Overview

overview

10

Static

static

10

f5ae5532f1...b5.exe

windows11-21h2-x64

10

f5cb51ffdb...c0.exe

windows11-21h2-x64

10

f5ed127464...bc.exe

windows11-21h2-x64

10

f62837f3bc...7a.exe

windows11-21h2-x64

10

f628fa20e8...3b.exe

windows11-21h2-x64

10

f640f01e80...c5.exe

windows11-21h2-x64

7

f66fa3036e...07.exe

windows11-21h2-x64

7

f68f044685...50.exe

windows11-21h2-x64

3

f6ac1ea5c1...25.exe

windows11-21h2-x64

8

f6b7978847...1a.exe

windows11-21h2-x64

7

f6e2978004...35.exe

windows11-21h2-x64

10

f721adec82...71.exe

windows11-21h2-x64

10

f736c152b3...c8.exe

windows11-21h2-x64

10

f780377dd9...c9.exe

windows11-21h2-x64

7

f7a96bf083...c8.exe

windows11-21h2-x64

1

f812ad48d0...9b.exe

windows11-21h2-x64

10

f8173be0fb...a4.exe

windows11-21h2-x64

1

f835ddaf49...d7.exe

windows11-21h2-x64

10

f846950431...1c.exe

windows11-21h2-x64

10

f89219b77e...00.exe

windows11-21h2-x64

10

f8a3f1d5a1...b0.exe

windows11-21h2-x64

10

f908d30321...39.exe

windows11-21h2-x64

10

f926cc363c...a8.exe

windows11-21h2-x64

10

f947bf8f07...dd.exe

windows11-21h2-x64

10

f97418dbfc...06.exe

windows11-21h2-x64

7

f98ee08aed...cc.exe

windows11-21h2-x64

10

f990d850e1...f8.exe

windows11-21h2-x64

8

f99ae4a378...93.exe

windows11-21h2-x64

10

f9a573b21a...18.exe

windows11-21h2-x64

10

fa0d8e0c80...8e.exe

windows11-21h2-x64

10

fa8e531e08...84.exe

windows11-21h2-x64

10

fa942bbb98...d7.exe

windows11-21h2-x64

10

Resubmissions

14/04/2025, 07:51

250414-jp1kfssjz9 10

14/04/2025, 07:46

250414-jl9nyssjt9 10

08/04/2025, 15:58

250408-tevasswl18 10

08/04/2025, 14:19

250408-rm2nqsvqw2 10

Analysis

  • max time kernel
    142s
  • max time network
    112s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250410-en
  • resource tags

    arch:x64arch:x86image:win11-20250410-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    14/04/2025, 07:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f89219b77e5fde5a7a1581e3e4cc0b00.exe

  • Size

    294KB

  • MD5

    f89219b77e5fde5a7a1581e3e4cc0b00

  • SHA1

    557c9ff996b42056c0531e63ebf5e7d794b23b19

  • SHA256

    6c8d0a52686544703953357f4d7655e5e1a27a90e2f1aeac9eccdddb618333e5

  • SHA512

    9ba62300e547e971ff79e4ec0209e07197414071ddf0b90d4a951e06a82f258ab2abcd9653b5fdeb5febe9b6fc8b6a28ce52f7360d94b63283fd0485168b6a40

  • SSDEEP

    3072:bC6UBkwelNBVB18I8qk49NWa+miRztQYi+GVnkgLmVv3yniVH9T2mZP:bdHvH8+k49wa+LRBQYi+OkgKLVH9T2m

Score
10/10
mafiaware666discoveryransomware

Malware Config

Signatures

  • Detect MafiaWare666 ransomware 1 IoCs
  • MafiaWare666 Ransomware

    MafiaWare666 is ransomware written in C# with multiple variants.

    ransomwaremafiaware666
  • Mafiaware666 family
    mafiaware666
  • Renames multiple (110) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops desktop.ini file(s) 7 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 5 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f89219b77e5fde5a7a1581e3e4cc0b00.exe
    "C:\Users\Admin\AppData\Local\Temp\f89219b77e5fde5a7a1581e3e4cc0b00.exe"
    1⤵
    • Drops desktop.ini file(s)
    • System Location Discovery: System Language Discovery
    PID:3028
  • C:\Windows\system32\BackgroundTransferHost.exe
    "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
    1⤵
    • Modifies registry class
    PID:3684
  • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
    "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2432

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\49bf93a0-2174-4ea6-9448-5b3dcaa8465c.down_data
    Filesize

    555KB

    MD5

    5683c0028832cae4ef93ca39c8ac5029

    SHA1

    248755e4e1db552e0b6f8651b04ca6d1b31a86fb

    SHA256

    855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

    SHA512

    aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
    Filesize

    23KB

    MD5

    8eac0df6d05d014fbbc51e0139015737

    SHA1

    0260efbfe34f79a361e935cb0fa5a0e58ae23d0a

    SHA256

    18963958c728bec48aa034995bd4a54bacd61a548c7475e51002604741bbf5e3

    SHA512

    1781707f9fccb71db5f19552f877629337fcdd4b8f946398beb2f2b641ab2df3e53d0cd5f5588be55adb0fc821d274462ba75fac408c3f71dd77cf0656c8f787

    Download Submit

  • memory/3028-0-0x0000000074A8E000-0x0000000074A8F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3028-1-0x0000000000850000-0x000000000089E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/3028-2-0x00000000059E0000-0x0000000005F86000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/3028-3-0x0000000005360000-0x00000000053F2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/3028-4-0x0000000005340000-0x000000000534A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3028-5-0x0000000074A80000-0x0000000075231000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3028-6-0x0000000074A80000-0x0000000075231000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3028-27-0x0000000074A8E000-0x0000000074A8F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3028-30-0x0000000074A80000-0x0000000075231000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3028-34-0x0000000074A80000-0x0000000075231000-memory.dmp

    Filesize

    7.7MB

    Download