Analysis
-
max time kernel
162s -
max time network
184s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
05/01/2024, 05:41
General
-
Target
2024-01-01_494059e8e07e2cf627bd89442ebae016_mafia.exe
-
Size
384KB
-
MD5
494059e8e07e2cf627bd89442ebae016
-
SHA1
19eb8a065b07eae732e42e049acc728d97c5b9dd
-
SHA256
769943d54c661aac28ab5ea679627fc52e2d619aa4b0471485133f3b3b37def8
-
SHA512
8b28c8d7cae070912b35d8c6348b7de95dfbfb8731bb8fb44b6add63b8f0c53cd16fb6844b3260da62a0fa502c9344f16ab42268bcf6e181c4739be66d50b2bd
-
SSDEEP
6144:drxfv4co9ZL3GBGgjODxbf7hHODjWl1zIeRtpeV4GGQOSnsEKAOOZ:Zm48gODxbz9zcPmSnsExOOZ
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-01_494059e8e07e2cf627bd89442ebae016_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-01_494059e8e07e2cf627bd89442ebae016_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\CF32.tmp"C:\Users\Admin\AppData\Local\Temp\CF32.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-01-01_494059e8e07e2cf627bd89442ebae016_mafia.exe 7166FF2166BFF252A60EA99B09DB6313263FADD9824B38CDC1D00C320302C2AAA220B971977CE248866DA3870E594DDCB73F25215247E14069DA222C6249A75C2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
384KB
MD5814485e31f2a11206a5fc0e4b8c0f0ef
SHA11ae87e1050152fb9cc8c55e2546f267e8b17f44b
SHA2562c5012267f84f7d434d20c47ac26d8561b5514c451487fece2a4f06845b90a49
SHA512be42fbefa7b19c57f9e9e52b130b77b79c32b803d64088af81716b41fd193a963e3f386b7e4517beb1b423cc97a788d7ee58e03e22969e4e7a6a622ab96e7007