Malware Analysis Report

2024-09-23 12:06

Sample ID 240612-nk2n6swfql
Target 2024-06-12_0b7e3ceed1adf811de8c36d3ff0a3e50_mafia
SHA256 ac8f01ab57ff7f95f08b3045cfa054bc82afddfffd01a1bf361bf19390c2d37e
Tags
bootkit persistence
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

ac8f01ab57ff7f95f08b3045cfa054bc82afddfffd01a1bf361bf19390c2d37e

Threat Level: Shows suspicious behavior

The file 2024-06-12_0b7e3ceed1adf811de8c36d3ff0a3e50_mafia was found to be: Shows suspicious behavior.

Malicious Activity Summary

bootkit persistence

Writes to the Master Boot Record (MBR)

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-12 11:28

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 11:28

Reported

2024-06-12 11:30

Platform

win7-20240508-en

Max time kernel

117s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-06-12_0b7e3ceed1adf811de8c36d3ff0a3e50_mafia.exe"

Signatures

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\2024-06-12_0b7e3ceed1adf811de8c36d3ff0a3e50_mafia.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-06-12_0b7e3ceed1adf811de8c36d3ff0a3e50_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-06-12_0b7e3ceed1adf811de8c36d3ff0a3e50_mafia.exe"

Network

N/A

Files

C:\Users\Public\Documents\Baidu\Common\I18N\conf.db

MD5 cec4ac1e9aa05559422a5d54478addb2
SHA1 51f464f29e3af046021e0ee6e3a3360f082fd25c
SHA256 41d8f20fe51c1281f650127aa240414a86f849502fcaa883eeffeb00b2d37362
SHA512 657518d0167d2ed7063a28a271097bdfde8888bd3b8aa500b723f337b68877a1f4e914a0ef38f2508fa0e6cc4e15d88be3a8989e32f7b74e38766ec880503d4d

memory/2204-8-0x0000000000160000-0x0000000000161000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 11:28

Reported

2024-06-12 11:30

Platform

win10v2004-20240508-en

Max time kernel

51s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-06-12_0b7e3ceed1adf811de8c36d3ff0a3e50_mafia.exe"

Signatures

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\2024-06-12_0b7e3ceed1adf811de8c36d3ff0a3e50_mafia.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-06-12_0b7e3ceed1adf811de8c36d3ff0a3e50_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-06-12_0b7e3ceed1adf811de8c36d3ff0a3e50_mafia.exe"

Network

Files

C:\Users\Public\Documents\Baidu\Common\I18N\conf.db

MD5 7112a33cbe425c221408a5081b081fd1
SHA1 1b3d3570e3de678e60e2198fcd84e4648e3c1ce3
SHA256 0eb620723c4df52ac428a98333567d0b90f6547c69a6c3bf1803957537ea0d75
SHA512 3ef71a8f2837fcbb85357d2834116452263787a21634b2f5e08e885f8ee11e05340f44f7a9c087e9a55354c810319bab48d3434141358041e506d0a19a70d038

memory/4128-9-0x0000000001190000-0x0000000001191000-memory.dmp