Analysis
-
max time kernel
146s -
max time network
71s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
07/01/2024, 12:13
General
-
Target
2024-01-06_8ff795df7f9f4f72fc20955c9d64994c_mafia.exe
-
Size
486KB
-
MD5
8ff795df7f9f4f72fc20955c9d64994c
-
SHA1
efa195046ec3698e6ab46b0b988fd6dba1462b5e
-
SHA256
446e79905daec9395244394037cee562c58fc5b85f1d2c2428e1eab16076e578
-
SHA512
9d7aa2808a6fdc94e782f47f34518335f4930ac8534002d3e453b7fefccbd040be5907a1ecccd9cbf647100b08b3da5d6ae9bbc70ae66e9b6116ca8ad3dba6fa
-
SSDEEP
12288:3O4rfItL8HPlZ9i2HqCXB3ETlSrZe7rKxUYXhW:3O4rQtGPfM2HNXB0pie3KxUYXhW
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-06_8ff795df7f9f4f72fc20955c9d64994c_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-06_8ff795df7f9f4f72fc20955c9d64994c_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\42F4.tmp"C:\Users\Admin\AppData\Local\Temp\42F4.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-06_8ff795df7f9f4f72fc20955c9d64994c_mafia.exe F458D36A95D8AA17529513B57B0CCBE810EFC5B836FEF34E1DDB6BB7853B4EE18F289DC2DBF92F63A5E30DC0A2AAEB18F73181E3AEEA6553600113F66D0222E02⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
486KB
MD5361c314ba4520aa56c96bb7f9251bd0b
SHA11279dfc4ad7cc3ca6b7d393f1bde729b04019373
SHA2564db57938c28a754d242fcd6c67dff551f804765a0a91daec5409b5b2e664cb12
SHA51272d4c07150540d5b23431779f4bf7a7504189cbaa7fcb388291fac88ceb5dde7af3b7b5f48c77193377c3d2f672287eb1ba597a48ee30953babf1f5229ee9427