Analysis
-
max time kernel
148s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
28-03-2024 23:28
Static task
static1
Behavioral task
behavioral1
Sample
2024-03-28_6964d28d1afb337fe0f67c70fc1a9b4a_mafia.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
2024-03-28_6964d28d1afb337fe0f67c70fc1a9b4a_mafia.exe
Resource
win10v2004-20240226-en
General
-
Target
2024-03-28_6964d28d1afb337fe0f67c70fc1a9b4a_mafia.exe
-
Size
422KB
-
MD5
6964d28d1afb337fe0f67c70fc1a9b4a
-
SHA1
938eb760273498c6a43c107c5742f6d8edb181d5
-
SHA256
1d391dfc3740fad8a513ad295855c45d5e251e9fffc7b6da2c822968c695d48e
-
SHA512
bff1e86768b0d2ea4e1cb3ad63a0e1003eee643c104bd256aa8b0b3dd90dd8945f2bd6014d8db6a0a21dd8689e3a4156901be91ea521ee2859837c7bc36d60e1
-
SSDEEP
12288:q44B8ekieZgUB8kq7yaNAkfBo6SCeUzEzylO:q44B8ekieHB8/3MCeUzEeO
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3404 7668.tmp -
Executes dropped EXE 1 IoCs
pid Process 3404 7668.tmp -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4792 wrote to memory of 3404 4792 2024-03-28_6964d28d1afb337fe0f67c70fc1a9b4a_mafia.exe 87 PID 4792 wrote to memory of 3404 4792 2024-03-28_6964d28d1afb337fe0f67c70fc1a9b4a_mafia.exe 87 PID 4792 wrote to memory of 3404 4792 2024-03-28_6964d28d1afb337fe0f67c70fc1a9b4a_mafia.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-28_6964d28d1afb337fe0f67c70fc1a9b4a_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-28_6964d28d1afb337fe0f67c70fc1a9b4a_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4792 -
C:\Users\Admin\AppData\Local\Temp\7668.tmp"C:\Users\Admin\AppData\Local\Temp\7668.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-28_6964d28d1afb337fe0f67c70fc1a9b4a_mafia.exe 70B9F1F53899075E443F7A5B5E51C7E40CE950A43854B925B597DCDA89B87898770EF00D0A4372329599D1EA1C062447F17506B92BFC223BDE8F8ABA8BDED0FD2⤵
- Deletes itself
- Executes dropped EXE
PID:3404
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
422KB
MD5d7e96710d3eb94ff73ea2fed57c3676e
SHA148cf937f0229ddc64c910826a08b537dee59d168
SHA256bb47759108b98994df497c7f50ce3167a6b554b4e02accb06626fc4fd404ab87
SHA5125e566b48ffb90b74c836415b18c5ce84ad290837efaad9eaa5d324e23af145c17a6091fb1644da5d4f2f7578cf6366c733b577f4051165bb9de1c63b97fd13c6