306741ff4495851fe3d218d7950c98c2734ec6aefeb7c9edc48559b65de2981d

Analysis

max time kernel
0s
max time network
2s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 10:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-03-11_8251503ea6d4c98caa346d81579ccec3_mafia.exe
Size

536KB
MD5

8251503ea6d4c98caa346d81579ccec3
SHA1

40447fef7f56f4c737a57902bded3a1ab7df5f0d
SHA256

306741ff4495851fe3d218d7950c98c2734ec6aefeb7c9edc48559b65de2981d
SHA512

a5849e8d350cca2782309d80ec6ea23ea481f459f3006ab6f5f676fe0694ddfc4a55e875d440307cbfec551859e5c7fbc7f9e4a5083f61fa5e68d614d3dc5fdd
SSDEEP

12288:wU5rCOTeiUYY6n29CjQoDfSfx6UQzlIfOp4OIZxVJ0ZT9:wUQOJUYT29CjQoDap6UrfrOIRJ0ZT9

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 5 IoCs

pid	Process
2548	4BDE.tmp
4928	4C4B.tmp
636	4CF7.tmp
3264	4DB2.tmp
3176	4E20.tmp

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 2760 wrote to memory of 2548	2760	2024-03-11_8251503ea6d4c98caa346d81579ccec3_mafia.exe	85
PID 2760 wrote to memory of 2548	2760	2024-03-11_8251503ea6d4c98caa346d81579ccec3_mafia.exe	85
PID 2760 wrote to memory of 2548	2760	2024-03-11_8251503ea6d4c98caa346d81579ccec3_mafia.exe	85
PID 2548 wrote to memory of 4928	2548	4BDE.tmp	86
PID 2548 wrote to memory of 4928	2548	4BDE.tmp	86
PID 2548 wrote to memory of 4928	2548	4BDE.tmp	86
PID 4928 wrote to memory of 636	4928	4C4B.tmp	87
PID 4928 wrote to memory of 636	4928	4C4B.tmp	87
PID 4928 wrote to memory of 636	4928	4C4B.tmp	87
PID 636 wrote to memory of 3264	636	4CF7.tmp	88
PID 636 wrote to memory of 3264	636	4CF7.tmp	88
PID 636 wrote to memory of 3264	636	4CF7.tmp	88
PID 3264 wrote to memory of 3176	3264	4DB2.tmp	89
PID 3264 wrote to memory of 3176	3264	4DB2.tmp	89
PID 3264 wrote to memory of 3176	3264	4DB2.tmp	89

C:\Users\Admin\AppData\Local\Temp\2024-03-11_8251503ea6d4c98caa346d81579ccec3_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-11_8251503ea6d4c98caa346d81579ccec3_mafia.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2760
- C:\Users\Admin\AppData\Local\Temp\4BDE.tmp
  "C:\Users\Admin\AppData\Local\Temp\4BDE.tmp"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2548
- - C:\Users\Admin\AppData\Local\Temp\4C4B.tmp
    "C:\Users\Admin\AppData\Local\Temp\4C4B.tmp"
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4928
  - - C:\Users\Admin\AppData\Local\Temp\4CF7.tmp
      "C:\Users\Admin\AppData\Local\Temp\4CF7.tmp"
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:636
    - - C:\Users\Admin\AppData\Local\Temp\4DB2.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\4DB2.tmp"
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\4E20.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\4E20.tmp"
        6⤵
        Executes dropped EXE
        
        PID:3176

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4BDE.tmp

Filesize
536KB

MD5
8faa41cca941faab94d82beb67bdc31d

SHA1
54b1bd32d07ba1f16025b0ebf726294f03733b04

SHA256
830bc49719dc072ec2d387709b886c858ff94acdd4f5e0aba374ae470c015c3e

SHA512
2a7e6f412e3e527103992dd33279568d73eb53595d9a7fca45b60e1639395810df0c5ec0c009add88df53dbf32f2777294815aff98f3dbf985114eef121150b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\4C4B.tmp

Filesize
536KB

MD5
03beb3bc39f407ad4dc51b54d57a203c

SHA1
7abc6b7facc130b473691bbb812e707cc8559245

SHA256
189e19e3930b85ca5efcdaf9493acedaa97fc82abcae843cd528f66f4bad536c

SHA512
0114210be4019d61cf9a4ed456ceae6291772a581bd7b2de8a68e364954f42c089b9b6bdb06c1b1015fa9360f8a2371c22d9244d34cd2b8c62dfeccb170f7eb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\4CF7.tmp

Filesize
536KB

MD5
17bfc5fbcaa7c48d16bbf2180b50fbc1

SHA1
2f790fad1bfe987a350fd09ea648f1835ad31e25

SHA256
ae9bf56b5105e641b0352b2608c3de96cfc283a691b8224fe75991e7e911e68e

SHA512
de275dd2cb1c7c30201472eb5d5202b90c3a897999a928c07440d3a1f75144fd6a3e412948c09a6088146f7a5225e95633b4dbb39507d45e355eab6d1d7b8075

Download Submit
C:\Users\Admin\AppData\Local\Temp\4DB2.tmp

Filesize
536KB

MD5
ecd440314ce64c8c8d54323364a97385

SHA1
277bec5aed440a27a62b84d2ceca06200641223a

SHA256
510e2803e53be72271ebcab983987dedab138f05c81d74c01b3d3990c4e42e47

SHA512
469f64fb07f9632a3485a128316f749c93e3b78e3878382fc5f80c990ead9862dd7f7063264f4ad31377cbd2b99682c0d574e1613920af3211c14383d08516ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\4E20.tmp

Filesize
536KB

MD5
a13727637e3e7426e4fa110cac6b07d3

SHA1
908ac0a44dc174ef6c895942be0ecc54da097a61

SHA256
cc40e8598f9c71f7fecaf61cb0bd27437b0f080567b3d0daaeca001c2e24f972

SHA512
fbfcb731bf5510b0dbd430c0419530e828ea7278288a80a81d5cde386cd586aac094b79f0425f54f50b4efdad6ddb1b1644254e2cc29eaccded2b10c31b666a1

Download Submit
memory/636-23-0x00000000002B0000-0x000000000033C000-memory.dmp

Filesize
560KB

Download
memory/636-18-0x00000000002B0000-0x000000000033C000-memory.dmp

Filesize
560KB

Download
memory/2548-6-0x00000000003C0000-0x000000000044C000-memory.dmp

Filesize
560KB

Download
memory/2548-12-0x00000000003C0000-0x000000000044C000-memory.dmp

Filesize
560KB

Download
memory/2760-0-0x0000000000180000-0x000000000020C000-memory.dmp

Filesize
560KB

Download
memory/2760-5-0x0000000000180000-0x000000000020C000-memory.dmp

Filesize
560KB

Download
memory/3264-29-0x0000000000570000-0x00000000005FC000-memory.dmp

Filesize
560KB

Download
memory/3264-24-0x0000000000570000-0x00000000005FC000-memory.dmp

Filesize
560KB

Download
memory/4928-11-0x0000000000690000-0x000000000071C000-memory.dmp

Filesize
560KB

Download
memory/4928-17-0x0000000000690000-0x000000000071C000-memory.dmp

Filesize
560KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads