Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
10/01/2024, 05:51
General
-
Target
2024-01-09_2a1222dc21f5628221182f4c966b6d19_mafia.exe
-
Size
384KB
-
MD5
2a1222dc21f5628221182f4c966b6d19
-
SHA1
792f61b96abf6133395c7a8b0b0ef937e9c63410
-
SHA256
9d6cdaf62d844baf2e4cc4b50457076bf1bdeffa82a3ce60e5acaaed8af527cd
-
SHA512
22e7bbeb12939645a26999e72fb3f73f56fd6ce3e5d47284680c632de9c9654da0ae2005e4eda786efb6803f51148026c34387834e7f5dc8bdbf00839aa685df
-
SSDEEP
6144:drxfv4co9ZL3GBGgjODxbf7hH06EixRmv0OdHO1PFFGX5IATKHGwZOlC/hQbZ:Zm48gODxbzCrvdKdFC5RT0L0lohUZ
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-09_2a1222dc21f5628221182f4c966b6d19_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-09_2a1222dc21f5628221182f4c966b6d19_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1304.tmp"C:\Users\Admin\AppData\Local\Temp\1304.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-01-09_2a1222dc21f5628221182f4c966b6d19_mafia.exe 74C2983978F543C99C3B362BF128A4A273575054943E446B4FE94F968D6905E048D92016F9341E37EB63B5DF9821638A44C93F2856CAB694797B595232C122C72⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
384KB
MD56d7870e488984444108eaba75db54b87
SHA1b44f1e8e735f4039c1aa0073383205b355da0bb6
SHA256762c7d5156148c0002c598eb245398a9e7c7abeea8e5330f780b39b8213d657d
SHA51291c03082353277817abdf0ea13eb760534ab20f31fec6c1bea3f7cd4e17c6731829c4211bf283ce8e446d792fd26becaeccfa55027f5085ab443a4b8299f0de3