Analysis
-
max time kernel
121s -
max time network
132s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
07/01/2024, 12:15
General
-
Target
2024-01-06_b950f94c3e8ca89dbf28f588f7ca3652_mafia.exe
-
Size
414KB
-
MD5
b950f94c3e8ca89dbf28f588f7ca3652
-
SHA1
2a041b0447453a63e52f44dcd3ada71b6034cff6
-
SHA256
edeb6dc71f3e4dfeca51614b9af1f329244667acae3fbdeadaa79a014afa72e9
-
SHA512
82d9b96cf428e99a7dbe818edb4667dec6c1b800223afa7829cb6afacd80624d6a37a7a3ebee66d59bc5b90182a833a3827d2452f7f6d7e15056b58c01e041d4
-
SSDEEP
12288:Wq4w/ekieZgU6hwtEFYJjt9bkm6PjcL/5lWkl:Wq4w/ekieH6mt+E8fPj0XWk
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-06_b950f94c3e8ca89dbf28f588f7ca3652_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-06_b950f94c3e8ca89dbf28f588f7ca3652_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\6529.tmp"C:\Users\Admin\AppData\Local\Temp\6529.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-06_b950f94c3e8ca89dbf28f588f7ca3652_mafia.exe C0C84021C1BB19C06CB74068B3906C23A38C8F57BA8421DA81742A708D4B6D54CD177BAC0819811E0D2DE06C9463AF3381D39222171B96150F105B624B65D31F2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
414KB
MD56e03a3afff695ace21eca26417bdf6e2
SHA11ac69be4046e7dc8a6042e8bf88781d9ba630b13
SHA25620db32910bf0b45205b01623257c422e03479e6cfa864e258e451903f15bbd4f
SHA51265db57283e031f2a18fa2a3a08b7c4e9e5a5d578fe022ce731bc3e8f78c19f3a76c56344bb77fb6cee6aed91d892247b523a1326bc3aedd993074822820e31ac