Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    12-06-2024 11:28

General

  • Target

    2024-06-12_0b7e3ceed1adf811de8c36d3ff0a3e50_mafia.exe

  • Size

    1.1MB

  • MD5

    0b7e3ceed1adf811de8c36d3ff0a3e50

  • SHA1

    8ecbf03b0e27e67892fc796fbd2e1725dd33ebfc

  • SHA256

    ac8f01ab57ff7f95f08b3045cfa054bc82afddfffd01a1bf361bf19390c2d37e

  • SHA512

    5ca82787acbc32b7a2b415977c50c50ea4ae6969610d8b11357cbc45c28f31086e463007f6a473760f7506a33639d0813ad23cf5e5c1b3c3c62e553e76fd5344

  • SSDEEP

    24576:yRFJPpTsearbFq0kh8iQekla1uxgcVbIm6gQJgk870B:UpBYekla4gcVbIm6gQJgk870B

Score
6/10

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-12_0b7e3ceed1adf811de8c36d3ff0a3e50_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-12_0b7e3ceed1adf811de8c36d3ff0a3e50_mafia.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    PID:2204

Network

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Defense Evasion

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Public\Documents\Baidu\Common\I18N\conf.db
    Filesize

    367B

    MD5

    cec4ac1e9aa05559422a5d54478addb2

    SHA1

    51f464f29e3af046021e0ee6e3a3360f082fd25c

    SHA256

    41d8f20fe51c1281f650127aa240414a86f849502fcaa883eeffeb00b2d37362

    SHA512

    657518d0167d2ed7063a28a271097bdfde8888bd3b8aa500b723f337b68877a1f4e914a0ef38f2508fa0e6cc4e15d88be3a8989e32f7b74e38766ec880503d4d

  • memory/2204-8-0x0000000000160000-0x0000000000161000-memory.dmp
    Filesize

    4KB