Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-06-2024 11:04

General

  • Target

    2024-06-12_28fb287f2832ab9b8c69a0f768c33803_mafia.exe

  • Size

    1.1MB

  • MD5

    28fb287f2832ab9b8c69a0f768c33803

  • SHA1

    c5a714864abf6493f27397744e1800986f2b8d23

  • SHA256

    a6c1ade005152d1f2478c9a15a6b8ccf6f6808b73f28a142f7e82ddb16e23c5d

  • SHA512

    ec2644256cd7960dc185cb56b1b97e2e5196d2158637856f5023d20be334d327d8d8b08cca90aaa5b5c3cf6707f3baa9a8cb4d9cd2178fb57e267b9561bb9323

  • SSDEEP

    24576:VRFJPpTsearbFq0kh8iQekla1ux6c0bIm6gQJgk87UQ:3pBYekla46c0bIm6gQJgk87UQ

Score
6/10

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-12_28fb287f2832ab9b8c69a0f768c33803_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-12_28fb287f2832ab9b8c69a0f768c33803_mafia.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    PID:2624

Network

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Defense Evasion

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Public\Documents\Baidu\Common\I18N\conf.db
    Filesize

    403B

    MD5

    2f4c715bbf417b3173dc422875f48444

    SHA1

    955ee6c48c3832a330307644208a87598ea20448

    SHA256

    6217945d730c222e7e8661acf7bd99ff4e16e8e70de3d522c483b93adc387a6e

    SHA512

    992a551b63f706b1fcce3ca3d0ba59dab1b95c50bff7ea9daa75a2195bd5841a2829cfdc352a1a01e81c232d5ae6d25f9bded32570b2ca34df4c5fd14dd36bc1

  • memory/2624-9-0x0000000001260000-0x0000000001261000-memory.dmp
    Filesize

    4KB