b79c5ae4d65430469879ae59389e855df50cf46ae29cd4c8549c5550266cef5d

Analysis

max time kernel
115s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/02/2024, 12:41 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-02-28_ae4d6bd1f97680fadb72335675c93b9e_mafia.exe
Size

444KB
MD5

ae4d6bd1f97680fadb72335675c93b9e
SHA1

b80ddf925a32cb108a59123213fe00f63b1cbf13
SHA256

b79c5ae4d65430469879ae59389e855df50cf46ae29cd4c8549c5550266cef5d
SHA512

ef0b964a23ff2dbfd44737827c9a69123255de18f2478148a911e32ede3ca1974f75881c37f3f81eb2e1b6f477e83991fbd8c71272b1eadc5d9f3cbb5544eb07
SSDEEP

12288:Nb4bZudi79LDFI4wSCoelxv/hrgIcdguIxA:Nb4bcdkLDfwSCoAx6

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2128	7474.tmp

Executes dropped EXE 1 IoCs

pid	Process
2128	7474.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4784 wrote to memory of 2128	4784	2024-02-28_ae4d6bd1f97680fadb72335675c93b9e_mafia.exe	92
PID 4784 wrote to memory of 2128	4784	2024-02-28_ae4d6bd1f97680fadb72335675c93b9e_mafia.exe	92
PID 4784 wrote to memory of 2128	4784	2024-02-28_ae4d6bd1f97680fadb72335675c93b9e_mafia.exe	92

C:\Users\Admin\AppData\Local\Temp\2024-02-28_ae4d6bd1f97680fadb72335675c93b9e_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-02-28_ae4d6bd1f97680fadb72335675c93b9e_mafia.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4784
- C:\Users\Admin\AppData\Local\Temp\7474.tmp
  "C:\Users\Admin\AppData\Local\Temp\7474.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-28_ae4d6bd1f97680fadb72335675c93b9e_mafia.exe 9970FD211FE7633AA7AB04F2B738107DCD9735A7506BAA158F73F6A3AA2EF9D36E2C718F4F085B8BDD39C6D710A43E3E66FD84E51F3FD62295354D1DA7FA8711
  2⤵
  - Deletes itself
  - Executes dropped EXE
  PID:2128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4004 --field-trial-handle=2272,i,11831746627654527593,10138103687018060346,262144 --variations-seed-version /prefetch:8
1⤵
PID:5008

Network

DNS

138.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

138.32.126.40.in-addr.arpa

IN PTR

Response
DNS

241.154.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.154.82.20.in-addr.arpa

IN PTR

Response
DNS

190.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

190.178.17.96.in-addr.arpa

IN PTR

Response

190.178.17.96.in-addr.arpa

IN PTR

a96-17-178-190deploystaticakamaitechnologiescom
DNS

26.35.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.35.223.20.in-addr.arpa

IN PTR

Response
DNS

41.110.16.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.110.16.96.in-addr.arpa

IN PTR

Response

41.110.16.96.in-addr.arpa

IN PTR

a96-16-110-41deploystaticakamaitechnologiescom
DNS

13.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.227.111.52.in-addr.arpa

IN PTR

Response
DNS

86.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.23.85.13.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

1.208.79.178.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.208.79.178.in-addr.arpa

IN PTR

Response

1.208.79.178.in-addr.arpa

IN PTR

https-178-79-208-1amsllnwnet
DNS

194.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.178.17.96.in-addr.arpa

IN PTR

Response

194.178.17.96.in-addr.arpa

IN PTR

a96-17-178-194deploystaticakamaitechnologiescom

13.107.246.64:443

46 B
40 B
1
1
142.250.200.10:443

46 B
40 B
1
1

8.8.8.8:53

138.32.126.40.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

138.32.126.40.in-addr.arpa
8.8.8.8:53

241.154.82.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

241.154.82.20.in-addr.arpa
8.8.8.8:53

190.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

190.178.17.96.in-addr.arpa
8.8.8.8:53

26.35.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

26.35.223.20.in-addr.arpa
8.8.8.8:53

41.110.16.96.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

41.110.16.96.in-addr.arpa
8.8.8.8:53

13.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

13.227.111.52.in-addr.arpa
8.8.8.8:53

86.23.85.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

86.23.85.13.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

1.208.79.178.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

1.208.79.178.in-addr.arpa
8.8.8.8:53

194.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

194.178.17.96.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7474.tmp

Filesize
444KB

MD5
0b6b6f9d44e07edbf150f6df3d6c9c73

SHA1
3e6a8e5b1de133f064dda231f7d89e6cce6c15a0

SHA256
e4b9734ae19d5c994ae2ef7cb9b85b25baf77e06413fb2d203e0bd8285dfbd8a

SHA512
95356505321e7061a99c087fbd371e03dcf00f3ad3105a5909ad99d458a47d91ecb0ca26058c061517369e8e8dd4e857be718269341710d660dcf52c84703fdd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.