Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
07-01-2024 12:17
General
-
Target
2024-01-06_d40604c28df7ae8c59dfeb9657d13594_mafia.exe
-
Size
468KB
-
MD5
d40604c28df7ae8c59dfeb9657d13594
-
SHA1
63f4ea5ad8db25aac335ad016eaa9b78824958d9
-
SHA256
30285735aef7fa5104455e7f304469bd681c8960c249a748f67e0ea4bf955a58
-
SHA512
e958e1d1e0d40fc2d07a3311d1ab11aad044c3b3fdaa06cc47e40d39ecbd6f691dd875182830e075d161cbb36e035363543c1b6ce874b0f8246d3091aa44254c
-
SSDEEP
12288:qO4rfItL8HGr/20jO4uUrM6tEZczP7bWmeEVGL:qO4rQtGGr13I6uSPumeEVGL
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-06_d40604c28df7ae8c59dfeb9657d13594_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-06_d40604c28df7ae8c59dfeb9657d13594_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4343.tmp"C:\Users\Admin\AppData\Local\Temp\4343.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-06_d40604c28df7ae8c59dfeb9657d13594_mafia.exe DFE67C557846CE2B86D2F276E5989D81694129B4059CCD79D8F379A5F2DA7DEDCB41B069E1F52F5B8EFEB73629EF0D3123C61DBC9D3B7A2A70B1F68BC552E2032⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
468KB
MD59755ebff18cdbb4a76774fd41752e8ed
SHA193ee75a9242a145b5a029b85b906fcf92ba5a28b
SHA256088486ef1c774e77ff9fdf057ffb81e203b82a45fbb8ecc9b9b0ae03f3bca17b
SHA512c9d52c9e32c7655d9acf62e639ee7649bbaa448ebfcbae049902dd6fcebc3c9dce90afe36609d4d157a986b4c55c8d543c1131233b0169362eb3fb9d9d3352ea