Analysis

  • max time kernel
    117s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    12-01-2024 06:04

General

  • Target

    2024-01-11_b6d47f4d0f36a043c3f6c312cc3430ac_mafia.exe

  • Size

    444KB

  • MD5

    b6d47f4d0f36a043c3f6c312cc3430ac

  • SHA1

    0a1968ce97d664e556720e6c6c7c81b177650307

  • SHA256

    8582fab6ffead6831a163c6df50757917d31ee350e4da21b97d7033bcbf53fbc

  • SHA512

    2cc8c48bff96f7a5de2e6e387bf45c3a054de632722683fc9ec44d2f3bee15c9ac3f4d947c9583957041cac37bef1f1c953ee82ee704cc46d8512bcf65669001

  • SSDEEP

    12288:Nb4bZudi79LuJA/8S1cEMdOj5PyrgiyI3j7A:Nb4bcdkLuJW/TPyUi

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-11_b6d47f4d0f36a043c3f6c312cc3430ac_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-11_b6d47f4d0f36a043c3f6c312cc3430ac_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:3032
    • C:\Users\Admin\AppData\Local\Temp\A083.tmp
      "C:\Users\Admin\AppData\Local\Temp\A083.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-11_b6d47f4d0f36a043c3f6c312cc3430ac_mafia.exe 460A16A9A9EA3E5BD373925412B1ED51BB64BDB796863D4139420E4CFD22676954558557F9914D8BE4E8EFE8BB22276481EEA8DF5A9A608F6DE502D88BB49EA1
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\A083.tmp

    Filesize

    444KB

    MD5

    d3064b0d2dcf3e335c35f64a92f14d07

    SHA1

    0b9267c6a381dafacfae9e109fbe13821d4e3cb3

    SHA256

    a5905492b1b81dc4e14df050163a010d401596550301b99a978f8f32d73b83a6

    SHA512

    d16f40d8f12b66058dc73bca7bde190a64eda039cf0dff26cf4a8db7cc1cd158ba30298aedafdce7f559ac92d2577325874bb1b349fd7898e831316791e7d24e