Analysis
-
max time kernel
120s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
13-03-2024 08:49
Static task
static1
Behavioral task
behavioral1
Sample
2024-03-13_920b5b6cb84f94798d786901bba79f96_mafia.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-03-13_920b5b6cb84f94798d786901bba79f96_mafia.exe
Resource
win10v2004-20240226-en
General
-
Target
2024-03-13_920b5b6cb84f94798d786901bba79f96_mafia.exe
-
Size
428KB
-
MD5
920b5b6cb84f94798d786901bba79f96
-
SHA1
a08a3b14bd2673f127261f23b40c23ee80f673d6
-
SHA256
b56c53498e984e5a4e66e083868cf0adeea7fcd38e6a1d400388cf6448ef5473
-
SHA512
731ecb1ec9bf57c3904701e18dfffbacb81f6a8e5a64f47266784545a4f71da3609b6530bc9ecbd9937230e7e6e1874e775628355813c5dbe5a5104126bbec61
-
SSDEEP
6144:gVdvczEb7GUOpYWhNVynE/mFDHZQQ25N1sLyFPmPK1gqHR:gZLolhNVyEoHql4kgqHR
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2368 8A45.tmp -
Executes dropped EXE 1 IoCs
pid Process 2368 8A45.tmp -
Loads dropped DLL 1 IoCs
pid Process 2180 2024-03-13_920b5b6cb84f94798d786901bba79f96_mafia.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2180 wrote to memory of 2368 2180 2024-03-13_920b5b6cb84f94798d786901bba79f96_mafia.exe 27 PID 2180 wrote to memory of 2368 2180 2024-03-13_920b5b6cb84f94798d786901bba79f96_mafia.exe 27 PID 2180 wrote to memory of 2368 2180 2024-03-13_920b5b6cb84f94798d786901bba79f96_mafia.exe 27 PID 2180 wrote to memory of 2368 2180 2024-03-13_920b5b6cb84f94798d786901bba79f96_mafia.exe 27
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-13_920b5b6cb84f94798d786901bba79f96_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-13_920b5b6cb84f94798d786901bba79f96_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2180 -
C:\Users\Admin\AppData\Local\Temp\8A45.tmp"C:\Users\Admin\AppData\Local\Temp\8A45.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-03-13_920b5b6cb84f94798d786901bba79f96_mafia.exe 2BB95F60AEEBF174EAC9CA8E815737C125AE6A9D3017708FE0E1EE1B10718E73A4CF4477F7D8A697114DB096ADD52E564BB871F72EC8A6CB6789189673C8EE852⤵
- Deletes itself
- Executes dropped EXE
PID:2368
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
428KB
MD592203bc99f65712f6463eb5fb11a99e7
SHA143e3ef28a07f2058e19d26fac3d5bf4fa8351356
SHA2562f611349f8962a0327d2344607ba70edb0dabc4806cc15e74914b2b910074ac1
SHA512abee43630570dfd3ad35b02982022d5d316f763aac000630c4c8191078ef915beda6e0e133489e27c728db4175443da673adade1e20dc0aad4fd60c9d70fc85e