Analysis
-
max time kernel
118s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
07-01-2024 12:10
Static task
static1
Behavioral task
behavioral1
Sample
2024-01-06_64304c9ecb939abf62d07438b242f93e_mafia.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-01-06_64304c9ecb939abf62d07438b242f93e_mafia.exe
Resource
win10v2004-20231215-en
General
-
Target
2024-01-06_64304c9ecb939abf62d07438b242f93e_mafia.exe
-
Size
486KB
-
MD5
64304c9ecb939abf62d07438b242f93e
-
SHA1
4a3b5d2018f6af0c810ce3cf617376e9b158050a
-
SHA256
aa621d3b021344da9b398bd12b967323b129ac21651d99e7e04987075bdb83f3
-
SHA512
d34d5d36adc43b935bd112b53775f6c5c025d799066f154c48c431306f84ebbe9f9922514709cbd67778772eaca3cd0ac0da6e34305335b253333ca51605d7c0
-
SSDEEP
12288:3O4rfItL8HP3qJonql5e5/uABz9cNMykET7rKxUYXhW:3O4rQtGPFnql5kmkBcpkET3KxUYXhW
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2468 73AA.tmp -
Executes dropped EXE 1 IoCs
pid Process 2468 73AA.tmp -
Loads dropped DLL 1 IoCs
pid Process 2184 2024-01-06_64304c9ecb939abf62d07438b242f93e_mafia.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2184 wrote to memory of 2468 2184 2024-01-06_64304c9ecb939abf62d07438b242f93e_mafia.exe 28 PID 2184 wrote to memory of 2468 2184 2024-01-06_64304c9ecb939abf62d07438b242f93e_mafia.exe 28 PID 2184 wrote to memory of 2468 2184 2024-01-06_64304c9ecb939abf62d07438b242f93e_mafia.exe 28 PID 2184 wrote to memory of 2468 2184 2024-01-06_64304c9ecb939abf62d07438b242f93e_mafia.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-06_64304c9ecb939abf62d07438b242f93e_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-06_64304c9ecb939abf62d07438b242f93e_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2184 -
C:\Users\Admin\AppData\Local\Temp\73AA.tmp"C:\Users\Admin\AppData\Local\Temp\73AA.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-06_64304c9ecb939abf62d07438b242f93e_mafia.exe D847BED8655E5917EF1CFABB76D826F6E3C3901AC67913C60DEDF4DCEE09F22A3C5375CBFC2755612E9D85D498D98E692265852CDE7FFEE3C4C9693C1110A6F62⤵
- Deletes itself
- Executes dropped EXE
PID:2468
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
486KB
MD5301a2d514124397539fc7e5350b0b6df
SHA1f966b1aebc494e0f12e81395eaae775677dea8f2
SHA2566057922ecc012d5e5aceb1a83051acd6dc37354be0c31aa7092e20d8d484633b
SHA51259053f0404eb4d4adca032ba9a625a90ff4507ab93c8a505b4792698aeba25d4b65bb4c5ad369049cbc456782754999e091da7ec1ef035a513d6c0ecb8e816be