Analysis

  • max time kernel
    93s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/06/2024, 04:46

General

  • Target

    2024-06-02_c604a8b9f061c869b2f1f698e2138d5e_mafia.exe

  • Size

    413KB

  • MD5

    c604a8b9f061c869b2f1f698e2138d5e

  • SHA1

    75b10d40017b12ba18a36309165df99465922608

  • SHA256

    4f484642b50929c6dd27f5aa444f55d5db39313e7fcc1e84c300f7f6430164aa

  • SHA512

    a7fc692f6eeb62595bead5dd60c9bd6b6d713490bac0a6ebcfdaec97452716c5e6a106a9f56b5b57e375d5354f05c1c23878aa61d46beb62c97b73ff7440adcd

  • SSDEEP

    6144:gVdvczEb7GUOpYWhNVynE/mFwV+Ao6btjIp3qVEXmeZwz76pPcGYqHg:gZLolhNVyE1VN7g3Vqz762GYqHg

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-02_c604a8b9f061c869b2f1f698e2138d5e_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-02_c604a8b9f061c869b2f1f698e2138d5e_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4080
    • C:\Users\Admin\AppData\Local\Temp\3BA1.tmp
      "C:\Users\Admin\AppData\Local\Temp\3BA1.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-06-02_c604a8b9f061c869b2f1f698e2138d5e_mafia.exe CF8CF241A65843A7E8AD3B4DF433E8442ADEDE13D0D3B4693E34A3FE73EB02F702DBFC58093E245AB0542A4344E4764CA5426D34592B6731F53B2D04594E77AF
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3476

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\3BA1.tmp

          Filesize

          413KB

          MD5

          35a3b326884e1b3f33a89510981e4702

          SHA1

          559869754493af9356b3ef66a49d09efb41eb32c

          SHA256

          404535292b30bf8009bedcba3d7a1d449a57c2b858e2eaed86074dda1f0d5bb7

          SHA512

          2c067a53d9cd433e81e7a49494c327d423fb14b8e516b414155fa802a1b6edd0b62e26eaf222965173dd0d250d705fa45273b670eadc526525426d42663aa10d