c5f4e78ff8add0f4c0636739e863a1461f9f29178e3675dc54388dcbeb1b157b

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
25/03/2024, 22:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-03-25_a5684da5fb004069a2b821a13f6197c6_mafia.exe
Size

428KB
MD5

a5684da5fb004069a2b821a13f6197c6
SHA1

3b9a8a9c2df369fcaf43b386142906e3bc16f726
SHA256

c5f4e78ff8add0f4c0636739e863a1461f9f29178e3675dc54388dcbeb1b157b
SHA512

e19ce28e9b7f4bed2c8aff3b2507e70dadeb1f75bedeba9b9e5d5e0f60b7d5a63e31b92ff6f681727827701f661f9a902ba541bd045767e28f2b81893f10e23c
SSDEEP

6144:gVdvczEb7GUOpYWhNVynE/mFhUHb8TOxgd3TXpSaiMGWcp2lluFddvmrqHR:gZLolhNVyE/IyxSTga7GWcwaddvYqHR

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2772	687E.tmp

Executes dropped EXE 1 IoCs

pid	Process
2772	687E.tmp

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	1556	svchost.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2568 wrote to memory of 2772	2568	2024-03-25_a5684da5fb004069a2b821a13f6197c6_mafia.exe	88
PID 2568 wrote to memory of 2772	2568	2024-03-25_a5684da5fb004069a2b821a13f6197c6_mafia.exe	88
PID 2568 wrote to memory of 2772	2568	2024-03-25_a5684da5fb004069a2b821a13f6197c6_mafia.exe	88

C:\Users\Admin\AppData\Local\Temp\2024-03-25_a5684da5fb004069a2b821a13f6197c6_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-25_a5684da5fb004069a2b821a13f6197c6_mafia.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2568
- C:\Users\Admin\AppData\Local\Temp\687E.tmp
  "C:\Users\Admin\AppData\Local\Temp\687E.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-03-25_a5684da5fb004069a2b821a13f6197c6_mafia.exe C4E660FCFA75188B85E3C4C302111928F4C07D6852F45CF1AF583B725DEF917E7134B55AD28049407ACDE25D6B0427738F3FE3EAF8FF72DCCD42E1B00B83A920
  2⤵
  - Deletes itself
  - Executes dropped EXE
  PID:2772

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:1632

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
ce659a593cc554698d7080aa6300ad4f

SHA1
c3bab9492e4c43bea2f9c9bbacfd82c363c69e1b

SHA256
f7f3ad6e308ec7f5b403a03e425be11f8bf2f3d347e62f71a00e8aa17305a4d2

SHA512
25bf664916bd274ba71e85c92427181bfe43cfb59bcd6a4e0df82ca48d8b484e5ddd295e26d481cd0f6bd7f506fa5cd587622bfbd9bb157305d35ccf8038ad6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\687E.tmp

Filesize
428KB

MD5
7a874b4ad47556c099d15ef03a4194a5

SHA1
7d18b277237c9153d73f14c0a4a4bdff0a8c8afb

SHA256
a871a71df19e425bc8ff44cf103085cf32f79aab1842036c746b9f45f631e53b

SHA512
c5df5fda04af4fd94b69995942da7c9e6acbea635244cc526c03b0e92c3a121c244946bf1550badc589097c499ccb191bc34728a93cdc19b403c2f8558f3c11a

Download Submit
memory/1556-45-0x00000293CABE0000-0x00000293CABE1000-memory.dmp

Filesize
4KB

Download
memory/1556-46-0x00000293CABE0000-0x00000293CABE1000-memory.dmp

Filesize
4KB

Download
memory/1556-37-0x00000293CABE0000-0x00000293CABE1000-memory.dmp

Filesize
4KB

Download
memory/1556-38-0x00000293CABE0000-0x00000293CABE1000-memory.dmp

Filesize
4KB

Download
memory/1556-39-0x00000293CABE0000-0x00000293CABE1000-memory.dmp

Filesize
4KB

Download
memory/1556-40-0x00000293CABE0000-0x00000293CABE1000-memory.dmp

Filesize
4KB

Download
memory/1556-41-0x00000293CABE0000-0x00000293CABE1000-memory.dmp

Filesize
4KB

Download
memory/1556-42-0x00000293CABE0000-0x00000293CABE1000-memory.dmp

Filesize
4KB

Download
memory/1556-43-0x00000293CABE0000-0x00000293CABE1000-memory.dmp

Filesize
4KB

Download
memory/1556-47-0x00000293CA800000-0x00000293CA801000-memory.dmp

Filesize
4KB

Download
memory/1556-36-0x00000293CABB0000-0x00000293CABB1000-memory.dmp

Filesize
4KB

Download
memory/1556-20-0x00000293C2640000-0x00000293C2650000-memory.dmp

Filesize
64KB

Download
memory/1556-44-0x00000293CABE0000-0x00000293CABE1000-memory.dmp

Filesize
4KB

Download
memory/1556-48-0x00000293CA7F0000-0x00000293CA7F1000-memory.dmp

Filesize
4KB

Download
memory/1556-50-0x00000293CA800000-0x00000293CA801000-memory.dmp

Filesize
4KB

Download
memory/1556-53-0x00000293CA7F0000-0x00000293CA7F1000-memory.dmp

Filesize
4KB

Download
memory/1556-56-0x00000293C1FF0000-0x00000293C1FF1000-memory.dmp

Filesize
4KB

Download
memory/1556-4-0x00000293C2540000-0x00000293C2550000-memory.dmp

Filesize
64KB

Download
memory/1556-70-0x00000293CA940000-0x00000293CA941000-memory.dmp

Filesize
4KB

Download
memory/1556-68-0x00000293CA930000-0x00000293CA931000-memory.dmp

Filesize
4KB

Download
memory/1556-71-0x00000293CA940000-0x00000293CA941000-memory.dmp

Filesize
4KB

Download
memory/1556-72-0x00000293CAA50000-0x00000293CAA51000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads