Analysis
-
max time kernel
141s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
12-02-2024 17:51
Static task
static1
Behavioral task
behavioral1
Sample
2024-02-12_d59ea4121ad9ec0c1c81f5ec74a26b91_mafia.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-02-12_d59ea4121ad9ec0c1c81f5ec74a26b91_mafia.exe
Resource
win10v2004-20231215-en
General
-
Target
2024-02-12_d59ea4121ad9ec0c1c81f5ec74a26b91_mafia.exe
-
Size
479KB
-
MD5
d59ea4121ad9ec0c1c81f5ec74a26b91
-
SHA1
799d934e9ac4248c12654950e2ecbee697d6d6b0
-
SHA256
0c5ab1de4e0d41f19c161e5d3644033984d972c428bd42e70aced26f28076a0d
-
SHA512
9cf7fae830ec66952362281952d402529b37e78ac95fc2f57c977c040bc873db40cec59cf5bb90a1fcd88d7018970d9e979b0ccf34f680601706a04a041b7799
-
SSDEEP
12288:bO4rfItL8HAo2xcbh8mv8D+uU+fdF8OpmgF75UO:bO4rQtGATxct8mVL+fdaMVUO
Malware Config
Signatures
-
Deletes itself 1 IoCs
Processes:
B2D5.tmppid process 4480 B2D5.tmp -
Executes dropped EXE 1 IoCs
Processes:
B2D5.tmppid process 4480 B2D5.tmp -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
2024-02-12_d59ea4121ad9ec0c1c81f5ec74a26b91_mafia.exedescription pid process target process PID 3148 wrote to memory of 4480 3148 2024-02-12_d59ea4121ad9ec0c1c81f5ec74a26b91_mafia.exe B2D5.tmp PID 3148 wrote to memory of 4480 3148 2024-02-12_d59ea4121ad9ec0c1c81f5ec74a26b91_mafia.exe B2D5.tmp PID 3148 wrote to memory of 4480 3148 2024-02-12_d59ea4121ad9ec0c1c81f5ec74a26b91_mafia.exe B2D5.tmp
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-12_d59ea4121ad9ec0c1c81f5ec74a26b91_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-12_d59ea4121ad9ec0c1c81f5ec74a26b91_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3148 -
C:\Users\Admin\AppData\Local\Temp\B2D5.tmp"C:\Users\Admin\AppData\Local\Temp\B2D5.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-12_d59ea4121ad9ec0c1c81f5ec74a26b91_mafia.exe 0D6F332B8D43CBCA7C08A07A66BCF75BDA3F037F61F59073DED5F4F4AEB90DF554EFF479EADE2324810231C7E1D837EBA78411A4EB8DF34DB38B51D8931A35EA2⤵
- Deletes itself
- Executes dropped EXE
PID:4480
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
479KB
MD5a73a51af7eeaf09563c90abf631662b5
SHA19dd7dcbe1ac4f71bd8b18e9dd1f57ac67899e1fa
SHA2565052b0df4b50983b7b613a1c33b9ae83fc1bff16f0738982d989f5518b89364c
SHA512021e42cdee216e10f2acc524875ff430840d7151c982e81989c9f101ebde42737b4b267c6ec6bc62790f360cdd7ee12b06af1963a7032f4bb873fac6cf5ef852