Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
12-02-2024 17:45
Static task
static1
Behavioral task
behavioral1
Sample
2024-02-12_9d8b66881928c8638e2c1135cd319a19_mafia.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-02-12_9d8b66881928c8638e2c1135cd319a19_mafia.exe
Resource
win10v2004-20231215-en
General
-
Target
2024-02-12_9d8b66881928c8638e2c1135cd319a19_mafia.exe
-
Size
479KB
-
MD5
9d8b66881928c8638e2c1135cd319a19
-
SHA1
5b8485638008da85cc9227118269e339b2f392d6
-
SHA256
d39e98ade8058a323ff38a9aafd0baeb911cd87c620504022c707a050aa27b42
-
SHA512
9eb3a21e6fe7e8c0178a3441bcf8ce2971fa33e09dbe86d6dfd681f60967f3b69a262dfc71326a406c2325f4aa6ca56ff26bd1f0e00c4bf51ddaafde3032ee01
-
SSDEEP
12288:bO4rfItL8HARaXN36wy6s1+7w0jNDTYPodMnA+ShB75UO:bO4rQtGARaXNK9Ww0jN3Yw+fShBVUO
Malware Config
Signatures
-
Deletes itself 1 IoCs
Processes:
4FC5.tmppid process 2052 4FC5.tmp -
Executes dropped EXE 1 IoCs
Processes:
4FC5.tmppid process 2052 4FC5.tmp -
Loads dropped DLL 1 IoCs
Processes:
2024-02-12_9d8b66881928c8638e2c1135cd319a19_mafia.exepid process 2848 2024-02-12_9d8b66881928c8638e2c1135cd319a19_mafia.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
2024-02-12_9d8b66881928c8638e2c1135cd319a19_mafia.exedescription pid process target process PID 2848 wrote to memory of 2052 2848 2024-02-12_9d8b66881928c8638e2c1135cd319a19_mafia.exe 4FC5.tmp PID 2848 wrote to memory of 2052 2848 2024-02-12_9d8b66881928c8638e2c1135cd319a19_mafia.exe 4FC5.tmp PID 2848 wrote to memory of 2052 2848 2024-02-12_9d8b66881928c8638e2c1135cd319a19_mafia.exe 4FC5.tmp PID 2848 wrote to memory of 2052 2848 2024-02-12_9d8b66881928c8638e2c1135cd319a19_mafia.exe 4FC5.tmp
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-12_9d8b66881928c8638e2c1135cd319a19_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-12_9d8b66881928c8638e2c1135cd319a19_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2848 -
C:\Users\Admin\AppData\Local\Temp\4FC5.tmp"C:\Users\Admin\AppData\Local\Temp\4FC5.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-12_9d8b66881928c8638e2c1135cd319a19_mafia.exe BE1F26C967B87713065684469508A6253306A0D0C29F98978C57CC2D9A3B2EC3F2405F68B110DA49425C074C1C65E083336F1C78D9C12EC604833A8E2B766AD72⤵
- Deletes itself
- Executes dropped EXE
PID:2052
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
479KB
MD52d962f44743e43e9ef63db54159a5fb5
SHA1c98421ec75b9be9ffa1d799cf7b044be1583aea7
SHA2566983666be8827bff02bc08484e43e1c995083b8762cbe9a4966438300536ee9a
SHA512a279f59c6695b42c8cd67115814bb48a84858707ae36b4bd1f1700e15e7fc50234f5b4bab457edb68e9e8fe97f18c4c684addf1bb18cf9f5f62f06e3d8f39436