Analysis
-
max time kernel
120s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
26-01-2024 17:39
Static task
static1
Behavioral task
behavioral1
Sample
2024-01-26_de1c7dddd673005fc731e50cb3975d62_mafia.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-01-26_de1c7dddd673005fc731e50cb3975d62_mafia.exe
Resource
win10v2004-20231222-en
General
-
Target
2024-01-26_de1c7dddd673005fc731e50cb3975d62_mafia.exe
-
Size
443KB
-
MD5
de1c7dddd673005fc731e50cb3975d62
-
SHA1
1f47317eb10b5fcd449e73a8af7f631881e639a0
-
SHA256
45db64675ee7c27ba98d77d03ed741aaa7ad8ecb86df151d9b3c21dccc6b2092
-
SHA512
dd2702f6dff4fec56eebd8ae906f23266be7d431a32bf2b53cd9336aa159de97bd4e64f7106cba58be19bcbe19104de52f776754b5d5a8eaf4913386622cf051
-
SSDEEP
12288:Wq4w/ekieZgU6bsg8Ni8uK0r/pJiVqikdlMa:Wq4w/ekieH6Ag8Ni8uR/iUiSP
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2120 6577.tmp -
Executes dropped EXE 1 IoCs
pid Process 2120 6577.tmp -
Loads dropped DLL 1 IoCs
pid Process 2000 2024-01-26_de1c7dddd673005fc731e50cb3975d62_mafia.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2000 wrote to memory of 2120 2000 2024-01-26_de1c7dddd673005fc731e50cb3975d62_mafia.exe 28 PID 2000 wrote to memory of 2120 2000 2024-01-26_de1c7dddd673005fc731e50cb3975d62_mafia.exe 28 PID 2000 wrote to memory of 2120 2000 2024-01-26_de1c7dddd673005fc731e50cb3975d62_mafia.exe 28 PID 2000 wrote to memory of 2120 2000 2024-01-26_de1c7dddd673005fc731e50cb3975d62_mafia.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-26_de1c7dddd673005fc731e50cb3975d62_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-26_de1c7dddd673005fc731e50cb3975d62_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2000 -
C:\Users\Admin\AppData\Local\Temp\6577.tmp"C:\Users\Admin\AppData\Local\Temp\6577.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-26_de1c7dddd673005fc731e50cb3975d62_mafia.exe EDC3EAC5F0F9AAD85BFBFE442D40A5BAC8E1ED212E34B4E3158DB5796C249A4AC22E29C9CDE14FD6ED2AAD96F6CEEF643EC2C9EE85B56621383178D768C47E732⤵
- Deletes itself
- Executes dropped EXE
PID:2120
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
443KB
MD5a59616ff846cf14f2219a470422af4b6
SHA17a793360758ad0f946d7a26949d1e960244ad25f
SHA256337d95ae6fc467c39843ceb00b7b9d1766d2e61996fb95099f75c5c5dd723ab8
SHA512e38f2d5b96a6bef49de77fb8de728a092431c9bc4fe8c4c196dc4372ec2d164e473ec268e055529f5faeee40a927c481fc70efba4ed0d2d993294ea0aa874a29