Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
12-06-2024 11:04
Static task
static1
Behavioral task
behavioral1
Sample
2024-06-12_28fb287f2832ab9b8c69a0f768c33803_mafia.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
2024-06-12_28fb287f2832ab9b8c69a0f768c33803_mafia.exe
Resource
win10v2004-20240611-en
General
-
Target
2024-06-12_28fb287f2832ab9b8c69a0f768c33803_mafia.exe
-
Size
1.1MB
-
MD5
28fb287f2832ab9b8c69a0f768c33803
-
SHA1
c5a714864abf6493f27397744e1800986f2b8d23
-
SHA256
a6c1ade005152d1f2478c9a15a6b8ccf6f6808b73f28a142f7e82ddb16e23c5d
-
SHA512
ec2644256cd7960dc185cb56b1b97e2e5196d2158637856f5023d20be334d327d8d8b08cca90aaa5b5c3cf6707f3baa9a8cb4d9cd2178fb57e267b9561bb9323
-
SSDEEP
24576:VRFJPpTsearbFq0kh8iQekla1ux6c0bIm6gQJgk87UQ:3pBYekla46c0bIm6gQJgk87UQ
Malware Config
Signatures
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
2024-06-12_28fb287f2832ab9b8c69a0f768c33803_mafia.exedescription ioc process File opened for modification \??\PhysicalDrive0 2024-06-12_28fb287f2832ab9b8c69a0f768c33803_mafia.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Public\Documents\Baidu\Common\I18N\conf.dbFilesize
403B
MD52f4c715bbf417b3173dc422875f48444
SHA1955ee6c48c3832a330307644208a87598ea20448
SHA2566217945d730c222e7e8661acf7bd99ff4e16e8e70de3d522c483b93adc387a6e
SHA512992a551b63f706b1fcce3ca3d0ba59dab1b95c50bff7ea9daa75a2195bd5841a2829cfdc352a1a01e81c232d5ae6d25f9bded32570b2ca34df4c5fd14dd36bc1
-
memory/2624-9-0x0000000001260000-0x0000000001261000-memory.dmpFilesize
4KB