Analysis
-
max time kernel
117s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
05-05-2024 06:23
Static task
static1
Behavioral task
behavioral1
Sample
2024-05-05_19d8cc49328e94f2b04449478e2e15e1_mafia.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-05-05_19d8cc49328e94f2b04449478e2e15e1_mafia.exe
Resource
win10v2004-20240419-en
General
-
Target
2024-05-05_19d8cc49328e94f2b04449478e2e15e1_mafia.exe
-
Size
413KB
-
MD5
19d8cc49328e94f2b04449478e2e15e1
-
SHA1
c4c9af9722775f5601dd56bf769af1cb8d18e6df
-
SHA256
5c4717a700462d20912f63494694671eb77953ddae2ec4496551cd07074a8a29
-
SHA512
8fb0908ca53a8cf5e58fe40545e64f11f852fa1237cd250d68ff0e8c632cbada33b43360d7393e0421eda86c632663583b96a3c05b758b1f30580c6b0aa56e1b
-
SSDEEP
6144:gVdvczEb7GUOpYWhNVynE/mFBqeBLtK2fRFZ0q+jTBBvOZMBT2P9mfLTdOYxZqHg:gZLolhNVyEiBU2/ZB+jSZMpwYxZqHg
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2080 77CF.tmp -
Executes dropped EXE 1 IoCs
pid Process 2080 77CF.tmp -
Loads dropped DLL 1 IoCs
pid Process 2032 2024-05-05_19d8cc49328e94f2b04449478e2e15e1_mafia.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2032 wrote to memory of 2080 2032 2024-05-05_19d8cc49328e94f2b04449478e2e15e1_mafia.exe 28 PID 2032 wrote to memory of 2080 2032 2024-05-05_19d8cc49328e94f2b04449478e2e15e1_mafia.exe 28 PID 2032 wrote to memory of 2080 2032 2024-05-05_19d8cc49328e94f2b04449478e2e15e1_mafia.exe 28 PID 2032 wrote to memory of 2080 2032 2024-05-05_19d8cc49328e94f2b04449478e2e15e1_mafia.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-05_19d8cc49328e94f2b04449478e2e15e1_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-05_19d8cc49328e94f2b04449478e2e15e1_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2032 -
C:\Users\Admin\AppData\Local\Temp\77CF.tmp"C:\Users\Admin\AppData\Local\Temp\77CF.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-05-05_19d8cc49328e94f2b04449478e2e15e1_mafia.exe 1EDDD5BBEB7ED639C756950CF6AC62A8791D8883480EC3FB27BFC15F028F753B00AC2A6AB0C7824A2EB86217311BA1E741A8D5FA8C07939FAF392E8E15D341142⤵
- Deletes itself
- Executes dropped EXE
PID:2080
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
413KB
MD51401564a0322daa4ab2eec7451857f6a
SHA1678f98c01b29d4cca901dc731c41b192e1d06088
SHA256d197bc636d4980fbc47c03b23fec41fbe4003e86f14a1d67add2a9c1d4bb450f
SHA5124d34e1a84209cbbc241e1705fa9c59625b07293ec52f6e3e0451aad9f87ec74edcc27e9c117f8176dba442a239d114f994f388e2417cb650505b70bebf90e7bd