b82c7c6b10b8eb5c378405398532803b87cc762af8ee11d673f8260fe54780c6

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
16/06/2024, 03:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2024-06-16_b968aae42a9874d47788a02efc2ebcea_floxif_mafia.exe
Size

1.3MB
MD5

b968aae42a9874d47788a02efc2ebcea
SHA1

e68c661ba3d633916dace1535caedf388aa4628a
SHA256

b82c7c6b10b8eb5c378405398532803b87cc762af8ee11d673f8260fe54780c6
SHA512

ff075b200eec75028f2f69eeecbbd71d73693518044c0d6e26942ca33c59db755bbc5852957bd85b42579251a6ef20abef6ac1c62e08f2c61ece0bb19455ec0e
SSDEEP

24576:znb06bgKQRg81aW4EKIMX69A99Jf4uUqv15l/u1FxUIHXdM+rEH7x:7o6hQRn1aW4nIpejJwVSu1FxRHY

Score

9^/10

persistence upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 3 IoCs

resource	yara_rule
behavioral1/files/0x000a000000014af6-1.dat	UPX
behavioral1/memory/1044-3-0x0000000010000000-0x0000000010030000-memory.dmp	UPX
behavioral1/memory/1044-304-0x0000000010000000-0x0000000010030000-memory.dmp	UPX

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x000a000000014af6-1.dat	acprotect

Loads dropped DLL 26 IoCs

pid	Process
1044	2024-06-16_b968aae42a9874d47788a02efc2ebcea_floxif_mafia.exe
1044	2024-06-16_b968aae42a9874d47788a02efc2ebcea_floxif_mafia.exe
1044	2024-06-16_b968aae42a9874d47788a02efc2ebcea_floxif_mafia.exe
1044	2024-06-16_b968aae42a9874d47788a02efc2ebcea_floxif_mafia.exe
1044	2024-06-16_b968aae42a9874d47788a02efc2ebcea_floxif_mafia.exe
1044	2024-06-16_b968aae42a9874d47788a02efc2ebcea_floxif_mafia.exe
1044	2024-06-16_b968aae42a9874d47788a02efc2ebcea_floxif_mafia.exe
1044	2024-06-16_b968aae42a9874d47788a02efc2ebcea_floxif_mafia.exe
1044	2024-06-16_b968aae42a9874d47788a02efc2ebcea_floxif_mafia.exe
1044	2024-06-16_b968aae42a9874d47788a02efc2ebcea_floxif_mafia.exe
1044	2024-06-16_b968aae42a9874d47788a02efc2ebcea_floxif_mafia.exe
1044	2024-06-16_b968aae42a9874d47788a02efc2ebcea_floxif_mafia.exe
1044	2024-06-16_b968aae42a9874d47788a02efc2ebcea_floxif_mafia.exe
1044	2024-06-16_b968aae42a9874d47788a02efc2ebcea_floxif_mafia.exe
1044	2024-06-16_b968aae42a9874d47788a02efc2ebcea_floxif_mafia.exe
1044	2024-06-16_b968aae42a9874d47788a02efc2ebcea_floxif_mafia.exe
1044	2024-06-16_b968aae42a9874d47788a02efc2ebcea_floxif_mafia.exe
1044	2024-06-16_b968aae42a9874d47788a02efc2ebcea_floxif_mafia.exe
1044	2024-06-16_b968aae42a9874d47788a02efc2ebcea_floxif_mafia.exe
1044	2024-06-16_b968aae42a9874d47788a02efc2ebcea_floxif_mafia.exe
1044	2024-06-16_b968aae42a9874d47788a02efc2ebcea_floxif_mafia.exe
1044	2024-06-16_b968aae42a9874d47788a02efc2ebcea_floxif_mafia.exe
1044	2024-06-16_b968aae42a9874d47788a02efc2ebcea_floxif_mafia.exe
1044	2024-06-16_b968aae42a9874d47788a02efc2ebcea_floxif_mafia.exe
1044	2024-06-16_b968aae42a9874d47788a02efc2ebcea_floxif_mafia.exe
1044	2024-06-16_b968aae42a9874d47788a02efc2ebcea_floxif_mafia.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000a000000014af6-1.dat	upx
behavioral1/memory/1044-3-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/1044-304-0x0000000010000000-0x0000000010030000-memory.dmp	upx

