efc92e08f2a96f

SHA1
d708d52f557f0f0b8963bb1fbd354854f43c10bf

SHA256
30f83e1afd8044003ca677ef46bbd920a4b42fde0e20a43534cfd4653634a0af

SHA512
8d5f657b0575231afcd089ca1b220c26683c80e0a039548d60734eda1d2cf62da17388d421c2295588c2d5c71b50609be64a5cd396e38b77c58ad4d3694132cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\sound on.png

Filesize
8KB

MD5
2fa8e89bdf7c0cdeb1bcf2914fe8f0e1

SHA1
5ade04087d66d1bc61edd5823009b3002b709a50

SHA256
8976050cd9ce6c08d8def55f3523d4a66d5a180358f63d6b261daf13c3b35622

SHA512
51f5a522b167f3743d6f8d6d97d3dd181db1db68f13b7fd3fdf701226a8e991e17bc598638418cd9e56fb053d0962258d114d7c5844a7bcead75ca200f42c2c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\autorun.cdd

Filesize
2.1MB

MD5
5f9c8a6d10ddef806b5c03c022fe7cb9

SHA1
d1706315901e170cbccee1ef2a35875d70dd6252

SHA256
0430523d2397fa92ca7ebe280b8c94e46c37111a760df20d9ac0232d343c0a39

SHA512
7ca12e194f72cda8b21e17767c3260ec5a9da7d2ce67b31bd61a06bd38b2c46c1d5bb34c704826bfd94d8fc7260686fee9bd60fb6fb00e61b9a8c978e488e86c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\Mafia2.ico

Filesize
363KB

MD5
bd9fc49bfaf8a94eac4384b808246511

SHA1
b638582577b409a1b8e626ea595569be86dc87a6

SHA256
a44c986dba66aa757e85a4f361c75f7ea7597cc6b6c25cde03f5e274f3fc3825

SHA512
16bb7c3bc13c3c2e42efb8326189f19be022261ba86f7f6c0aa48bcd52fd4001d63c32304a81c4ed73819a213356ab9c32176bfb306e7ec618dd26747ff4f2c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe

Filesize
6.4MB

MD5
5fa00850c711ff24006a18fff2f497f1

SHA1
7c13df7a17a30bad68e9b9ffdae4c46b9ef684d6

SHA256
17a83c9e78fe30bc898de92008a863a23b850e9b7902e32148a824729fdefda3

SHA512
e2a886be587d5f60d15ba39af6c0ddf9972548263e3f7619dd6ec0a0edb8c839ac249d9a3c013b6707c173ccd11ec2305e25a97362f7494c38756430c1697ad2

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\lua5.1.dll

Filesize
322KB

MD5
c3256800dce47c14acc83ccca4c3e2ac

SHA1
9d126818c66991dbc3813a65eddb88bbcf77f30a

SHA256
f26f4f66022acc96d0319c09814ebeda60f4ab96b63b6262045dc786dc7c5866

SHA512
6865a98ad8a6bd02d1ba35a28b36b6306af393f5e9ad767cd6da027bb021f7399d629423f510c44436ac3e4603b6c606493edf8b14d21fabf3eab16d37bd0d25

Download Submit