Analysis

  • max time kernel
    118s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    07-01-2024 12:10

General

  • Target

    2024-01-06_64304c9ecb939abf62d07438b242f93e_mafia.exe

  • Size

    486KB

  • MD5

    64304c9ecb939abf62d07438b242f93e

  • SHA1

    4a3b5d2018f6af0c810ce3cf617376e9b158050a

  • SHA256

    aa621d3b021344da9b398bd12b967323b129ac21651d99e7e04987075bdb83f3

  • SHA512

    d34d5d36adc43b935bd112b53775f6c5c025d799066f154c48c431306f84ebbe9f9922514709cbd67778772eaca3cd0ac0da6e34305335b253333ca51605d7c0

  • SSDEEP

    12288:3O4rfItL8HP3qJonql5e5/uABz9cNMykET7rKxUYXhW:3O4rQtGPFnql5kmkBcpkET3KxUYXhW

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-06_64304c9ecb939abf62d07438b242f93e_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-06_64304c9ecb939abf62d07438b242f93e_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2184
    • C:\Users\Admin\AppData\Local\Temp\73AA.tmp
      "C:\Users\Admin\AppData\Local\Temp\73AA.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-06_64304c9ecb939abf62d07438b242f93e_mafia.exe D847BED8655E5917EF1CFABB76D826F6E3C3901AC67913C60DEDF4DCEE09F22A3C5375CBFC2755612E9D85D498D98E692265852CDE7FFEE3C4C9693C1110A6F6
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2468

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\73AA.tmp

    Filesize

    486KB

    MD5

    301a2d514124397539fc7e5350b0b6df

    SHA1

    f966b1aebc494e0f12e81395eaae775677dea8f2

    SHA256

    6057922ecc012d5e5aceb1a83051acd6dc37354be0c31aa7092e20d8d484633b

    SHA512

    59053f0404eb4d4adca032ba9a625a90ff4507ab93c8a505b4792698aeba25d4b65bb4c5ad369049cbc456782754999e091da7ec1ef035a513d6c0ecb8e816be