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\symsrv.dll	2024-06-16_b968aae42a9874d47788a02efc2ebcea_floxif_mafia.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1044	2024-06-16_b968aae42a9874d47788a02efc2ebcea_floxif_mafia.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-16_b968aae42a9874d47788a02efc2ebcea_floxif_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-16_b968aae42a9874d47788a02efc2ebcea_floxif_mafia.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:1044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Intel\Logs\IntelRST.log

Filesize
5KB

MD5
92c4b4323594c0f1dbcded254ae6e255

SHA1
b3d1ca1290bd9b9c13f93ec6fb89bf36d60d17f3

SHA256
ca3414dfca8e462c93e079a10fd8a9c2b12554c22d5d047fb182eb9d53242995

SHA512
6d3c7985af6de44e5b324f2d20e21209f7c88469cb921377b348ccd4b6d96b77899cb3a59ae7930213bec92e9d82103638b8121234d1a75df4af0de13b6c8cf9

Download Submit
\Program Files\Common Files\System\symsrv.dll

Filesize
67KB

MD5
7574cf2c64f35161ab1292e2f532aabf

SHA1
14ba3fa927a06224dfe587014299e834def4644f

SHA256
de055a89de246e629a8694bde18af2b1605e4b9b493c7e4aef669dd67acf5085

SHA512
4db19f2d8d5bc1c7bbb812d3fa9c43b80fa22140b346d2760f090b73aed8a5177edb4bddc647a6ebd5a2db8565be5a1a36a602b0d759e38540d9a584ba5896ab

Download Submit
\Users\Admin\AppData\Local\Temp\IIFD3A.tmp\ar-SA\IntelCommon.dll

Filesize
12KB

MD5
d14b422803e3f5975054fb1f5508264c

SHA1
d5dc8950650149ec87ec643a6d1031f1c723d64e

SHA256
61412c4d960a1d48d7e7b27ce756db29ac2bd3c1d71de375553b0d4c111b10ae

SHA512
ff9e52d356b173ab7b204e51d75d7e420a9aba1def4df172fbbfdef44e665b217ad366556e3d05958054d3432dd55e1311783999ea5453163e695f0420cc3e3b

Download Submit
\Users\Admin\AppData\Local\Temp\IIFD3A.tmp\cs-CZ\IntelCommon.dll

Filesize
13KB

MD5
4385da8b81c7ad2ad4c455e7658342a6

SHA1
6dccb663ae44ef793e3ca0592150031c0fd49a05

SHA256
8c22b9369c8f440a474d9abf2b466c2d46d097c902ef6b6261c3a9fdfb73d5a4

SHA512
a59b71f46c7687ebbf018a27f7cf2def97bfda5f8ff936bdb2d49fe0496ab0fda35788b8076b409589c4c4e76ec66dd83b681b2f1522022e16903dd1648eeb90

Download Submit
\Users\Admin\AppData\Local\Temp\IIFD3A.tmp\da-DK\IntelCommon.dll

Filesize
13KB

MD5
a4d0f72f4317851580ffd2cb409696e5

SHA1
07a60096bcab6589a8ba69bca7c82c331dff15d7

SHA256
79d4c2d12b81f103c4b73d5a40c353154b37d7291485de0e9e0a9f39d28deb3f

SHA512
750a56fa7641dd0bac0154199b0420a3e672a9d6447f0227d5bd2f5b4d8c73d0e193040066e6ae160661cefca3cc6e1707e1aa3ccd342e72836d8f1b0888ac83

Download Submit
\Users\Admin\AppData\Local\Temp\IIFD3A.tmp\de-DE\IntelCommon.dll

Filesize
14KB

MD5
4658cc2f74a6c21f8fd70c7f720669c9

SHA1
5e1d882d78a393051afea79ed5d3333266f93fc0

SHA256
e2c574ae026136b984c8f6cd3d01c3cc59dc1ef12a4d6e825930dad0c591bc2d

SHA512
006226c744a46b45200ba4219aa83844d786214c2898f94966693409f502a2f24cf0f3bed04feb3a49ad4013dbe3acf2534373631babdb0640f7b6e605045ed7

Download Submit
\Users\Admin\AppData\Local\Temp\IIFD3A.tmp\el-GR\IntelCommon.dll

Filesize
15KB

MD5
0ff0c5ad0782382eab28349076d50ec2

SHA1
40bb123e4200cadeb66ec1d0616abd1a595deea6

SHA256
3c8f5ee456912f9e669c8969ef39fc21383fc0d37495bc37f75e663035bdf94b

SHA512
f773ec836ed8c7c3f8a6166d4273738313130bd023ffc02042ebb351c65129cb61fe4a8edc4fabac394041e09e2736ddf7304fafa10979b472b07659f9901460

