Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    15/01/2025, 22:07

General

  • Target

    2025-01-15_035cdf44da0eb8d5e010d733bc89a058_mafia.exe

  • Size

    1.2MB

  • MD5

    035cdf44da0eb8d5e010d733bc89a058

  • SHA1

    3dffc466b9274b6de0ddbe8c49934fab81dfc827

  • SHA256

    b2aed06117f9fb6295dcf698690fb177a8838524009039f08728ca5f34b9af64

  • SHA512

    22244991602cefdf18be80881140bbafa1e556ae14ab522c72a9eeb3544cb0b4dfd18df016f2f86a65757db23e8d02b10d75fcc84b2b1e99be9f273a87adfead

  • SSDEEP

    24576:nv1Okt3JTNuwgFgx6/ZmSyl7V2LOx5CCIcIEOZ7mrHxiO0OAoR:vY43JTN/UgxOmSCacCCIcE2H0ZOAi

Malware Config

Signatures

  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-01-15_035cdf44da0eb8d5e010d733bc89a058_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-01-15_035cdf44da0eb8d5e010d733bc89a058_mafia.exe"
    1⤵
    • Checks whether UAC is enabled
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:1568

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\i4u2ih554\gui\3253.html

          Filesize

          25KB

          MD5

          b049d19758f143bba1112ba1fd012919

          SHA1

          06ac1a6380ccffcdb9900abb6978d5b568aa10af

          SHA256

          a67fa8a1af90c89c53eb44820dcefc77aae48899e70490167d8632296c05b983

          SHA512

          b9051dec4db2f296534d87c34a4d93f45b6033043e33e267e69c72b3e850c4f972a6d234fe26ff684a1b3b9844f1027be6543fd1f5109e00a4b26afd3e15a2ee

        • C:\Users\Admin\AppData\Local\Temp\i4u2ih554\gui\page_3407_attr_3.png

          Filesize

          14KB

          MD5

          07eff5d0bc9ba7e4391cdee940c3dba1

          SHA1

          eb2162d63453945a0bb98546d2d926a53cdcf273

          SHA256

          5522ada4424016bc3e77c6a9b09c8e7c37754141ffdefa0ebcb257df859ddac7

          SHA512

          e30a54942b9144791b9925240ad512e99279533cc01128ed8c3cee3f20f43aaa440f803635ed04a48af9024634314e45b5a40600b258cb6a3594a82633d09d00

        • C:\Users\Admin\AppData\Local\Temp\i4u2ih554\gui\page_3407_attr_46.bmp

          Filesize

          41KB

          MD5

          19cafe521085d306aa66d256bce120c6

          SHA1

          a41ae63f80dc451fb68a34f64aa86867f2cdbd6e

          SHA256

          ce22b3fa0bb7ad842657737c51a287caea2623019fcefbea4906462f49e31894

          SHA512

          936e0ca8f2accfaba11dc190e89ae3d19e2ba0963824e87c24ab7e1cc006cc7232163c90924a1e93abe7d602b64b4b5543544e114d9059ea56b6f28535c8527d

        • C:\Users\Admin\AppData\Local\Temp\i4u2ih554\wizard.xml

          Filesize

          6KB

          MD5

          f17864add07402113e4a4100d55d827b

          SHA1

          7780bb377a6a7da1d277ba7f31ae84596c93bf5a

          SHA256

          b252f23c60c0bab71eb634e3afe15e9ca441cbc02b03e04b135f385226b6f603

          SHA512

          21f6f825964c2c096aaa15c403eb446ef0fbf311107f1f144f260f9a8fcd312b21068289884187ccf4b0756159a8260f3fa5178504b7037e5caae525ffb69d95

        • memory/1568-0-0x0000000002820000-0x00000000029DB000-memory.dmp

          Filesize

          1.7MB

        • memory/1568-88-0x00000000027F0000-0x00000000027F1000-memory.dmp

          Filesize

          4KB

        • memory/1568-162-0x00000000027F0000-0x00000000027F1000-memory.dmp

          Filesize

          4KB