Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    12-06-2024 11:04

General

  • Target

    2024-06-12_28fb287f2832ab9b8c69a0f768c33803_mafia.exe

  • Size

    1.1MB

  • MD5

    28fb287f2832ab9b8c69a0f768c33803

  • SHA1

    c5a714864abf6493f27397744e1800986f2b8d23

  • SHA256

    a6c1ade005152d1f2478c9a15a6b8ccf6f6808b73f28a142f7e82ddb16e23c5d

  • SHA512

    ec2644256cd7960dc185cb56b1b97e2e5196d2158637856f5023d20be334d327d8d8b08cca90aaa5b5c3cf6707f3baa9a8cb4d9cd2178fb57e267b9561bb9323

  • SSDEEP

    24576:VRFJPpTsearbFq0kh8iQekla1ux6c0bIm6gQJgk87UQ:3pBYekla46c0bIm6gQJgk87UQ

Score
6/10

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-12_28fb287f2832ab9b8c69a0f768c33803_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-12_28fb287f2832ab9b8c69a0f768c33803_mafia.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    PID:1940

Network

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Defense Evasion

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Public\Documents\Baidu\Common\I18N\conf.db
    Filesize

    367B

    MD5

    06032e87dd9e61078a1fea718516c64b

    SHA1

    68c2b601b1a79a07ce19f649ad2066280e1af41a

    SHA256

    825f134908c85c321741cd9cd0ded7804c46ff6cc0ef31b4501521c444bf3d10

    SHA512

    8a4b6967f4bb144bdb0948705d8c972a00e499812c35eae71c2b8442ecc6bff8b9a51afc30639f2bcbb8d3209939ffa843105e07e886c62573602ee22b93eda8

  • memory/1940-8-0x00000000023B0000-0x00000000023B1000-memory.dmp
    Filesize

    4KB