Analysis
-
max time kernel
92s -
max time network
104s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 17:44
Static task
static1
Behavioral task
behavioral1
Sample
2024-01-25_2db203ba8871d47fec9c4f8079dcb8b6_mafia.exe
Resource
win7-20231129-en
General
-
Target
2024-01-25_2db203ba8871d47fec9c4f8079dcb8b6_mafia.exe
-
Size
433KB
-
MD5
2db203ba8871d47fec9c4f8079dcb8b6
-
SHA1
58d74c2abe004faf8f27644db3e34d5942c2c0ba
-
SHA256
fd130e26ebeb994c6f23162a37f4f91ecec4bf7aacb726a424b9377bd62716f8
-
SHA512
2ab1a64381d9afafcf33fc51cd366b3bd69c8860a0448d44092db76d3efaeec0d887b4f3763e0971d5a3b9dfe210ea59a5d4019e10d2216c7dd91a090192a6cd
-
SSDEEP
6144:Cajdz4sTdDyyqiOXpOd0p6Jiv+vtvx0apoN9CmqPx/CW9h22rshFZx5Q0YloHiKy:Ci4g+yU+0pAiv+MOCW1shFz5RIrn
Malware Config
Signatures
-
Deletes itself 1 IoCs
Processes:
4798.tmppid process 784 4798.tmp -
Executes dropped EXE 1 IoCs
Processes:
4798.tmppid process 784 4798.tmp -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
2024-01-25_2db203ba8871d47fec9c4f8079dcb8b6_mafia.exedescription pid process target process PID 1648 wrote to memory of 784 1648 2024-01-25_2db203ba8871d47fec9c4f8079dcb8b6_mafia.exe 4798.tmp PID 1648 wrote to memory of 784 1648 2024-01-25_2db203ba8871d47fec9c4f8079dcb8b6_mafia.exe 4798.tmp PID 1648 wrote to memory of 784 1648 2024-01-25_2db203ba8871d47fec9c4f8079dcb8b6_mafia.exe 4798.tmp
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_2db203ba8871d47fec9c4f8079dcb8b6_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_2db203ba8871d47fec9c4f8079dcb8b6_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1648 -
C:\Users\Admin\AppData\Local\Temp\4798.tmp"C:\Users\Admin\AppData\Local\Temp\4798.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-25_2db203ba8871d47fec9c4f8079dcb8b6_mafia.exe 1BA3765297B8E0C047DCBABDCB05DBE5B7CA4552837FA08B96FC3B597EDB6742647D880ED730A1E446D726C97F2620478AC9C696917F08F211CE5FFB89C3B1A62⤵
- Deletes itself
- Executes dropped EXE
PID:784
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
260KB
MD548e9014ca8581ae159e96a694fd4e93e
SHA1d38ec826197a67ba1e590f8372d913c8de4c000c
SHA256fd0bb5d5436eac26de1b5962e00c07df06e56e8aab2ebfd1316e089398da9048
SHA512d42c33bdfe930a15c9a71c4bf0a07e229b5c2ffb7d02100d2339ce1e51fafb96976c98e21539560261833cdecc2e62e6c45b8de5a0db873083f903e88955177a
-
Filesize
397KB
MD5a1874aa449fe10dcd1cd3c49e3d8b871
SHA1797b5fe1d615078800125024045b365844802fff
SHA256892addec3a4593f72ea317fefa93390dc85509714df35afa5dad51199cda0b39
SHA512ccc0fb34e8ad20ac163734d1912031a03dcd58a543baaf9ef0c829bc4102590b020615ea003e7f219e0fee86a3bb99657c0396842ab5cec091cde971498c8a2d