Download Submit
\Users\Admin\AppData\Local\Temp\IIFD3A.tmp\en-US\IntelCommon.dll

Filesize
13KB

MD5
58910aa05b681654f9f8845bce95ddf8

SHA1
65dc55b16489d5b50c13e54c38cb1ffb96caa3b3

SHA256
4e35b772f1b9db0d0aee90d666005b66089f70cf907d1ba0a748101f1add7467

SHA512
86f2fba4fb44030897da508507b76327410efd541deee9f0dcce0fc95105d1178f346a972101fd6a39dd595336c6389c641ffe519e1cc925559d7abea418ee5c

Download Submit
\Users\Admin\AppData\Local\Temp\IIFD3A.tmp\es-ES\IntelCommon.dll

Filesize
14KB

MD5
0dbe9ffb70ee92cfe9c1c6ba8eaa2141

SHA1
fae0203cab2bebb02837ad3173ae5295a208b5e5

SHA256
ec5b23920cdd4d88b39013d2d98a39022b3ec82b7a8ca4530cfbe4fdf5b9c49e

SHA512
49e87d871d91c48890639698b94112984f8c5b6f4b9e924b8abe0972dbafbf57d66044923f93b33c0685f5a9db42e1b76bdfb12f430547e0ad80e6471b2ab984

Download Submit
\Users\Admin\AppData\Local\Temp\IIFD3A.tmp\fi-FI\IntelCommon.dll

Filesize
13KB

MD5
5b38592c724a5e72d87990efce29fd23

SHA1
dff56f792bcea6f914f03ef0a4abab9bc5c6a7dc

SHA256
94983069f88d7e0d1d26872adf7d91aa32811947591ab4cddae0213dbda9433e

SHA512
df3b40672db153a042d6ec0506c4788a273194cae07356ce565d3449166c5cfcf67952fde3da27c742f5aeab9108fd92f41fc8f6fc6dc4829d292352d9494c5e

Download Submit
\Users\Admin\AppData\Local\Temp\IIFD3A.tmp\fr-FR\IntelCommon.dll

Filesize
15KB

MD5
fcefb428ce12daad86ac90993a2a7dd8

SHA1
49e535865ab8c26007dc6ecd15ad5133e54dd054

SHA256
c89a988e49d346509dd8531f9888ead6ddf28f9ebed0d96faf91205dec04a887

SHA512
1cb564df378d2e9a94a1c43231b2c2f0c98e698c43f03ad82eba372a0514e4363edd6d92b6cd4d5984aee230b3496145c16b54c7c1dfd21d829199a161da8a83

Download Submit
\Users\Admin\AppData\Local\Temp\IIFD3A.tmp\he-IL\IntelCommon.dll

Filesize
11KB

MD5
f5d43290fbd4a2da0bd14b2d93c9a963

SHA1
3188281bd12f89b02bd33747f0a67f4a493a2856

SHA256
b83c5b9adc55a15f46cd150f92d868dfba7feaba2abc1bdffdd3f3019e19ea67

SHA512
6d41294618518f0730ef36a3f16c7b798b470d2a0e6969e031c954471e8d0c5bd8e956c197d9176c09cad8730f2710769c5d6ceb7314d362eac955f9f3a76fff

Download Submit
\Users\Admin\AppData\Local\Temp\IIFD3A.tmp\hu-HU\IntelCommon.dll

Filesize
14KB

MD5
b8512dd657fc422f90e2c0d9ad3b63d1

SHA1
348cba7698120f58520c5392d19a120662ac6c19

SHA256
a10665e6d54cbc5219f0ccc5794ce3e11e3bc2fac3171b5f07a59405099a8773

SHA512
66e8a2a30b8ba27ba9aef953a53dfad80ad5f0401eb7255bac50114c88d47a15083285a2fb221b2d5ec929e4457ab95b7787466a2650c64fe3858cfb6c302fdc

Download Submit
\Users\Admin\AppData\Local\Temp\IIFD3A.tmp\it-IT\IntelCommon.dll

Filesize
14KB

MD5
d2260f12a8a5d5f37cea9b69f40f471f

SHA1
2e0bcae5538fa26a26a4552045025fd4677896ff

SHA256
2311e7a2811cca154dc723925708d7980a729a446aa02496b84a1eb7f1609738

SHA512
6f051273d5fbf1411af76c718bdf9dbe793b890e9145b87f9f5562daa27c701355c79bec9b4868e5bcf3ab95ddf15aefe4bc54d6bbef4514c7fff282f951f01c

