Analysis
-
max time kernel
119s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
05-01-2024 05:41
General
-
Target
2024-01-01_494059e8e07e2cf627bd89442ebae016_mafia.exe
-
Size
384KB
-
MD5
494059e8e07e2cf627bd89442ebae016
-
SHA1
19eb8a065b07eae732e42e049acc728d97c5b9dd
-
SHA256
769943d54c661aac28ab5ea679627fc52e2d619aa4b0471485133f3b3b37def8
-
SHA512
8b28c8d7cae070912b35d8c6348b7de95dfbfb8731bb8fb44b6add63b8f0c53cd16fb6844b3260da62a0fa502c9344f16ab42268bcf6e181c4739be66d50b2bd
-
SSDEEP
6144:drxfv4co9ZL3GBGgjODxbf7hHODjWl1zIeRtpeV4GGQOSnsEKAOOZ:Zm48gODxbz9zcPmSnsExOOZ
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\67A9.tmp"C:\Users\Admin\AppData\Local\Temp\67A9.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-01-01_494059e8e07e2cf627bd89442ebae016_mafia.exe CB6182F7A2BFD2CC47B1CB822A84C74B1293430C583DB61A1436A821AF979B09368AD385F7F8842615285CD7FA3DEA4AFF32E06C1D1EE607D35954A85541FD7A1⤵
- Deletes itself
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\2024-01-01_494059e8e07e2cf627bd89442ebae016_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-01_494059e8e07e2cf627bd89442ebae016_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
384KB
MD513cf1104348c419bf3778b49e5d9aefd
SHA168de3b914c5c57c76af8fcfa0f4a50082c543c45
SHA256c798f689e665533d1c9626e9de08bc418cb5273a4dde0b56a6a7bb2b5795e190
SHA512877d687f32f3df12400413ab46f8ba9069a75fd14ca0f396e477490dbc098d13af10949c6d8b1e7d39e65f2e868f48f2d04802d9eba43438cf1c933d41214e96