Malware Analysis Report

2025-06-16 07:26

Sample ID 240602-fd93zabe41
Target 2024-06-02_c604a8b9f061c869b2f1f698e2138d5e_mafia
SHA256 4f484642b50929c6dd27f5aa444f55d5db39313e7fcc1e84c300f7f6430164aa
Tags
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

4f484642b50929c6dd27f5aa444f55d5db39313e7fcc1e84c300f7f6430164aa

Threat Level: Shows suspicious behavior

The file 2024-06-02_c604a8b9f061c869b2f1f698e2138d5e_mafia was found to be: Shows suspicious behavior.

Malicious Activity Summary


Deletes itself

Executes dropped EXE

Loads dropped DLL

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-02 04:46

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 04:46

Reported

2024-06-02 04:49

Platform

win7-20240220-en

Max time kernel

120s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-06-02_c604a8b9f061c869b2f1f698e2138d5e_mafia.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\2024-06-02_c604a8b9f061c869b2f1f698e2138d5e_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-06-02_c604a8b9f061c869b2f1f698e2138d5e_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\20BA.tmp

"C:\Users\Admin\AppData\Local\Temp\20BA.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-06-02_c604a8b9f061c869b2f1f698e2138d5e_mafia.exe 2FB4C8601A6BA7A021DADD293B53FC660C5DE216BF45BE03C14EDACF29180398FB89E9C5609CF940ACB2D170C10B797B91E4907D1BD3DA3EB652F8950D86CDC9

Network

N/A

Files

\Users\Admin\AppData\Local\Temp\20BA.tmp

MD5 cb23af904217aba68cb3394c33b337fc
SHA1 91ae21426511303fc08530ebc6364218eb293c0d
SHA256 a15a89ac732fd08bf11740015c9794be0df63e4afacddb3eb66643a92f10d9c7
SHA512 6d01d3c4a160133faacb736889fd89ee8905e2ad49ced9e77606f876751a005360be656f3d571007b3263bd16c288de1ce6bb335d43609d06da514e509d20d07

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 04:46

Reported

2024-06-02 04:49

Platform

win10v2004-20240426-en

Max time kernel

93s

Max time network

95s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-06-02_c604a8b9f061c869b2f1f698e2138d5e_mafia.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\2024-06-02_c604a8b9f061c869b2f1f698e2138d5e_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-06-02_c604a8b9f061c869b2f1f698e2138d5e_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\3BA1.tmp

"C:\Users\Admin\AppData\Local\Temp\3BA1.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-06-02_c604a8b9f061c869b2f1f698e2138d5e_mafia.exe CF8CF241A65843A7E8AD3B4DF433E8442ADEDE13D0D3B4693E34A3FE73EB02F702DBFC58093E245AB0542A4344E4764CA5426D34592B6731F53B2D04594E77AF

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\3BA1.tmp

MD5 35a3b326884e1b3f33a89510981e4702
SHA1 559869754493af9356b3ef66a49d09efb41eb32c
SHA256 404535292b30bf8009bedcba3d7a1d449a57c2b858e2eaed86074dda1f0d5bb7
SHA512 2c067a53d9cd433e81e7a49494c327d423fb14b8e516b414155fa802a1b6edd0b62e26eaf222965173dd0d250d705fa45273b670eadc526525426d42663aa10d