Download Submit
\Users\Admin\AppData\Local\Temp\IIFD3A.tmp\ja-JP\IntelCommon.dll

Filesize
10KB

MD5
a08d1e79297ca62a1dcc00ad3c45688e

SHA1
f956846a64954555339db45ab0d7edb0a797f98d

SHA256
844727deac51c9daa08f7831ab60de68f7460b8c04817cef43069514750a8505

SHA512
1165f426c609b3266b526665800ff1ab49f04887bb96bbfc841973ceabd858ee2ec9c2332ee3d1cd8574f7706c79ec5902abcacc37ac7d91177e8eee3761d70d

Download Submit
\Users\Admin\AppData\Local\Temp\IIFD3A.tmp\ko-KR\IntelCommon.dll

Filesize
9KB

MD5
9a12717e093044758d3a93f3886e940f

SHA1
69c1bee4144ddff0d86a4ffe2cbb32ae601bd0a7

SHA256
3b8b98b9af4c67d38efcce8dfa0fdb7d97e8434cfe06b31f96d4fccc2576a9c3

SHA512
5bc75871c3c8d9fbc783cfa18a9a827deb4853bec3345afa7f2a6820f218e4a73a20896882d66481271f48d52f9834e48a099de650d61237cf03e28462c78bdd

Download Submit
\Users\Admin\AppData\Local\Temp\IIFD3A.tmp\nb-NO\IntelCommon.dll

Filesize
13KB

MD5
23f4981b0186581f43683b3099d0c75d

SHA1
d40aac72b7a52c25537c3eaa4eb53fd58aa96667

SHA256
a9f90da2fcd35521b2cebc968c54eeed69da1bbaad3900ed80f6b41324e1417b

SHA512
5520f8b9ea642c5209d44d77bcae0f63e264496f3fdb6f0c8c5b7737a409de803080663092a877d9b272db5438a89355f129b7b5664c80545cab14ecc3f37354

Download Submit
\Users\Admin\AppData\Local\Temp\IIFD3A.tmp\nl-NL\IntelCommon.dll

Filesize
14KB

MD5
07019c6cf08c17695a80077b945b7269

SHA1
f317566c8b2bffd8c2cbbe15eb10907960d20031

SHA256
bffa2b853fb25f4905ea25bba4ed63aebe2e33ca2b6a195f4e3f81a3cee264eb

SHA512
da078d2a157e09af586f66bba3a2258519ebe5d9c82ce03fac5b86657171757852dce776c94138fc3bf43f0a911e4fff2587ab217d0a8ab010f793bbcb4d2d1d

Download Submit
\Users\Admin\AppData\Local\Temp\IIFD3A.tmp\pl-PL\IntelCommon.dll

Filesize
14KB

MD5
7ab7e6c42dbcabe8e6aba062d34ae0b9

SHA1
3797603d20ac972916edf4504159ab3d54b674d6

SHA256
b66f0d8b0031bbdd9b17cbf6d325396281354406190a741a6a353a3fad644975

SHA512
03ed0c08835af1118ff9aade0e293ea326489caa48962e51c5d0b5a96bd8fec94a8ffdc01cf18f3b071a3957981bd5b4a70d2bd640060e513227b05452856f72

Download Submit
\Users\Admin\AppData\Local\Temp\IIFD3A.tmp\pt-BR\IntelCommon.dll

Filesize
14KB

MD5
12d4e0c79a907129cf72b30bddf9da04

SHA1
f77eececfa10a29a5156e8e3deb8fe6bb8f0fc5c

SHA256
71318363ee8bee5264eb9b7798c007944abfb3c320e96afa40404e9a33a7c89f

SHA512
c3a51c0a99ef27dfc9478b8b567e124de13da9f6cc5db8e7ce4367fb0b46e294573db2240ec26e6d2fcc41e7605a02b4d38e5343e74162dab4b250873288b13d

