Malware Analysis Report

2025-04-14 02:22

Sample ID 240603-mntbjabe7y
Target 2024-06-03_9f183008f0176f29283a7a85d5002bdf_mafia
SHA256 895989bd2c8a9a4315cbb2039d2aa9ee9d1c1791d4a7fb1cd8bdd2d625aa280e
Tags
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

895989bd2c8a9a4315cbb2039d2aa9ee9d1c1791d4a7fb1cd8bdd2d625aa280e

Threat Level: Shows suspicious behavior

The file 2024-06-03_9f183008f0176f29283a7a85d5002bdf_mafia was found to be: Shows suspicious behavior.

Malicious Activity Summary


Executes dropped EXE

Loads dropped DLL

Deletes itself

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-03 10:37

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 10:37

Reported

2024-06-03 10:39

Platform

win7-20240221-en

Max time kernel

120s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-06-03_9f183008f0176f29283a7a85d5002bdf_mafia.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\2024-06-03_9f183008f0176f29283a7a85d5002bdf_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-06-03_9f183008f0176f29283a7a85d5002bdf_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\867E.tmp

"C:\Users\Admin\AppData\Local\Temp\867E.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-06-03_9f183008f0176f29283a7a85d5002bdf_mafia.exe 172367C1192C59AD0A9B29B3B48DB91121FA4D428516B5600CC0F9EBA17B9B2ABFEC04B50F8DC3DADB152EE9ACC2F06C79C6A40397588F780ACABCA8909A05DF

Network

N/A

Files

\Users\Admin\AppData\Local\Temp\867E.tmp

MD5 084547517aacaf1e24e633c0bb5eba02
SHA1 b1d0cead62f476dbcfd0014ff7f59603685437f3
SHA256 68683ba20068f0ef093d8d3ce5fa46e7b2c20bb17fd02a03c7152a0b3b8aece1
SHA512 7893ff78792885a7d06b02bd922c332a33e9c754fe8ebcbd8395cd3e6e1fa039a21ce7f18600269a1267ca83ee6acfd76789ec24255268652a62ef518d702873

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 10:37

Reported

2024-06-03 10:39

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-06-03_9f183008f0176f29283a7a85d5002bdf_mafia.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\2024-06-03_9f183008f0176f29283a7a85d5002bdf_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-06-03_9f183008f0176f29283a7a85d5002bdf_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\251C.tmp

"C:\Users\Admin\AppData\Local\Temp\251C.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-06-03_9f183008f0176f29283a7a85d5002bdf_mafia.exe 60EAAEFD2B4B09EFD524258D1FBD124396054F85C245663F5D78C6FC2C126B18D6552B1BE049A1E54DCE81FFE88FC3C0343D0D34C2868515D2A170716DCFBDC2

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 18.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\251C.tmp

MD5 886bbd4ac8d5119a185fc7197113eb95
SHA1 f8a9bb07e2c12aa6b685fdaa86adac08765d1d31
SHA256 5b84d6dec4c221cb109f48f387f3d990d37ce5ec7eb3d736c2f30ebcc0249754
SHA512 f3180b6f2a7b0208c8cda43cc4e8972e9b317c262b76e53fd7a143a2a522f51a3ae888dc2094d7112bcf51cc15518f8874b154e7fc9f7ba6d138ea1279f2b488