96b71e0100fbd340ce544a9cdd524e7fa6540b4994fb113dfe1f10fcff9b6b94

Analysis

max time kernel
142s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
25/08/2023, 15:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9c3ec506c6698e1701f42c9aaff52148_mafia_JC.exe
Size

1.2MB
MD5

9c3ec506c6698e1701f42c9aaff52148
SHA1

80e3228f5b3cd1d40ac88cb78d588768fb3a8eb1
SHA256

96b71e0100fbd340ce544a9cdd524e7fa6540b4994fb113dfe1f10fcff9b6b94
SHA512

98a5b9edd58abc1aa56fadab4d985ec289dbeaec36fe2013f9452e1cd577a6daaac29cfbb8191e3b5b26fc2ba478c75ecdcb5a346c44e1a417079e29e997d69c
SSDEEP

24576:ZPx2Qnyr4NvGXVT/H2HCmUykZgV88UAeK4bFo7aYwsWNqDqbNQoC8R:2Qnyr4NeX5/2HCmUykuieeKQS7aY0NmA

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
5012	NFWCHK.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4780	9c3ec506c6698e1701f42c9aaff52148_mafia_JC.exe
4780	9c3ec506c6698e1701f42c9aaff52148_mafia_JC.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4780 wrote to memory of 5012	4780	9c3ec506c6698e1701f42c9aaff52148_mafia_JC.exe	87
PID 4780 wrote to memory of 5012	4780	9c3ec506c6698e1701f42c9aaff52148_mafia_JC.exe	87

C:\Users\Admin\AppData\Local\Temp\9c3ec506c6698e1701f42c9aaff52148_mafia_JC.exe
"C:\Users\Admin\AppData\Local\Temp\9c3ec506c6698e1701f42c9aaff52148_mafia_JC.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4780
- C:\Users\Public\Documents\Wondershare\NFWCHK.exe
  C:\Users\Public\Documents\Wondershare\NFWCHK.exe
  2⤵
  - Executes dropped EXE
  PID:5012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\wsWAE.log

Filesize
1KB

MD5
b76d201d301670ff257e89992d44ab99

SHA1
beb2d1f4d09ad7fb2993ca209bb8e25a4c0b817d

SHA256
a188d3993f57e569e5bdbb942b0f0d54474e4992e6a7b5582a33286005bf1502

SHA512
28644b9f91fc8845c9b193591428fd90529e40154a50f5a15180ee55e1f7aabe9d30238f7fb0570ff7edacb1ec582b5968b9f4bf840d006bcc0a87fa53c53229

Download Submit
C:\Users\Admin\AppData\Local\Temp\wsduilib.log

Filesize
1KB

MD5
ef5e08b73501f3b9d6c7e3438a44017a

SHA1
4e6ce48b16603301422cbaa670fde3c64f862ab1

SHA256
52dfbc5816fe0d0e1d690abe2e5191dc17a54c1cf77d9229fb5655fa75b9b951

SHA512
57db51386028d9e867190e00fcd7134239718d0e175d391705b7b704f3f7a55ea2a9e11eeed5622e4c56c5636bae53b922aefc48eb1dabf41d9f8a2dfd89a50c

Download Submit
C:\Users\Admin\AppData\Local\Temp\wsduilib.log

Filesize
7KB

MD5
eb931488b291929c8d4c4a850f76d45a

SHA1
2fda639751cb636c3aedac453eac295ea6b58ecb

SHA256
5e877417ebe3b697e47eb69c95b05ca606d87365504cc2207c32ac7afdeedaa8

SHA512
fd798385f4cff633d42b0d15483d1a5d4ff4ddb64da5c50c6ebda9db0e5beef64593f76d9574c8ba98bd5c5370cf077a8bb52dd773aed6970aac1c38f9aa9456

