Analysis

  • max time kernel
    51s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-06-2024 11:28

General

  • Target

    2024-06-12_0b7e3ceed1adf811de8c36d3ff0a3e50_mafia.exe

  • Size

    1.1MB

  • MD5

    0b7e3ceed1adf811de8c36d3ff0a3e50

  • SHA1

    8ecbf03b0e27e67892fc796fbd2e1725dd33ebfc

  • SHA256

    ac8f01ab57ff7f95f08b3045cfa054bc82afddfffd01a1bf361bf19390c2d37e

  • SHA512

    5ca82787acbc32b7a2b415977c50c50ea4ae6969610d8b11357cbc45c28f31086e463007f6a473760f7506a33639d0813ad23cf5e5c1b3c3c62e553e76fd5344

  • SSDEEP

    24576:yRFJPpTsearbFq0kh8iQekla1uxgcVbIm6gQJgk870B:UpBYekla4gcVbIm6gQJgk870B

Score
6/10

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-12_0b7e3ceed1adf811de8c36d3ff0a3e50_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-12_0b7e3ceed1adf811de8c36d3ff0a3e50_mafia.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    PID:4128

Network

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Defense Evasion

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Public\Documents\Baidu\Common\I18N\conf.db
    Filesize

    403B

    MD5

    7112a33cbe425c221408a5081b081fd1

    SHA1

    1b3d3570e3de678e60e2198fcd84e4648e3c1ce3

    SHA256

    0eb620723c4df52ac428a98333567d0b90f6547c69a6c3bf1803957537ea0d75

    SHA512

    3ef71a8f2837fcbb85357d2834116452263787a21634b2f5e08e885f8ee11e05340f44f7a9c087e9a55354c810319bab48d3434141358041e506d0a19a70d038

  • memory/4128-9-0x0000000001190000-0x0000000001191000-memory.dmp
    Filesize

    4KB