Analysis
-
max time kernel
120s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 10:37
Static task
static1
Behavioral task
behavioral1
Sample
2024-06-03_9f183008f0176f29283a7a85d5002bdf_mafia.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-06-03_9f183008f0176f29283a7a85d5002bdf_mafia.exe
Resource
win10v2004-20240426-en
General
-
Target
2024-06-03_9f183008f0176f29283a7a85d5002bdf_mafia.exe
-
Size
428KB
-
MD5
9f183008f0176f29283a7a85d5002bdf
-
SHA1
bb659ad6dde32f0e112676eb7b3ea0c376080f2c
-
SHA256
895989bd2c8a9a4315cbb2039d2aa9ee9d1c1791d4a7fb1cd8bdd2d625aa280e
-
SHA512
1660340de9d84eccce0c8b20a24bdc6fe0460c04b64e9c17140e79537011319b7e2a58cfa2917e103df691f9e7dea68bb5ebbc29fad0d1d3e04063f973032802
-
SSDEEP
6144:gVdvczEb7GUOpYWhNVynE/mFrgmB24q048jlP06nh66iuLbg+4qHR:gZLolhNVyE5mU4Ljp+6ZgJqHR
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2684 867E.tmp -
Executes dropped EXE 1 IoCs
pid Process 2684 867E.tmp -
Loads dropped DLL 1 IoCs
pid Process 1500 2024-06-03_9f183008f0176f29283a7a85d5002bdf_mafia.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1500 wrote to memory of 2684 1500 2024-06-03_9f183008f0176f29283a7a85d5002bdf_mafia.exe 28 PID 1500 wrote to memory of 2684 1500 2024-06-03_9f183008f0176f29283a7a85d5002bdf_mafia.exe 28 PID 1500 wrote to memory of 2684 1500 2024-06-03_9f183008f0176f29283a7a85d5002bdf_mafia.exe 28 PID 1500 wrote to memory of 2684 1500 2024-06-03_9f183008f0176f29283a7a85d5002bdf_mafia.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-03_9f183008f0176f29283a7a85d5002bdf_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-03_9f183008f0176f29283a7a85d5002bdf_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1500 -
C:\Users\Admin\AppData\Local\Temp\867E.tmp"C:\Users\Admin\AppData\Local\Temp\867E.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-06-03_9f183008f0176f29283a7a85d5002bdf_mafia.exe 172367C1192C59AD0A9B29B3B48DB91121FA4D428516B5600CC0F9EBA17B9B2ABFEC04B50F8DC3DADB152EE9ACC2F06C79C6A40397588F780ACABCA8909A05DF2⤵
- Deletes itself
- Executes dropped EXE
PID:2684
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
428KB
MD5084547517aacaf1e24e633c0bb5eba02
SHA1b1d0cead62f476dbcfd0014ff7f59603685437f3
SHA25668683ba20068f0ef093d8d3ce5fa46e7b2c20bb17fd02a03c7152a0b3b8aece1
SHA5127893ff78792885a7d06b02bd922c332a33e9c754fe8ebcbd8395cd3e6e1fa039a21ce7f18600269a1267ca83ee6acfd76789ec24255268652a62ef518d702873