Analysis
-
max time kernel
117s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
12-01-2024 06:04
Static task
static1
Behavioral task
behavioral1
Sample
2024-01-11_b6d47f4d0f36a043c3f6c312cc3430ac_mafia.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-01-11_b6d47f4d0f36a043c3f6c312cc3430ac_mafia.exe
Resource
win10v2004-20231222-en
General
-
Target
2024-01-11_b6d47f4d0f36a043c3f6c312cc3430ac_mafia.exe
-
Size
444KB
-
MD5
b6d47f4d0f36a043c3f6c312cc3430ac
-
SHA1
0a1968ce97d664e556720e6c6c7c81b177650307
-
SHA256
8582fab6ffead6831a163c6df50757917d31ee350e4da21b97d7033bcbf53fbc
-
SHA512
2cc8c48bff96f7a5de2e6e387bf45c3a054de632722683fc9ec44d2f3bee15c9ac3f4d947c9583957041cac37bef1f1c953ee82ee704cc46d8512bcf65669001
-
SSDEEP
12288:Nb4bZudi79LuJA/8S1cEMdOj5PyrgiyI3j7A:Nb4bcdkLuJW/TPyUi
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1700 A083.tmp -
Executes dropped EXE 1 IoCs
pid Process 1700 A083.tmp -
Loads dropped DLL 1 IoCs
pid Process 3032 2024-01-11_b6d47f4d0f36a043c3f6c312cc3430ac_mafia.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3032 wrote to memory of 1700 3032 2024-01-11_b6d47f4d0f36a043c3f6c312cc3430ac_mafia.exe 28 PID 3032 wrote to memory of 1700 3032 2024-01-11_b6d47f4d0f36a043c3f6c312cc3430ac_mafia.exe 28 PID 3032 wrote to memory of 1700 3032 2024-01-11_b6d47f4d0f36a043c3f6c312cc3430ac_mafia.exe 28 PID 3032 wrote to memory of 1700 3032 2024-01-11_b6d47f4d0f36a043c3f6c312cc3430ac_mafia.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-11_b6d47f4d0f36a043c3f6c312cc3430ac_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-11_b6d47f4d0f36a043c3f6c312cc3430ac_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3032 -
C:\Users\Admin\AppData\Local\Temp\A083.tmp"C:\Users\Admin\AppData\Local\Temp\A083.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-11_b6d47f4d0f36a043c3f6c312cc3430ac_mafia.exe 460A16A9A9EA3E5BD373925412B1ED51BB64BDB796863D4139420E4CFD22676954558557F9914D8BE4E8EFE8BB22276481EEA8DF5A9A608F6DE502D88BB49EA12⤵
- Deletes itself
- Executes dropped EXE
PID:1700
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
444KB
MD5d3064b0d2dcf3e335c35f64a92f14d07
SHA10b9267c6a381dafacfae9e109fbe13821d4e3cb3
SHA256a5905492b1b81dc4e14df050163a010d401596550301b99a978f8f32d73b83a6
SHA512d16f40d8f12b66058dc73bca7bde190a64eda039cf0dff26cf4a8db7cc1cd158ba30298aedafdce7f559ac92d2577325874bb1b349fd7898e831316791e7d24e