Analysis

  • max time kernel
    148s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-03-2024 23:28

General

  • Target

    2024-03-28_6964d28d1afb337fe0f67c70fc1a9b4a_mafia.exe

  • Size

    422KB

  • MD5

    6964d28d1afb337fe0f67c70fc1a9b4a

  • SHA1

    938eb760273498c6a43c107c5742f6d8edb181d5

  • SHA256

    1d391dfc3740fad8a513ad295855c45d5e251e9fffc7b6da2c822968c695d48e

  • SHA512

    bff1e86768b0d2ea4e1cb3ad63a0e1003eee643c104bd256aa8b0b3dd90dd8945f2bd6014d8db6a0a21dd8689e3a4156901be91ea521ee2859837c7bc36d60e1

  • SSDEEP

    12288:q44B8ekieZgUB8kq7yaNAkfBo6SCeUzEzylO:q44B8ekieHB8/3MCeUzEeO

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-28_6964d28d1afb337fe0f67c70fc1a9b4a_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-28_6964d28d1afb337fe0f67c70fc1a9b4a_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4792
    • C:\Users\Admin\AppData\Local\Temp\7668.tmp
      "C:\Users\Admin\AppData\Local\Temp\7668.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-28_6964d28d1afb337fe0f67c70fc1a9b4a_mafia.exe 70B9F1F53899075E443F7A5B5E51C7E40CE950A43854B925B597DCDA89B87898770EF00D0A4372329599D1EA1C062447F17506B92BFC223BDE8F8ABA8BDED0FD
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3404

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7668.tmp

    Filesize

    422KB

    MD5

    d7e96710d3eb94ff73ea2fed57c3676e

    SHA1

    48cf937f0229ddc64c910826a08b537dee59d168

    SHA256

    bb47759108b98994df497c7f50ce3167a6b554b4e02accb06626fc4fd404ab87

    SHA512

    5e566b48ffb90b74c836415b18c5ce84ad290837efaad9eaa5d324e23af145c17a6091fb1644da5d4f2f7578cf6366c733b577f4051165bb9de1c63b97fd13c6

  • memory/3404-4-0x0000000000400000-0x0000000000473000-memory.dmp

    Filesize

    460KB

  • memory/3404-7-0x0000000000400000-0x0000000000473000-memory.dmp

    Filesize

    460KB

  • memory/4792-0-0x0000000000400000-0x0000000000473000-memory.dmp

    Filesize

    460KB

  • memory/4792-5-0x0000000000400000-0x0000000000473000-memory.dmp

    Filesize

    460KB