Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
03/06/2024, 10:37
Static task
static1
Behavioral task
behavioral1
Sample
2024-06-03_9f183008f0176f29283a7a85d5002bdf_mafia.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-06-03_9f183008f0176f29283a7a85d5002bdf_mafia.exe
Resource
win10v2004-20240426-en
General
-
Target
2024-06-03_9f183008f0176f29283a7a85d5002bdf_mafia.exe
-
Size
428KB
-
MD5
9f183008f0176f29283a7a85d5002bdf
-
SHA1
bb659ad6dde32f0e112676eb7b3ea0c376080f2c
-
SHA256
895989bd2c8a9a4315cbb2039d2aa9ee9d1c1791d4a7fb1cd8bdd2d625aa280e
-
SHA512
1660340de9d84eccce0c8b20a24bdc6fe0460c04b64e9c17140e79537011319b7e2a58cfa2917e103df691f9e7dea68bb5ebbc29fad0d1d3e04063f973032802
-
SSDEEP
6144:gVdvczEb7GUOpYWhNVynE/mFrgmB24q048jlP06nh66iuLbg+4qHR:gZLolhNVyE5mU4Ljp+6ZgJqHR
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 4620 251C.tmp -
Executes dropped EXE 1 IoCs
pid Process 4620 251C.tmp -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1424 wrote to memory of 4620 1424 2024-06-03_9f183008f0176f29283a7a85d5002bdf_mafia.exe 81 PID 1424 wrote to memory of 4620 1424 2024-06-03_9f183008f0176f29283a7a85d5002bdf_mafia.exe 81 PID 1424 wrote to memory of 4620 1424 2024-06-03_9f183008f0176f29283a7a85d5002bdf_mafia.exe 81
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-03_9f183008f0176f29283a7a85d5002bdf_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-03_9f183008f0176f29283a7a85d5002bdf_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1424 -
C:\Users\Admin\AppData\Local\Temp\251C.tmp"C:\Users\Admin\AppData\Local\Temp\251C.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-06-03_9f183008f0176f29283a7a85d5002bdf_mafia.exe 60EAAEFD2B4B09EFD524258D1FBD124396054F85C245663F5D78C6FC2C126B18D6552B1BE049A1E54DCE81FFE88FC3C0343D0D34C2868515D2A170716DCFBDC22⤵
- Deletes itself
- Executes dropped EXE
PID:4620
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
428KB
MD5886bbd4ac8d5119a185fc7197113eb95
SHA1f8a9bb07e2c12aa6b685fdaa86adac08765d1d31
SHA2565b84d6dec4c221cb109f48f387f3d990d37ce5ec7eb3d736c2f30ebcc0249754
SHA512f3180b6f2a7b0208c8cda43cc4e8972e9b317c262b76e53fd7a143a2a522f51a3ae888dc2094d7112bcf51cc15518f8874b154e7fc9f7ba6d138ea1279f2b488