Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    01/10/2024, 09:28

General

  • Target

    2024-10-01_276da61c4d795578ee4a8c3a4604e5d5_mafia.exe

  • Size

    526KB

  • MD5

    276da61c4d795578ee4a8c3a4604e5d5

  • SHA1

    0387e6239ff3ac3ea66f594dddb94dc60fde0d7a

  • SHA256

    d0f2307a92c5a8593261cd662771d1a082241e7c6f1f8af5ba954c93f9c5ce86

  • SHA512

    2cf93753fb9c0e1e07b00d2a4e5e4d7a1eecaaa4ebe473fa95ac496b52c9ebc3928f589cc7d9bdfb4747a7692a18e641acda9fb903edaf1415f725b9e18ce0ee

  • SSDEEP

    6144:zooTAQjKG3wDGAeIc9kphIoDZnCC8UQmM0d1tgrsU21nfzUC57JrszJWP6+:z6PCrIc9kph5IwFMe4kdg6VrszJWz

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-10-01_276da61c4d795578ee4a8c3a4604e5d5_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-10-01_276da61c4d795578ee4a8c3a4604e5d5_mafia.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3060
    • C:\Users\Admin\AppData\Local\Temp\9B55.tmp
      "C:\Users\Admin\AppData\Local\Temp\9B55.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-10-01_276da61c4d795578ee4a8c3a4604e5d5_mafia.exe C4647040184F39C73830D43C4BB4A330E715374757571AD9AA6FE83CE595E8BD30E068B34C37971A0E6612FC7C87D46A4DF558E671511225C343691F38CF9802
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • System Network Configuration Discovery: Internet Connection Discovery
      PID:1736

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\9B55.tmp

    Filesize

    526KB

    MD5

    05787cbe06ca09a1b3e895aa3dc8b442

    SHA1

    33bcf556c62210ec6e314a15dfabe88e6b0939f5

    SHA256

    d6b212e2886bfc47c516882b8bb9557adb0818ccb3ebd7be7af42811f57ac989

    SHA512

    096a167d7a2f3999f741b087c28eb02fc1d18c4ac70de58aea69d0277214c00d3d282e57de94cfc4b0c970e252f18ba5241af79462c78a32cebdfb6df99eb29f