Analysis
-
max time kernel
119s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 17:44
Static task
static1
Behavioral task
behavioral1
Sample
2024-01-25_2db203ba8871d47fec9c4f8079dcb8b6_mafia.exe
Resource
win7-20231129-en
General
-
Target
2024-01-25_2db203ba8871d47fec9c4f8079dcb8b6_mafia.exe
-
Size
433KB
-
MD5
2db203ba8871d47fec9c4f8079dcb8b6
-
SHA1
58d74c2abe004faf8f27644db3e34d5942c2c0ba
-
SHA256
fd130e26ebeb994c6f23162a37f4f91ecec4bf7aacb726a424b9377bd62716f8
-
SHA512
2ab1a64381d9afafcf33fc51cd366b3bd69c8860a0448d44092db76d3efaeec0d887b4f3763e0971d5a3b9dfe210ea59a5d4019e10d2216c7dd91a090192a6cd
-
SSDEEP
6144:Cajdz4sTdDyyqiOXpOd0p6Jiv+vtvx0apoN9CmqPx/CW9h22rshFZx5Q0YloHiKy:Ci4g+yU+0pAiv+MOCW1shFz5RIrn
Malware Config
Signatures
-
Deletes itself 1 IoCs
Processes:
780.tmppid process 2328 780.tmp -
Executes dropped EXE 1 IoCs
Processes:
780.tmppid process 2328 780.tmp -
Loads dropped DLL 1 IoCs
Processes:
2024-01-25_2db203ba8871d47fec9c4f8079dcb8b6_mafia.exepid process 836 2024-01-25_2db203ba8871d47fec9c4f8079dcb8b6_mafia.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
2024-01-25_2db203ba8871d47fec9c4f8079dcb8b6_mafia.exedescription pid process target process PID 836 wrote to memory of 2328 836 2024-01-25_2db203ba8871d47fec9c4f8079dcb8b6_mafia.exe 780.tmp PID 836 wrote to memory of 2328 836 2024-01-25_2db203ba8871d47fec9c4f8079dcb8b6_mafia.exe 780.tmp PID 836 wrote to memory of 2328 836 2024-01-25_2db203ba8871d47fec9c4f8079dcb8b6_mafia.exe 780.tmp PID 836 wrote to memory of 2328 836 2024-01-25_2db203ba8871d47fec9c4f8079dcb8b6_mafia.exe 780.tmp
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_2db203ba8871d47fec9c4f8079dcb8b6_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_2db203ba8871d47fec9c4f8079dcb8b6_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:836 -
C:\Users\Admin\AppData\Local\Temp\780.tmp"C:\Users\Admin\AppData\Local\Temp\780.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-25_2db203ba8871d47fec9c4f8079dcb8b6_mafia.exe E88E2A8E23E64CC4F993E0E77BDDAB4EE6F6D7D4B3924C2C9D8E687F74D3AA3F9309557591EFA6F8740B39E58425C6A45C87FD5893396E6CDDB0CC76967442562⤵
- Deletes itself
- Executes dropped EXE
PID:2328
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
433KB
MD5357792d5d0c0c717a05b1d6fae43c532
SHA1e29b43185aafb77d0573ae26b4833505dbf8a349
SHA256746777f7100c00e076f0e3a18d2638f157c7595b9bc027130aaf209694a6a87f
SHA512e250af2fb2f4a13d34b379574511c7e5815a9c4d27cdcfb5f2ae057c05cf292bd9bd9dcf2d66e47158b63468f956d0439c581924c095e56e4c6482b3d3fc316f