20247bfe70d62f7e27991c63a8052c21495b0df384fb118097c54a5ff117d6b8

Analysis

max time kernel
144s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13-02-2024 18:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-02-13_c67a1f278d9f670e0f8355044471df05_mafia.exe
Size

872KB
MD5

c67a1f278d9f670e0f8355044471df05
SHA1

df49d02bd36b9dadec2e9f0e8d14a994e6b75fb6
SHA256

20247bfe70d62f7e27991c63a8052c21495b0df384fb118097c54a5ff117d6b8
SHA512

e8daed3f75440d713506aeb77d6a71c21c9f6c5c6757baf299a88b70fb5ab8c988f51e4b23870cfc8d2e22248cd5ab1b85d30ae7e3764e7b0aebd0d6ef11a86a
SSDEEP

24576:lX47adsX3WgCI21wf+FV6gh8yOZ0blPRXRlC9jJXJv:lX4WdsXmgCl1qq8gB5ZPRXRlC9dB

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2504	3A23.tmp
2396	2024-02-13_c67a1f278d9f670e0f8355044471df05_mafia.exe

Loads dropped DLL 2 IoCs

pid	Process
3060	2024-02-13_c67a1f278d9f670e0f8355044471df05_mafia.exe
2504	3A23.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2504	3A23.tmp

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2396	2024-02-13_c67a1f278d9f670e0f8355044471df05_mafia.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 3060 wrote to memory of 2504	3060	2024-02-13_c67a1f278d9f670e0f8355044471df05_mafia.exe	28
PID 3060 wrote to memory of 2504	3060	2024-02-13_c67a1f278d9f670e0f8355044471df05_mafia.exe	28
PID 3060 wrote to memory of 2504	3060	2024-02-13_c67a1f278d9f670e0f8355044471df05_mafia.exe	28
PID 3060 wrote to memory of 2504	3060	2024-02-13_c67a1f278d9f670e0f8355044471df05_mafia.exe	28
PID 2504 wrote to memory of 2396	2504	3A23.tmp	29
PID 2504 wrote to memory of 2396	2504	3A23.tmp	29
PID 2504 wrote to memory of 2396	2504	3A23.tmp	29
PID 2504 wrote to memory of 2396	2504	3A23.tmp	29

C:\Users\Admin\AppData\Local\Temp\2024-02-13_c67a1f278d9f670e0f8355044471df05_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-02-13_c67a1f278d9f670e0f8355044471df05_mafia.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3060
- C:\Users\Admin\AppData\Local\Temp\3A23.tmp
  "C:\Users\Admin\AppData\Local\Temp\3A23.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-13_c67a1f278d9f670e0f8355044471df05_mafia.exe 90FDEBFCC2EE672CDA2BFEA3B9FE0F4BED4F8A36EC003249478ABDD9A72DC26B9568EFDE9119E8FDDE3B4AC66EE9480B9B3F35E5DCA52DC4C3F8AC792BD4FB31
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: RenamesItself
  - Suspicious use of WriteProcessMemory
  PID:2504
- - C:\Users\Admin\AppData\Local\Temp\2024-02-13_c67a1f278d9f670e0f8355044471df05_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-13_c67a1f278d9f670e0f8355044471df05_mafia.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2024-02-13_c67a1f278d9f670e0f8355044471df05_mafia.exe

Filesize
395KB

MD5
a540d62254f68c896adb5576f7ae6663

SHA1
b8f7b11e0ec93e468912e4bf921928a7b2a10561

SHA256
b17a386407de08ac6202d61e06832a133652efd6108557a94a384cbbe241204a

SHA512
0ff36593131c0c8702f228e0e485dacbd6d5a59916ac76f4e13c5f040e2f1d3d52234c93112c38469eaffdd127d83e50223e1cbac3514dae23d04ac90d3e5b24

Download Submit
\Users\Admin\AppData\Local\Temp\3A23.tmp

Filesize
872KB

MD5
44f943305a680a0b2ded1300bfc0b179

SHA1
61b564c56e540afc17deb5b65eff657e09a4f498

SHA256
c95e93037ae6db57552a3e7b9b64b3b8e08e24f0c4412927998f45658aa5e82d

SHA512
df776478db0515e08bb3689f6f16ba6fb29c42285f6643b3886db32599a11c61db8bb26eb846af77c406e1f6f09edf512fbc94a6add57e8cef73b642a83e319a

Download Submit
memory/2396-14-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2396-13-0x00000000001C0000-0x00000000001C2000-memory.dmp

Filesize
8KB

Download
memory/2396-15-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2396-16-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2396-18-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2504-12-0x0000000002A10000-0x0000000002B47000-memory.dmp

Filesize
1.2MB

Download