Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    10-01-2024 06:04

General

  • Target

    2024-01-09_ff956fc3cf157816d44d002436a01854_mafia.exe

  • Size

    384KB

  • MD5

    ff956fc3cf157816d44d002436a01854

  • SHA1

    1421ca4f379fcf033a2feb8df9a69c5a4ac848fb

  • SHA256

    be5b23d824f4b84deeba0c464191e0d9a3a0442334b145d3a9aa1320c893d480

  • SHA512

    eb18c1e56cee39417a90bc159863738f172e46f7dce36cb1cb6d667ba12f50512a2c6144cf0999e397532865595febbe832614d4ca31d76637f1caa069193257

  • SSDEEP

    6144:drxfv4co9ZL3GBGgjODxbf7hHPzQH3206z3X1pk5p+dAQ2fLfChjOsrWFZ:Zm48gODxbzZzQXejFpSpvQ2fLCZbWFZ

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-09_ff956fc3cf157816d44d002436a01854_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-09_ff956fc3cf157816d44d002436a01854_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2924
    • C:\Users\Admin\AppData\Local\Temp\686.tmp
      "C:\Users\Admin\AppData\Local\Temp\686.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-01-09_ff956fc3cf157816d44d002436a01854_mafia.exe BC0EF793863B856F6D69DF9F4A7349772ACA9FC2C959EA66899D520DEE4B59046716ED9680357973785BF042BA9EED2CB3D9B3FA616274C227C2B2E546E15B46
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\686.tmp

    Filesize

    7KB

    MD5

    624d31fad0e7afd91ff90cdfeb0383f1

    SHA1

    afed5625fe5613c365b9aac25026273c5ee434e5

    SHA256

    66114fd56949b4003130d842a51f25b5ff7544e0f90f8a82a39012ec3fcd81dd

    SHA512

    7d419ca129d9e124b0ff5fc33a670bfbc543335bc976546a173dd39baad31c494a4edd9d1f2a486149bdd884ab46f857d530846c5fbe049d39f6e128a69ed89d

  • \Users\Admin\AppData\Local\Temp\686.tmp

    Filesize

    39KB

    MD5

    2c4b5b4f2f01a4564d067f21263c87a6

    SHA1

    738dff815ff3e592fd76a965895bfb6dad2c94c6

    SHA256

    75f530b7df6daea956a7a51b29e2b799c67148a98bea17ffab290620f2077d1e

    SHA512

    c03783789ad789abf4abcc05f41e5359a31b4509649ed5f5b71b967462d7e778eaee1847526be5211bb84b498bf4f05d95228e495b46ebddbdeeba412da9a1e0