Analysis
-
max time kernel
137s -
max time network
160s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
19-02-2024 16:38
Static task
static1
Behavioral task
behavioral1
Sample
2024-02-19_737541d5b664f5c1dc5cd7716cdc81b6_mafia.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-02-19_737541d5b664f5c1dc5cd7716cdc81b6_mafia.exe
Resource
win10v2004-20231215-en
General
-
Target
2024-02-19_737541d5b664f5c1dc5cd7716cdc81b6_mafia.exe
-
Size
468KB
-
MD5
737541d5b664f5c1dc5cd7716cdc81b6
-
SHA1
73bd0b575bcd1f0abeb67e865c7825c730a32a22
-
SHA256
0251e86099b655b271e313eea9dc6d198c8aef14431bf56d43b0d8d8b2922e12
-
SHA512
96e1ad8ccf68f07c8566cc1181daf9e80ab779411e0b2675f7d4ad4e9c32063a9f862a0b5f676e42a00533ed5b514b6dbcfc2c99715ed1794833bb1314fd0c75
-
SSDEEP
12288:qO4rfItL8HG4A7F9VTq74KYP4sIpYeZzwLatbJ7bWmeEVGL:qO4rQtGGtFvqkKYP4jpxSMlumeEVGL
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 4324 3728.tmp -
Executes dropped EXE 1 IoCs
pid Process 4324 3728.tmp -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4504 wrote to memory of 4324 4504 2024-02-19_737541d5b664f5c1dc5cd7716cdc81b6_mafia.exe 83 PID 4504 wrote to memory of 4324 4504 2024-02-19_737541d5b664f5c1dc5cd7716cdc81b6_mafia.exe 83 PID 4504 wrote to memory of 4324 4504 2024-02-19_737541d5b664f5c1dc5cd7716cdc81b6_mafia.exe 83
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-19_737541d5b664f5c1dc5cd7716cdc81b6_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-19_737541d5b664f5c1dc5cd7716cdc81b6_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4504 -
C:\Users\Admin\AppData\Local\Temp\3728.tmp"C:\Users\Admin\AppData\Local\Temp\3728.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-19_737541d5b664f5c1dc5cd7716cdc81b6_mafia.exe A73F675931C260BE9D50E1983D475060B7468C95925088C0293181184DDCC1D635E799D4B4C9A7E8B3E2E505759A7092BA75616F9CF1482E9ECDC87D1369D1762⤵
- Deletes itself
- Executes dropped EXE
PID:4324
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
468KB
MD5d973cc19b7e3ba48eb93e06384bd67fa
SHA1937d598c182b256dc065ff95c32f3908bd1b9ff4
SHA256c9dd69b5bd0a7b3ebcd8d405b4f9a91b2a22b3c5105de22c1a42382244e78514
SHA512cb35ebb8251ec10e11f17a2ab83fce02b08fcbda1ef9de1cf50faf76bc32a0449373a4379c1fcc72ebc65e6da248bed17b100a93df89dfc7c8c253a4d94c887c