Analysis
-
max time kernel
111s -
max time network
210s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
09-04-2024 22:30
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-09_c8843800144e6b59cd5097dae3529d35_mafia.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-04-09_c8843800144e6b59cd5097dae3529d35_mafia.exe
Resource
win10v2004-20240226-en
General
-
Target
2024-04-09_c8843800144e6b59cd5097dae3529d35_mafia.exe
-
Size
428KB
-
MD5
c8843800144e6b59cd5097dae3529d35
-
SHA1
c9c325b3387156e5fd111562f55b43b062b98415
-
SHA256
90bce085c2adbadc92392d628504ebd07d27d8dd59b3bbbf282299d5ea37d829
-
SHA512
9c876cac6916146f0c14fd39c69a496079c9b7f0ba83e33aebf172d8d926105e94cf52b00f443ec22f6475558def349a5431e92c1485c312196a134a7f993146
-
SSDEEP
12288:Z594+AcL4tBekiuKzErE6TkMdk4Mp51EUpUta3iwNJWl:BL4tBekiuVrPkr1EEEj
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 4216 214E.tmp -
Executes dropped EXE 1 IoCs
pid Process 4216 214E.tmp -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3184 wrote to memory of 4216 3184 2024-04-09_c8843800144e6b59cd5097dae3529d35_mafia.exe 85 PID 3184 wrote to memory of 4216 3184 2024-04-09_c8843800144e6b59cd5097dae3529d35_mafia.exe 85 PID 3184 wrote to memory of 4216 3184 2024-04-09_c8843800144e6b59cd5097dae3529d35_mafia.exe 85
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-09_c8843800144e6b59cd5097dae3529d35_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-09_c8843800144e6b59cd5097dae3529d35_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3184 -
C:\Users\Admin\AppData\Local\Temp\214E.tmp"C:\Users\Admin\AppData\Local\Temp\214E.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-04-09_c8843800144e6b59cd5097dae3529d35_mafia.exe E59A6C3193DD09A27E0C2BF9F26AB05AF0D623ACC5804FE43230817D2A9846EF3FA6F275F7EB904018A6202C604D8A420383D66F6F813FF85F88FEE20AB1B4242⤵
- Deletes itself
- Executes dropped EXE
PID:4216
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
428KB
MD5d7154c14adfc7e8544b347ca25e4800a
SHA1ec6f5176eb46a321a27d58fa6252ad9653ebef50
SHA256ccb1ba8c5cc3f2745c237d3db3f0939cb3d00f473b0e7999a34c57851d78fa9d
SHA5129313bf0c4576ba71a1ca00f2ebda1f3fe438ab30c5cd791f432e0e8f4964ba65cd272ed8f9f3d63fa6cf26fd5dd6c62aa42ee25d044d624964beab912cf51226