Analysis
-
max time kernel
93s -
max time network
122s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
03-02-2024 07:33
Static task
static1
Behavioral task
behavioral1
Sample
2024-02-03_95b20602c49e89bfa816fabb561a2cbc_mafia.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-02-03_95b20602c49e89bfa816fabb561a2cbc_mafia.exe
Resource
win10v2004-20231215-en
General
-
Target
2024-02-03_95b20602c49e89bfa816fabb561a2cbc_mafia.exe
-
Size
1.4MB
-
MD5
95b20602c49e89bfa816fabb561a2cbc
-
SHA1
958999ba755d020c66dddfb4c162d00edf3c8262
-
SHA256
cb5a5d63542543a4dd71c6a23be7211bec9a57890d4aafa1e12228470589914d
-
SHA512
9b17f47ad5c9448652e5ea074476791ad0f78ed7eb6335d249ddf45765731380d3f0ac90b975a98dfd52f408885bc1888a0b812a2bfee74a30dc0bbe870a8145
-
SSDEEP
24576:R+qu3KXnUamt4pAEm4cut/Hp8DltH+9+NcQzsMVZW/bHQBnRvcwDqRC6TDTLr1rP:/u3K3UnBEm4n8DltH+cNcSsMV8/LQBnY
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
pid pid_target Process procid_target 1184 1136 WerFault.exe 83 -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1136 2024-02-03_95b20602c49e89bfa816fabb561a2cbc_mafia.exe 1136 2024-02-03_95b20602c49e89bfa816fabb561a2cbc_mafia.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-03_95b20602c49e89bfa816fabb561a2cbc_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-03_95b20602c49e89bfa816fabb561a2cbc_mafia.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:1136 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 16082⤵
- Program crash
PID:1184
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1136 -ip 11361⤵PID:2588
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
MD58034ad8d4c9d5cc63880cb33114316f0
SHA1535d66a62053b336a91ad98417ea41fc0e4e768a
SHA256b79f79c6a313d8a88a356383d48feef268a69a13d6d7739ee2f72896f323f0b4
SHA51295054ae24f68e8e5376f4dd51b75697be919813be7bec937e73770e74f05d06ceb7863406ee45ed17b59bf797df4c61a54247d5d44d53fbddb2fea40d4215364
-
Filesize
15KB
MD5fe28c28b8e70060e44eb4bad9ff670ea
SHA13ef3a060709ee3e7ff090cdcb1b36665d0feb7d2
SHA2567eb52dcd63dc08f3b1c05f68093e715247e45b5956942d8861f90a195c1395d5
SHA512a1268b4ead52272412d09738a8aa8e939078276af9c8d5cecfc745d66e70e57f00d841cf325525f3c085fc7566f8a7639aac6d40d8a0af61ac32a17073c6718a
-
Filesize
896B
MD5c4acf73977e03ccc8dfcf5d7a10edab9
SHA16558b605aa4226e4ffdfbce82f739b5855c8e45a
SHA256714d3323b24c9270ecf1aa171db12796b3fc1cc3ee774a8a2675ba21eab89edb
SHA5129059d4b9ecc788f5971bc9398047b23412cfa182a4c84ce4c2bd0f0b7d041de6e6550938aae7648f2ffd125d6be8d2a4da6a52ba51b6ef0f533d8260b152c448
-
Filesize
90KB
MD5628072e7212db1e8cdacb22b21752cda
SHA10511abe9863c2ea7084efa7e24d1d86c5b3974f1
