8d09fee926bdab3dc48b4859b5759db9c378132caf936f036edcd47b54d79a44

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/02/2024, 05:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-02-29_8b5fe14bc892e9ec6ef4c3d927547381_mafia.exe
Size

535KB
MD5

8b5fe14bc892e9ec6ef4c3d927547381
SHA1

b651242f199d0929f41d1df451e406b97c242047
SHA256

8d09fee926bdab3dc48b4859b5759db9c378132caf936f036edcd47b54d79a44
SHA512

68c3c26144f5c499d46f77728bce16f4bf4e6cf0fb3e12ea3123215fe308670857198ba72955ec3f46e26e2ed2c04674ff6103e8d44538d1a495e3044c5ddad7
SSDEEP

12288:si4g+yU+0pAiv+TXeK5F0YVBMtwPkVZWi91NZUxUlvjosTdcG93Dn:si4gXn0pD+LeQF0KHc1DXlvjRhFJ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1880	7CFD.tmp
1072	2024-02-29_8b5fe14bc892e9ec6ef4c3d927547381_mafia.exe

Loads dropped DLL 2 IoCs

pid	Process
2256	2024-02-29_8b5fe14bc892e9ec6ef4c3d927547381_mafia.exe
1880	7CFD.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1880	7CFD.tmp

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 1880	2256	2024-02-29_8b5fe14bc892e9ec6ef4c3d927547381_mafia.exe	28
PID 2256 wrote to memory of 1880	2256	2024-02-29_8b5fe14bc892e9ec6ef4c3d927547381_mafia.exe	28
PID 2256 wrote to memory of 1880	2256	2024-02-29_8b5fe14bc892e9ec6ef4c3d927547381_mafia.exe	28
PID 2256 wrote to memory of 1880	2256	2024-02-29_8b5fe14bc892e9ec6ef4c3d927547381_mafia.exe	28
PID 1880 wrote to memory of 1072	1880	7CFD.tmp	29
PID 1880 wrote to memory of 1072	1880	7CFD.tmp	29
PID 1880 wrote to memory of 1072	1880	7CFD.tmp	29
PID 1880 wrote to memory of 1072	1880	7CFD.tmp	29

C:\Users\Admin\AppData\Local\Temp\2024-02-29_8b5fe14bc892e9ec6ef4c3d927547381_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-02-29_8b5fe14bc892e9ec6ef4c3d927547381_mafia.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2256
- C:\Users\Admin\AppData\Local\Temp\7CFD.tmp
  "C:\Users\Admin\AppData\Local\Temp\7CFD.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-29_8b5fe14bc892e9ec6ef4c3d927547381_mafia.exe 29CBCBDFFF694453994CDDB9D887CF9B922BE1FF108CC08C230930495F6EB0E2590F04AB1A5909A764A791AE652B9240B9ACF50211D83B5A5903D12795026C3F
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: RenamesItself
  - Suspicious use of WriteProcessMemory
  PID:1880
- - C:\Users\Admin\AppData\Local\Temp\2024-02-29_8b5fe14bc892e9ec6ef4c3d927547381_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-29_8b5fe14bc892e9ec6ef4c3d927547381_mafia.exe"
    3⤵
    - Executes dropped EXE
    PID:1072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\2024-02-29_8b5fe14bc892e9ec6ef4c3d927547381_mafia.exe

Filesize
255KB

MD5
b7fd76103054f562a11ce616d50a0611

SHA1
7473656e5a33b9ecc401985f917f65054bcbd16c

SHA256
aba5c0bff0442597ff8743b4fe7d28de945b78be01eb88fc4a95cadd1fbee409

SHA512
2a2996476dbfdcd50c39c08dc91a179eff4f016013707c9c0972c6e7a0e179b9da4fcff5e2d4d4883a31312bfefdb9a88d1490e1baaa4728a516c5c7f7bdfbd2

Download Submit
\Users\Admin\AppData\Local\Temp\7CFD.tmp

Filesize
535KB

MD5
0e7fe10c4a02f95c6728e5e1eaaa53cb

SHA1
66b18ed3a1e586bd81be404d865f05b05839cb65

SHA256
f2d1f9f50a0ecc1769006ad6e91129b3038e61e9a21da9d1dbf0d3266c7e836d

SHA512
384dc5b6c726630d43c4fab1638b963ff3356004808942d37d687ebf7be80b084ff3a7f59d3da06f9436f230b07a04731dc018fbd5c020d3c24e8a0977ab4678

Download Submit