6ca9469280695776acd9418c22cde836dabccc02c6fe1894c14c5508221d1f2f

Analysis

max time kernel
144s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
26/03/2024, 01:26

Target

2024-03-26_2d014afe36b8ebd6daf742b38243e7d5_mafia.exe
Size

428KB
MD5

2d014afe36b8ebd6daf742b38243e7d5
SHA1

10dd02f9544c7ed5dfcfea7d513c8dbe9baafd84
SHA256

6ca9469280695776acd9418c22cde836dabccc02c6fe1894c14c5508221d1f2f
SHA512

d3221e83ccb5dc84c8a4a00e9a99e9c2cf7851726bf386a6535caa471d06d6d443d07ceb4949e7f15d1223d299652c7ae50a8bda16c495ce0b1941f2dca22934
SSDEEP

12288:Z594+AcL4tBekiuKzErvZeIkVTx7uyBcx9KJbl:BL4tBekiuVriNfyKl

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2144	DDDD.tmp

Executes dropped EXE 1 IoCs

pid	Process
2144	DDDD.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1556 wrote to memory of 2144	1556	2024-03-26_2d014afe36b8ebd6daf742b38243e7d5_mafia.exe	96
PID 1556 wrote to memory of 2144	1556	2024-03-26_2d014afe36b8ebd6daf742b38243e7d5_mafia.exe	96
PID 1556 wrote to memory of 2144	1556	2024-03-26_2d014afe36b8ebd6daf742b38243e7d5_mafia.exe	96

C:\Users\Admin\AppData\Local\Temp\2024-03-26_2d014afe36b8ebd6daf742b38243e7d5_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-26_2d014afe36b8ebd6daf742b38243e7d5_mafia.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1556
- C:\Users\Admin\AppData\Local\Temp\DDDD.tmp
  "C:\Users\Admin\AppData\Local\Temp\DDDD.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-26_2d014afe36b8ebd6daf742b38243e7d5_mafia.exe 6D6F70C15FBFE02C162DD22100D078762AF75EA082EE4BF02FA615B8EC58DF2C5C56E88E0478FB5DC3CC45159DA6F329AD37E2A25BCDFD1F88D9073A84A0906E
  2⤵
  - Deletes itself
  - Executes dropped EXE
  PID:2144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2660 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
1⤵
PID:1520

C:\Users\Admin\AppData\Local\Temp\DDDD.tmp

Filesize
428KB

MD5
092602b87427ef2f8368560d4032acb2

SHA1
9f770707a42bcc5e99a3aac259b49c5704075359

SHA256
8416432668675c8adb84ec70ff1361a3be96cd8b40d5130b6610399d123daa18

SHA512
3d09bc4696abea9898649bf9c69c4a8f0f98bec1937d2fca412577445673bccb30152689203add8e95e83d60f874fa14ab6ca319cdd2b1a371f6061cf8d86fde

Download Submit