SHA2560ba081f546084bd5097aa8a73c75931d5aa1fc4d6e846e53c21f98e6a1509988
SHA5123aa68568ff2592ead412a0c7f5c39abc37ac562f00b7c16af07cd5eff881aadce77ec71040b36c0ad9c2d2aa4edd7744fa72b0f44cb8b485d4f283b1b49c2141
-
Filesize
17KB
MD5f97cd64fa7f3d3d3728786288fef56c8
SHA1adccfcf83e6ffb151f7853cd70b76c50028cf512
SHA25649341399c4801527cc40f534238ec5bfb28e4f88a219d094f0a9d339107d7f26
SHA512d96eaae1d617c74c023ec230e7fe84d6036771adf8f4af5bab97ed113f2a78e50345a5c58f4e04e040b6c31587be2198cdf4f482d45fa9d26075070123ff06c2
-
Filesize
3KB
MD503f91c5946bbcb32432f6d21c1560071
SHA1b1a650969ffe3819ceeb858a0bd67f3985c0627b
SHA256d6ea40f41fa496744b8682e527890dc597c1b8b9d8cbd5b5999ae3989d2b1161
SHA512f3d5cd5a1f97dd9eb21ef93d35595354b0d66c624e14855a24b9b641d70549091df543b4a40b246e8c8f63ff7a4d517a777fc25f3b92998962b417a4b0d5eecf
-
Filesize
190B
MD532488d0c21111c2b0a56bbb531e60090
SHA1312fd13b337041658e69018b60db23074673ecee
SHA25642b279194f0aaaf74b5aefe7ebbb19f6fc8006445f75047177f08dbde5cfa9e6
SHA512ef2cff9b8f74dbd495796589f5dc0122e63133fc833e38549c71c3b8bd669f11a61b6a2c41effea71cebf2df3647b01750ed0a59341c7ca4d36a35b6bcc0af44
-
Filesize
275B
MD544231a11264b3a740c1382d3a9e6523a
SHA19948e0eb948c8512780afdbbd89bf502e1ccd556
SHA256dd55d2603cb89dc7eb87315db695e977db3e208ec9e5506a06a9fe8a256ea860
SHA5125aed86990a234fbd3a3dbc7c0a15a275a5a20206b10afdc1574ddb674c60c255ff29e85ba1af55e8138755639e64311389a59d702cdf79f995655db95e311acb
-
Filesize
4KB
MD5e865bd9952e46357b2572dc64c6e7b78
SHA1eccc807fdb530896a424138f2f793d440fc66fe8
SHA256f7bfb9a64082e0371de86c3b3ed83e05f22be1eac3190d73736298f2f0ec8425
SHA512ffad58787ec98197260c53560630b9d6277a6ff70f6f36713fd9a4d70cb2b2efac1519d899e553bf57d339e38a9bb2058e90324850928b9b65182c6cd1624e4a
-
Filesize
589B
MD5f76440d8ed1053e8ead47593addcba3c
SHA19cd1005f850e6b6186893f8555ce3aacc7464ccd
SHA256e51484b39f3ed5eb9e153ea740d323afbf8f18b88f0c0b434471f27bb6139f5c
SHA512797f24dc79865aae30912572178b1cb526c50ede2d1ee52a6f8358954cf408dcbe4726403f5abf1bc51478c925fa6c8a9dba149adbb534fe05dea4b9370dfb71
-
Filesize
42KB
MD51d4e786b5e92a3c936043bd5d0981000
SHA10e8faebf9505c9b1d5462adcf34e01e83d110cc8
SHA256023f31d6996b4ff1b3543fea50be852ecbdbdce8b9e8d0610b72918e1f9d91c3
SHA5124862f1dacf19a1f51923550b8f1a1d8f305e3c9358475ce7b902a3679340b9cfee1fa8d99ef7f2474eda61c3230a9aa359049dafdb0f4471f74b309d325abf31
-
Filesize
1KB
MD5c32a1d42f926d393a5c77b6b991453d6
SHA1bf5ec79a1bc1f49c0fed95cbb5ac3074b7b75f75
SHA256684c4f10dacaa328e2892c4cb626547a889efaacfaa53c02176a1f78f6f261b2
SHA5129764645efdb105b06659fbd64192a3120a51435c8c94f0984933c701be8d0b026723c26b7b66f0b6e71bac157fcec1f142440b447c70cfde33fed1af01949e26