Download Submit
C:\Users\Admin\AppData\Local\Temp\wsduilib.log

Filesize
7KB

MD5
6e12793707c7d65b954df1f708042312

SHA1
90cc6b0362f73fdb676bda9066de49508478c806

SHA256
bf49981f9cb16f648cd7f1b8ec17379456bda6979d71b0da488849cc3d6e0ac8

SHA512
d013bd70744f0e0e96d9f4fbb8e75dd148a021b2111415f1b61995f4f3dab75e014e19fda6f6b23c206b055f7f9838167e75ca44d22eb1096a66e2c7186812f8

Download Submit
C:\Users\Public\Documents\Wondershare\NFWCHK.exe

Filesize
7KB

MD5
27cfb3990872caa5930fa69d57aefe7b

SHA1
5e1c80d61e8db0cdc0c9b9fa3b2e36d156d45f8f

SHA256
43881549228975c7506b050bce4d9b671412d3cdc08c7516c9dbbb7f50c25146

SHA512
a1509024872c99c1cf63f42d9f3c5f063afde4e9490c21611551ddd2322d136ce9240256113c525305346cf7b66ccca84c3df67637c8fecbfeebf14ffa373a2a

Download Submit
C:\Users\Public\Documents\Wondershare\NFWCHK.exe

Filesize
7KB

MD5
27cfb3990872caa5930fa69d57aefe7b

SHA1
5e1c80d61e8db0cdc0c9b9fa3b2e36d156d45f8f

SHA256
43881549228975c7506b050bce4d9b671412d3cdc08c7516c9dbbb7f50c25146

SHA512
a1509024872c99c1cf63f42d9f3c5f063afde4e9490c21611551ddd2322d136ce9240256113c525305346cf7b66ccca84c3df67637c8fecbfeebf14ffa373a2a

Download Submit
C:\Users\Public\Documents\Wondershare\NFWCHK.exe.config

Filesize
229B

MD5
ad0967a0ab95aa7d71b3dc92b71b8f7a

SHA1
ed63f517e32094c07a2c5b664ed1cab412233ab5

SHA256
9c1212bc648a2533b53a2d0afcec518846d97630afb013742a9622f0df7b04fc

SHA512
85766a907331f60044ec205cf345453fc3d44bfcac296ac93a12e8a752b84290dfd94f73b71de82f46f9503177d29602cbb87549f89dc61373d889b4ea26634b

Download Submit
memory/5012-1081-0x0000000000C40000-0x0000000000C50000-memory.dmp

Filesize
64KB

Download
memory/5012-1085-0x000000001B9B0000-0x000000001B9F9000-memory.dmp

Filesize
292KB

Download
memory/5012-1080-0x00007FFB39B20000-0x00007FFB3A4C1000-memory.dmp

Filesize
9.6MB

Download
memory/5012-1078-0x0000000000C80000-0x0000000000CA4000-memory.dmp

Filesize
144KB

Download
memory/5012-1082-0x000000001B1F0000-0x000000001B210000-memory.dmp

Filesize
128KB

Download
memory/5012-1083-0x000000001B210000-0x000000001B51E000-memory.dmp

Filesize
3.1MB

Download
memory/5012-1084-0x00007FFB39B20000-0x00007FFB3A4C1000-memory.dmp

Filesize
9.6MB

Download
memory/5012-1079-0x0000000000CD0000-0x0000000000CE8000-memory.dmp

Filesize
96KB

Download
memory/5012-1086-0x000000001BA70000-0x000000001BAD2000-memory.dmp

Filesize
392KB

Download
memory/5012-1087-0x000000001BFB0000-0x000000001C47E000-memory.dmp

Filesize
4.8MB

Download
memory/5012-1088-0x000000001C520000-0x000000001C5BC000-memory.dmp

Filesize
624KB

Download
memory/5012-1089-0x000000001B940000-0x000000001B948000-memory.dmp

Filesize
32KB

Download
memory/5012-1090-0x000000001C920000-0x000000001C95E000-memory.dmp

Filesize
248KB

Download
memory/5012-1092-0x00007FFB39B20000-0x00007FFB3A4C1000-memory.dmp

Filesize
9.6MB

Download
memory/5012-1077-0x0000000000200000-0x0000000000208000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads