d60b57e55562af375f14b982cd923f5a51a8d3b126e19e1b6c5d223c267fbec0

Analysis

max time kernel
142s
max time network
119s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
30-05-2024 07:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-05-30_90d65e438326af50368ba5adade91127_mafia.exe
Size

800KB
MD5

90d65e438326af50368ba5adade91127
SHA1

44d65ffb4866b62e50e748d06a35bdcf3f6ad9d2
SHA256

d60b57e55562af375f14b982cd923f5a51a8d3b126e19e1b6c5d223c267fbec0
SHA512

df8b85276f2a3014bf48e92e371a154c8802ff9568d95d3e126ae5d41ea803ac08b99c02bf9b2348b51c0d4cc8368231b0ee82c719e443898534aaa7c2eea921
SSDEEP

24576:5X47adsXAtYKzIdHdOgV6gh8yOZ0blPR:5X4WdsXMzIpog8gB5ZPR

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1952	1719.tmp
2656	2024-05-30_90d65e438326af50368ba5adade91127_mafia.exe

Loads dropped DLL 2 IoCs

pid	Process
1632	2024-05-30_90d65e438326af50368ba5adade91127_mafia.exe
1952	1719.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1952	1719.tmp

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2656	2024-05-30_90d65e438326af50368ba5adade91127_mafia.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1632 wrote to memory of 1952	1632	2024-05-30_90d65e438326af50368ba5adade91127_mafia.exe	28
PID 1632 wrote to memory of 1952	1632	2024-05-30_90d65e438326af50368ba5adade91127_mafia.exe	28
PID 1632 wrote to memory of 1952	1632	2024-05-30_90d65e438326af50368ba5adade91127_mafia.exe	28
PID 1632 wrote to memory of 1952	1632	2024-05-30_90d65e438326af50368ba5adade91127_mafia.exe	28
PID 1952 wrote to memory of 2656	1952	1719.tmp	29
PID 1952 wrote to memory of 2656	1952	1719.tmp	29
PID 1952 wrote to memory of 2656	1952	1719.tmp	29
PID 1952 wrote to memory of 2656	1952	1719.tmp	29

C:\Users\Admin\AppData\Local\Temp\2024-05-30_90d65e438326af50368ba5adade91127_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-30_90d65e438326af50368ba5adade91127_mafia.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1632
- C:\Users\Admin\AppData\Local\Temp\1719.tmp
  "C:\Users\Admin\AppData\Local\Temp\1719.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-05-30_90d65e438326af50368ba5adade91127_mafia.exe 4916EE236EB94EA82BF7A11957890EFAE49D1315FAD6F2F47AA638DA257357AB3D40C0B6103FB6693AAFD6140C7FA20329693EDCCC0FA50E83B5AA2436C11E21
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: RenamesItself
  - Suspicious use of WriteProcessMemory
  PID:1952
- - C:\Users\Admin\AppData\Local\Temp\2024-05-30_90d65e438326af50368ba5adade91127_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-30_90d65e438326af50368ba5adade91127_mafia.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\1719.tmp

Filesize
800KB

MD5
654ecb76b1d8f1a28f35cc737d2fd6ba

SHA1
0dbe9ae15fcd77e107f4d96c00e55ac954982796

SHA256
617fbb3a821c185bab5c54ab3a4d71b6fcbe1723ebef6a52895d6369e0a745cd

SHA512
f5f6e8dc9c010a7d6061fff056f8d1e8e888f356b049373f28cca7e75e047747648d05d13be00a1f56c23248b77af093a01867a6a413e33f04e260e2f5cd3628

Download Submit
\Users\Admin\AppData\Local\Temp\2024-05-30_90d65e438326af50368ba5adade91127_mafia.exe

Filesize
395KB

MD5
a540d62254f68c896adb5576f7ae6663

SHA1
b8f7b11e0ec93e468912e4bf921928a7b2a10561

SHA256
b17a386407de08ac6202d61e06832a133652efd6108557a94a384cbbe241204a

SHA512
0ff36593131c0c8702f228e0e485dacbd6d5a59916ac76f4e13c5f040e2f1d3d52234c93112c38469eaffdd127d83e50223e1cbac3514dae23d04ac90d3e5b24

Download Submit
memory/1952-11-0x0000000003110000-0x0000000003247000-memory.dmp

Filesize
1.2MB

Download
memory/2656-13-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2656-14-0x00000000001C0000-0x00000000001C2000-memory.dmp

Filesize
8KB

Download
memory/2656-15-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/2656-16-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2656-18-0x00000000001C0000-0x00000000001C2000-memory.dmp

Filesize
8KB

Download
memory/2656-19-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download