Analysis
-
max time kernel
146s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
12/01/2024, 05:58
General
-
Target
2024-01-11_4e1bf4be1f75f0a540064fe6d504ea9b_mafia.exe
-
Size
486KB
-
MD5
4e1bf4be1f75f0a540064fe6d504ea9b
-
SHA1
5f335abd608bf8f67c2bff6ab4bb465ba265e1ab
-
SHA256
9ba6c0e9101ef5624be7bcf273357d37ae94a83f8ac0bc7d883dbe7db36f8e98
-
SHA512
2be4342807668fb4e7d61582104e3a62b16953ea62c1f9ae5473bf5f3c35cdd1dd82ce5732f1f882b8c2a6ba639baafebf22908c46474aab21bf5be0965a762d
-
SSDEEP
12288:3O4rfItL8HPPKpkrczKme9wbD5h7rKxUYXhW:3O4rQtGPSpU8Km3n3KxUYXhW
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-11_4e1bf4be1f75f0a540064fe6d504ea9b_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-11_4e1bf4be1f75f0a540064fe6d504ea9b_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4B41.tmp"C:\Users\Admin\AppData\Local\Temp\4B41.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-11_4e1bf4be1f75f0a540064fe6d504ea9b_mafia.exe DB004362575013020EAACBF7C3BD74EC77AA1D2A808E736E852D8DD4F8254DCEFECBB48929E4969337AF71DB38062C9029DBF238D088284A3E9D9F2B3536C7E22⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
48KB
MD54d8667b7321e405284a990bc2291be45
SHA1e3618e979ff873870e7d1b7c32e9f9981df026e0
SHA25681f92938dfe4d7e702270a928d3685fb2620fffaf4d9bb92dc9f4b85fc264075
SHA512de63bcb88b768ec7c2dc54c4d32bee1007906838ded51c23418dd1f60ed5a2cdb98f838db08d5c3184b8a016aab24920ca66c3f299bffad093157a3d314da722