Analysis
-
max time kernel
93s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
02/06/2024, 04:46
Static task
static1
Behavioral task
behavioral1
Sample
2024-06-02_c604a8b9f061c869b2f1f698e2138d5e_mafia.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
2024-06-02_c604a8b9f061c869b2f1f698e2138d5e_mafia.exe
Resource
win10v2004-20240426-en
General
-
Target
2024-06-02_c604a8b9f061c869b2f1f698e2138d5e_mafia.exe
-
Size
413KB
-
MD5
c604a8b9f061c869b2f1f698e2138d5e
-
SHA1
75b10d40017b12ba18a36309165df99465922608
-
SHA256
4f484642b50929c6dd27f5aa444f55d5db39313e7fcc1e84c300f7f6430164aa
-
SHA512
a7fc692f6eeb62595bead5dd60c9bd6b6d713490bac0a6ebcfdaec97452716c5e6a106a9f56b5b57e375d5354f05c1c23878aa61d46beb62c97b73ff7440adcd
-
SSDEEP
6144:gVdvczEb7GUOpYWhNVynE/mFwV+Ao6btjIp3qVEXmeZwz76pPcGYqHg:gZLolhNVyE1VN7g3Vqz762GYqHg
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3476 3BA1.tmp -
Executes dropped EXE 1 IoCs
pid Process 3476 3BA1.tmp -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4080 wrote to memory of 3476 4080 2024-06-02_c604a8b9f061c869b2f1f698e2138d5e_mafia.exe 82 PID 4080 wrote to memory of 3476 4080 2024-06-02_c604a8b9f061c869b2f1f698e2138d5e_mafia.exe 82 PID 4080 wrote to memory of 3476 4080 2024-06-02_c604a8b9f061c869b2f1f698e2138d5e_mafia.exe 82
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-02_c604a8b9f061c869b2f1f698e2138d5e_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-02_c604a8b9f061c869b2f1f698e2138d5e_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4080 -
C:\Users\Admin\AppData\Local\Temp\3BA1.tmp"C:\Users\Admin\AppData\Local\Temp\3BA1.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-06-02_c604a8b9f061c869b2f1f698e2138d5e_mafia.exe CF8CF241A65843A7E8AD3B4DF433E8442ADEDE13D0D3B4693E34A3FE73EB02F702DBFC58093E245AB0542A4344E4764CA5426D34592B6731F53B2D04594E77AF2⤵
- Deletes itself
- Executes dropped EXE
PID:3476
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
413KB
MD535a3b326884e1b3f33a89510981e4702
SHA1559869754493af9356b3ef66a49d09efb41eb32c
SHA256404535292b30bf8009bedcba3d7a1d449a57c2b858e2eaed86074dda1f0d5bb7
SHA5122c067a53d9cd433e81e7a49494c327d423fb14b8e516b414155fa802a1b6edd0b62e26eaf222965173dd0d250d705fa45273b670eadc526525426d42663aa10d