Analysis
-
max time kernel
144s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
23-04-2024 22:41
General
-
Target
2024-04-23_0605cf5083652c65f7124c6034c63022_mafia.exe
-
Size
464KB
-
MD5
0605cf5083652c65f7124c6034c63022
-
SHA1
1bb714088afe6dd3f0d28eca3f65c5b41aee2eeb
-
SHA256
fb205cf114346ba554b3d33ce79c848b1637c5d83e2f5d027f11c8383b85cc84
-
SHA512
9ca9502159d3406b5ca4e70dba51f0a76e399939f7139cc0018d5a87960e8c9cb1ab28b7a98e876c4f7747a32da8f07b83d4a582890472f6aa249998655b0f4a
-
SSDEEP
12288:zJrIik3vG4dm6/07tyX9yisA9yIw7UY9:zJrU3Zdm6DcA9yIiUY
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies Internet Explorer settings 1 TTPs 9 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-23_0605cf5083652c65f7124c6034c63022_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-23_0605cf5083652c65f7124c6034c63022_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\93D7.tmp"C:\Users\Admin\AppData\Local\Temp\93D7.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-04-23_0605cf5083652c65f7124c6034c63022_mafia.exe DB692745B495C64A5844410D819F91D144C64FD30F63AE6CC6F227396E02F266B569F40AD6BB47CF9D76F504217FFE87BB493955AD222E5BB69DADECE7DDE8172⤵
- Executes dropped EXE
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\2024-04-23_0605cf5083652c65f7124c6034c63022_mafia.docx"3⤵
- Modifies Internet Explorer settings
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\2024-04-23_0605cf5083652c65f7124c6034c63022_mafia.docxFilesize
21KB
MD57079891932a64f097abafd233055a1e9
SHA1246d95feafe67689d49a5a4cadba18d3ac1914e5
SHA256c97189b50e5e92be09966d4732b6d61a2e435b2935d60c09989e555ae442e7a1
SHA5126e9ee6427d7cc2474dc634b088cf3f35d06dfb734d2b63fbbc794f4083b4b5754379daff4804bf5024b1b430aa5e50fa6d839d3473ceeed3043d373c85e9862a
-
\Users\Admin\AppData\Local\Temp\93D7.tmpFilesize
464KB
MD5a947cc48a63e1208b185cd74b68c38c4
SHA1370064c3566d97301a19d2233a76240c46473f6f
SHA256b3afdf92e7e6516b80ba5ea73faea91937ca072c6a79ad812cb0822ae12f318a
SHA5124a7554326c52a73b8582c1adb2ede4788361858de0d7cfccb3b91130abebf3dfd13929e28f433bc5d1f97829241e7174ce4ef61f33832aa8803f8037f2139b4e
-
memory/2760-7-0x000000002FB21000-0x000000002FB22000-memory.dmpFilesize
4KB
-
memory/2760-8-0x000000005FFF0000-0x0000000060000000-memory.dmpFilesize
64KB
-
memory/2760-9-0x0000000070ADD000-0x0000000070AE8000-memory.dmpFilesize
44KB
-
memory/2760-13-0x0000000070ADD000-0x0000000070AE8000-memory.dmpFilesize
44KB