abe7eec07bdaaef2e36f404d9f12821d8bf5cdb69db9e833c64d7fd2ca5dab1a

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2024, 02:42 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-04-10_67084a7559fa7e0a9e0edce2455e6a9f_mafia.exe
Size

476KB
MD5

67084a7559fa7e0a9e0edce2455e6a9f
SHA1

72238d993d9b40f398cd7f1f8b6e9b86e6674445
SHA256

abe7eec07bdaaef2e36f404d9f12821d8bf5cdb69db9e833c64d7fd2ca5dab1a
SHA512

99f742f0bc25e26673b9e05b51f7ed93e224bcb46a4eececd3f0e04f3334291d01c3b41c8ad6b45aad1f103059b8c0f48334a5ee7fc537dd2f2d0a95335d035d
SSDEEP

12288:aO4rfItL8HR9dKUvkPDtZxn49ARKFDszVVQ2em7K9wlsDpVFd:aO4rQtGRfMPDXeepg2x+9wlsDpVFd

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1552	441D.tmp

Executes dropped EXE 1 IoCs

pid	Process
1552	441D.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2860 wrote to memory of 1552	2860	2024-04-10_67084a7559fa7e0a9e0edce2455e6a9f_mafia.exe	85
PID 2860 wrote to memory of 1552	2860	2024-04-10_67084a7559fa7e0a9e0edce2455e6a9f_mafia.exe	85
PID 2860 wrote to memory of 1552	2860	2024-04-10_67084a7559fa7e0a9e0edce2455e6a9f_mafia.exe	85

C:\Users\Admin\AppData\Local\Temp\2024-04-10_67084a7559fa7e0a9e0edce2455e6a9f_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-10_67084a7559fa7e0a9e0edce2455e6a9f_mafia.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2860
- C:\Users\Admin\AppData\Local\Temp\441D.tmp
  "C:\Users\Admin\AppData\Local\Temp\441D.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-04-10_67084a7559fa7e0a9e0edce2455e6a9f_mafia.exe FFEB3B37DEAB8750675D6D8C226D03FD401750C4E4A4376C8BF7F01466A2007EB0AF0AD539DEF52B734B4D8853CAFD811B90625D9B3C89EA075CB201BA0983D3
  2⤵
  - Deletes itself
  - Executes dropped EXE
  PID:1552

Network

DNS

149.220.183.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

149.220.183.52.in-addr.arpa

IN PTR

Response
DNS

99.58.20.217.in-addr.arpa

Remote address:

8.8.8.8:53

Request

99.58.20.217.in-addr.arpa

IN PTR

Response
DNS

73.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.159.190.20.in-addr.arpa

IN PTR

Response
DNS

232.168.11.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.168.11.51.in-addr.arpa

IN PTR

Response
DNS

86.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.23.85.13.in-addr.arpa

IN PTR

Response
DNS

15.164.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.164.165.52.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

241.197.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.197.17.2.in-addr.arpa

IN PTR

Response

241.197.17.2.in-addr.arpa

IN PTR

a2-17-197-241deploystaticakamaitechnologiescom
DNS

22.236.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

22.236.111.52.in-addr.arpa

IN PTR

Response

No results found

8.8.8.8:53

149.220.183.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

149.220.183.52.in-addr.arpa
8.8.8.8:53

99.58.20.217.in-addr.arpa

dns

71 B
131 B
1
1

DNS Request

99.58.20.217.in-addr.arpa
8.8.8.8:53

73.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

73.159.190.20.in-addr.arpa
8.8.8.8:53

232.168.11.51.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

232.168.11.51.in-addr.arpa
8.8.8.8:53

86.23.85.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

86.23.85.13.in-addr.arpa
8.8.8.8:53

15.164.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

15.164.165.52.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

241.197.17.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

241.197.17.2.in-addr.arpa
8.8.8.8:53

22.236.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

22.236.111.52.in-addr.arpa
8.8.8.8:53

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\441D.tmp

Filesize
476KB

MD5
e8dc545eb800b0cd64b1c742ecaa257d

SHA1
cd2345530274ca6e35efa377d83f7a3afca1d64d

SHA256
a8f56172329fb82ef3af85f03279fc050a31bea13379e4635108e73a59e88199

SHA512
561bf44ce4d8209b8afc34fd8bb28b25fe8ce3cf5e9505b76b7061c37ce6b64faaec65c0ef44ae6416c7e7a85c2fb97f6adb01ce0cae992e85e596e1676cb842

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.