Analysis
-
max time kernel
122s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
12-02-2024 17:43
Static task
static1
Behavioral task
behavioral1
Sample
2024-02-12_9119159176c3e79c0b59e117f0f32109_mafia.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-02-12_9119159176c3e79c0b59e117f0f32109_mafia.exe
Resource
win10v2004-20231215-en
General
-
Target
2024-02-12_9119159176c3e79c0b59e117f0f32109_mafia.exe
-
Size
384KB
-
MD5
9119159176c3e79c0b59e117f0f32109
-
SHA1
a6ea3361c2f8c12316c45914626b946d0178c9ba
-
SHA256
0330ad410b6d819da7ce1185ff00a331c1e89a401701394a878fb685d45906fe
-
SHA512
bd05cf04be2460db7ac24ca7e8a309da8f0a1eff64a3f16f5fb54d76e315981fe9660c909209fa9f1576fd72b5edb5f3f2b1b0c0ac305240150352fb57aa4090
-
SSDEEP
6144:drxfv4co9ZL3GBGgjODxbf7hHiSpn+SNRS/8/Mqpx6K5r7T4Y7AgXtRZ:Zm48gODxbzDjzh/M9K5r7cYT/Z
Malware Config
Signatures
-
Deletes itself 1 IoCs
Processes:
41F0.tmppid process 1244 41F0.tmp -
Executes dropped EXE 1 IoCs
Processes:
41F0.tmppid process 1244 41F0.tmp -
Loads dropped DLL 1 IoCs
Processes:
2024-02-12_9119159176c3e79c0b59e117f0f32109_mafia.exepid process 2096 2024-02-12_9119159176c3e79c0b59e117f0f32109_mafia.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
2024-02-12_9119159176c3e79c0b59e117f0f32109_mafia.exedescription pid process target process PID 2096 wrote to memory of 1244 2096 2024-02-12_9119159176c3e79c0b59e117f0f32109_mafia.exe 41F0.tmp PID 2096 wrote to memory of 1244 2096 2024-02-12_9119159176c3e79c0b59e117f0f32109_mafia.exe 41F0.tmp PID 2096 wrote to memory of 1244 2096 2024-02-12_9119159176c3e79c0b59e117f0f32109_mafia.exe 41F0.tmp PID 2096 wrote to memory of 1244 2096 2024-02-12_9119159176c3e79c0b59e117f0f32109_mafia.exe 41F0.tmp
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-12_9119159176c3e79c0b59e117f0f32109_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-12_9119159176c3e79c0b59e117f0f32109_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2096 -
C:\Users\Admin\AppData\Local\Temp\41F0.tmp"C:\Users\Admin\AppData\Local\Temp\41F0.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-02-12_9119159176c3e79c0b59e117f0f32109_mafia.exe 823FA09E61530F815DA241B025CF80FEADCC89D4EE819C8D8223A498C868187C2E30B38570E3688F3600EFA19C9BE348049ACC83C8EF7945CD74DED6A6D8763C2⤵
- Deletes itself
- Executes dropped EXE
PID:1244
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
384KB
MD5f3e015dbe41fdf51968e9c71539886e2
SHA1495481239f57eb12223ce8001a479ad93974e488
SHA256b21f4b278645a6a4015054d68b99f3c421198b3711e22916fb22c0a54b86b36a
SHA5123667f142cdf6e9e1eb84cba8f20724e032983dad759d4e8c16277f481113a3b4b4faac3e134e912637527f045590097fa7b59e70274c0c6831a656c5c3d8d3a7