Download Submit
\Users\Admin\AppData\Local\Temp\IIFD3A.tmp\pt-PT\IntelCommon.dll

Filesize
14KB

MD5
8fbe6456820d952c43d22cdc854e44f8

SHA1
f9dd0c8ebb33f97e7fada4e3bbb0fdaf0b53d6e5

SHA256
1e93d7edff843854741eb93c9b2c52792ba6cc133692afbdc8e894a6d51ae84c

SHA512
b5674115b6755ec855564b7c91bb9d9a23510ef4e6ce537537fa334343fbaebbef44e0151eee766895d269bfb70a9acba9d0efbb5850a43715371801667dc66a

Download Submit
\Users\Admin\AppData\Local\Temp\IIFD3A.tmp\ru-RU\IntelCommon.dll

Filesize
13KB

MD5
ea387e6ce9d2b6980977b5149af80fe4

SHA1
223a22e148ce5a09aec19d4f8ade45e934e537cb

SHA256
75cfc99c9af161e5049f97b3783c906b34a13470544c22fb2435367b1c38209e

SHA512
8e74165789d93c47b9e3a8b2f2caa1da8a3454682a435fb9e8f33a2ce419aa8412925c296eb45f42ddeff975716d87162dae4e3123d363a4f0ce7f5196adb2d2

Download Submit
\Users\Admin\AppData\Local\Temp\IIFD3A.tmp\sv-SE\IntelCommon.dll

Filesize
13KB

MD5
e845328d501dee795253da63b65ef726

SHA1
63f34827dfa86c1c9471be9c3b9a451ea9f20607

SHA256
fb27ec1044dce6256c0782d8df2ddf21557604dc14f7e428455a727ea7af746b

SHA512
5bcb80eebff9606db6da1551220ec996f71f881e219e8b27ce8f414e323ec5139337808f30fa5ed3b35c253f3932bb95106c3e7b663a58687e91c8d784469da4

Download Submit
\Users\Admin\AppData\Local\Temp\IIFD3A.tmp\th-TH\IntelCommon.dll

Filesize
12KB

MD5
8f5ce4eefe667cd884a10181a97e8d1f

SHA1
2be6239f5c9177db4320d46753e64ff877a2f0f0

SHA256
55553ad17868d3bd51b627b77c4b2c2832bcc558f8555b77de06534c22c4e164

SHA512
ed77b3a75a8e019b27e0eafa409419cdabf7f1b992cceca9cdbded6ffa9cdfce60c58a3cfdadc82115138179c446d50adc335d69dd9ba43a8782f9cdc69500d6

Download Submit
\Users\Admin\AppData\Local\Temp\IIFD3A.tmp\tr-TR\IntelCommon.dll

Filesize
13KB

MD5
0baa06a05026a2af3e895c65f3b8eaac

SHA1
a1c649c0d25f53500fc12ef47b89b2827bacfe80

SHA256
4b3638de537067970e3df240a9717471114b2134ebc3f4540389d982f48b9af2

SHA512
b41f1d9df5a0f8c6f0508249b6159ca2a20099622e67aa0452ef80b3952ab91ef89971ed32ddf8247d24e1f84117b9dc59dd04e768e6f60c981312e0807c8a8e

Download Submit
\Users\Admin\AppData\Local\Temp\IIFD3A.tmp\zh-CN\IntelCommon.dll

Filesize
8KB

MD5
ddb98731bff79ffb5cefba58a0c64926

SHA1
2bc92c1f5265bcd0d88b0ea4561988656dfa0537

SHA256
093f7a0f5f721fd68724cc17b8d307252b4b2d6ff841d6733e5c91ffdecdafe1

SHA512
dce39698c345e34f49be6e34d548035916cd0d9a854601efcd31d6a51aa477b6ff7044dcb5b1084a123ab0bee0d89d6867899de15c7c871c0e1cb6201091a8a1

Download Submit
\Users\Admin\AppData\Local\Temp\IIFD3A.tmp\zh-TW\IntelCommon.dll

Filesize
8KB

MD5
a54080759bd182e3b5b3716443d523ab

SHA1
7935dacd57509aa7e1c0c7f4f9f647ccd4b19cba

SHA256
8a83edd1fed8ed6bfa56c4b623446429222abc4ca85009c015cbc302d20771cc

SHA512
2f077eab31462f995d1c7f7c80117fb86f292da9a0836f5e45932dc93ffce9da6a9b7006c3cf4760345b78b94c3e3a2ea7ce7a00908a2b853ecddfc1220853fa

Download Submit
memory/1044-3-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/1044-304-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/1044-302-0x0000000000080000-0x00000000001B4000-memory.dmp

Filesize
1.2MB

Download