Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
10-01-2024 06:04
Static task
static1
Behavioral task
behavioral1
Sample
2024-01-09_ff956fc3cf157816d44d002436a01854_mafia.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
2024-01-09_ff956fc3cf157816d44d002436a01854_mafia.exe
Resource
win10v2004-20231215-en
General
-
Target
2024-01-09_ff956fc3cf157816d44d002436a01854_mafia.exe
-
Size
384KB
-
MD5
ff956fc3cf157816d44d002436a01854
-
SHA1
1421ca4f379fcf033a2feb8df9a69c5a4ac848fb
-
SHA256
be5b23d824f4b84deeba0c464191e0d9a3a0442334b145d3a9aa1320c893d480
-
SHA512
eb18c1e56cee39417a90bc159863738f172e46f7dce36cb1cb6d667ba12f50512a2c6144cf0999e397532865595febbe832614d4ca31d76637f1caa069193257
-
SSDEEP
6144:drxfv4co9ZL3GBGgjODxbf7hHPzQH3206z3X1pk5p+dAQ2fLfChjOsrWFZ:Zm48gODxbzZzQXejFpSpvQ2fLCZbWFZ
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3004 686.tmp -
Executes dropped EXE 1 IoCs
pid Process 3004 686.tmp -
Loads dropped DLL 1 IoCs
pid Process 2924 2024-01-09_ff956fc3cf157816d44d002436a01854_mafia.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2924 wrote to memory of 3004 2924 2024-01-09_ff956fc3cf157816d44d002436a01854_mafia.exe 16 PID 2924 wrote to memory of 3004 2924 2024-01-09_ff956fc3cf157816d44d002436a01854_mafia.exe 16 PID 2924 wrote to memory of 3004 2924 2024-01-09_ff956fc3cf157816d44d002436a01854_mafia.exe 16 PID 2924 wrote to memory of 3004 2924 2024-01-09_ff956fc3cf157816d44d002436a01854_mafia.exe 16
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-09_ff956fc3cf157816d44d002436a01854_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-09_ff956fc3cf157816d44d002436a01854_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2924 -
C:\Users\Admin\AppData\Local\Temp\686.tmp"C:\Users\Admin\AppData\Local\Temp\686.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-01-09_ff956fc3cf157816d44d002436a01854_mafia.exe BC0EF793863B856F6D69DF9F4A7349772ACA9FC2C959EA66899D520DEE4B59046716ED9680357973785BF042BA9EED2CB3D9B3FA616274C227C2B2E546E15B462⤵
- Deletes itself
- Executes dropped EXE
PID:3004
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
7KB
MD5624d31fad0e7afd91ff90cdfeb0383f1
SHA1afed5625fe5613c365b9aac25026273c5ee434e5
SHA25666114fd56949b4003130d842a51f25b5ff7544e0f90f8a82a39012ec3fcd81dd
SHA5127d419ca129d9e124b0ff5fc33a670bfbc543335bc976546a173dd39baad31c494a4edd9d1f2a486149bdd884ab46f857d530846c5fbe049d39f6e128a69ed89d
-
Filesize
39KB
MD52c4b5b4f2f01a4564d067f21263c87a6
SHA1738dff815ff3e592fd76a965895bfb6dad2c94c6
SHA25675f530b7df6daea956a7a51b29e2b799c67148a98bea17ffab290620f2077d1e
SHA512c03783789ad789abf4abcc05f41e5359a31b4509649ed5f5b71b967462d7e778eaee1847526be5211bb84b498bf4f05d95228e495b46ebddbdeeba412da9a1e0