Analysis
-
max time kernel
12s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
18-01-2024 23:06
Static task
static1
Behavioral task
behavioral1
Sample
2024-01-18_9491dec78fe7f230449f2b99ae244f3f_mafia.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-01-18_9491dec78fe7f230449f2b99ae244f3f_mafia.exe
Resource
win10v2004-20231222-en
General
-
Target
2024-01-18_9491dec78fe7f230449f2b99ae244f3f_mafia.exe
-
Size
499KB
-
MD5
9491dec78fe7f230449f2b99ae244f3f
-
SHA1
874cf9cc59787538987395db252148c0e6b21727
-
SHA256
75c192ed38cc90f4638302b2e65e2e892b655814d92df90a12e324638d3d5e2a
-
SHA512
799537d2b35f5ce79da911a856be83096d34a212f09b537cbefb45ac51a890844aea7a22935626bbdeafad085ac867928167918efbf5b6e5ec35bd15a754cf72
-
SSDEEP
12288:sO4rfItL8HPbaFt0VMrEGHhS8m6smODUux7dmsIhiqlj:sO4rQtGPbaFLrNHhR3smODfxAsIhiqlj
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2424 8C7.tmp -
Executes dropped EXE 1 IoCs
pid Process 2424 8C7.tmp -
Loads dropped DLL 1 IoCs
pid Process 2944 2024-01-18_9491dec78fe7f230449f2b99ae244f3f_mafia.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2944 wrote to memory of 2424 2944 2024-01-18_9491dec78fe7f230449f2b99ae244f3f_mafia.exe 30 PID 2944 wrote to memory of 2424 2944 2024-01-18_9491dec78fe7f230449f2b99ae244f3f_mafia.exe 30 PID 2944 wrote to memory of 2424 2944 2024-01-18_9491dec78fe7f230449f2b99ae244f3f_mafia.exe 30 PID 2944 wrote to memory of 2424 2944 2024-01-18_9491dec78fe7f230449f2b99ae244f3f_mafia.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-18_9491dec78fe7f230449f2b99ae244f3f_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-18_9491dec78fe7f230449f2b99ae244f3f_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2944 -
C:\Users\Admin\AppData\Local\Temp\8C7.tmp"C:\Users\Admin\AppData\Local\Temp\8C7.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-18_9491dec78fe7f230449f2b99ae244f3f_mafia.exe E07C647539386D92EC15A98A8D489E720EAD9F01E845AD84638269836C0D6535300AE24E5A2C4FD1D297F39477558CEB8625C637B1877EB6F271689AEB89C09A2⤵
- Deletes itself
- Executes dropped EXE
PID:2424
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
499KB
MD539ab682824370353a1713ed09357b4dc
SHA166e852d5cc69911758f528c8652a3469b785ec54
SHA2568372e9fdfecc965d0d6f8e7bc2d772180f562d236ee4238b1a98e7318be086a9
SHA51200ee434538433df6ad644cd12de8d59e19a77e91b49b499570e9502122bbde92c7a5dd2948e175ae711d8d1b522014d199d4b46a2148171f35de55d51ec45dec