Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03-04-2024 06:43
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-03_8032d0fb54efdb4fb28641cf52cbd65c_mafia.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-04-03_8032d0fb54efdb4fb28641cf52cbd65c_mafia.exe
Resource
win10v2004-20240226-en
General
-
Target
2024-04-03_8032d0fb54efdb4fb28641cf52cbd65c_mafia.exe
-
Size
384KB
-
MD5
8032d0fb54efdb4fb28641cf52cbd65c
-
SHA1
a34728e4dc0fd8ddf764c279a9e3a7347f0a1f02
-
SHA256
acfec57847bffc2d0e7f584bd38d76729ab6d643a670c2184fc947bf391e99f3
-
SHA512
686d271363fcb2e89866ec46d2662267c87791248e1c28abbe9cedcab6afd543e707152011f349ef0b0656a0934be3d7eb0ccb309d6dc32b9dba23963ed87b9d
-
SSDEEP
6144:drxfv4co9ZL3GBGgjODxbf7hHzqoyo6cyrl5LmcdXy4Y+LSOLo+Yyz5Z:Zm48gODxbz5qo8TrbLmaXxSOU3IZ
Malware Config
Signatures
-
Deletes itself 1 IoCs
Processes:
16CB.tmppid process 2188 16CB.tmp -
Executes dropped EXE 1 IoCs
Processes:
16CB.tmppid process 2188 16CB.tmp -
Loads dropped DLL 1 IoCs
Processes:
2024-04-03_8032d0fb54efdb4fb28641cf52cbd65c_mafia.exepid process 2016 2024-04-03_8032d0fb54efdb4fb28641cf52cbd65c_mafia.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
2024-04-03_8032d0fb54efdb4fb28641cf52cbd65c_mafia.exedescription pid process target process PID 2016 wrote to memory of 2188 2016 2024-04-03_8032d0fb54efdb4fb28641cf52cbd65c_mafia.exe 16CB.tmp PID 2016 wrote to memory of 2188 2016 2024-04-03_8032d0fb54efdb4fb28641cf52cbd65c_mafia.exe 16CB.tmp PID 2016 wrote to memory of 2188 2016 2024-04-03_8032d0fb54efdb4fb28641cf52cbd65c_mafia.exe 16CB.tmp PID 2016 wrote to memory of 2188 2016 2024-04-03_8032d0fb54efdb4fb28641cf52cbd65c_mafia.exe 16CB.tmp
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-03_8032d0fb54efdb4fb28641cf52cbd65c_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-03_8032d0fb54efdb4fb28641cf52cbd65c_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\16CB.tmp"C:\Users\Admin\AppData\Local\Temp\16CB.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-04-03_8032d0fb54efdb4fb28641cf52cbd65c_mafia.exe D8FDA7B1D9CFADA57D674993F68C15ACE342188103EF5529B06F7B33138F8D31499EFECE886AF22D63B3E53E038EDC3CDF699C152384F49C3D06101DFDE385A62⤵
- Deletes itself
- Executes dropped EXE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\16CB.tmpFilesize
384KB
MD5614db02daf2c7c3ae32abd02969e5f83
SHA187dfd8b6c9a9899824b2e632d3d08053d229e118
SHA2561cae3836a19915e3fc19c091f17f58fed71258e9ce8b86ad9da950fd0beccab9
SHA512289ba304666356a7c327354c30ae1214a48485a1c5654388b173466ffc410604eb330f48f6561316c4c2dea1ed0808f29848fd9649b711f1a6988ed3ed07353d