Analysis
-
max time kernel
135s -
max time network
166s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
18-01-2024 22:32
General
-
Target
2024-01-18_2337df2732d4f6cb004af3ba98c95322_mafia.exe
-
Size
476KB
-
MD5
2337df2732d4f6cb004af3ba98c95322
-
SHA1
7c92cb1b4ee1c33ebd51748fd061499ccbf81acb
-
SHA256
16948d46dbd9b29820ac769081196638aa50e018eef3d40156882df9184c8b9a
-
SHA512
de4a84d0d208cb35fc002212036f04c48d7bab808c30605f3eea5b61e87e4a43af42e6c073089d5fef2cdafdcda18671e1267b161f26b8334abe135a4a792464
-
SSDEEP
12288:aO4rfItL8HR8aGqirPteFdQLBFy+WVJ0yBOgtP7K9wlsDpVFd:aO4rQtGR8aGqirPUGeT3+9wlsDpVFd
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-18_2337df2732d4f6cb004af3ba98c95322_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-18_2337df2732d4f6cb004af3ba98c95322_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\D987.tmp"C:\Users\Admin\AppData\Local\Temp\D987.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-18_2337df2732d4f6cb004af3ba98c95322_mafia.exe EF597F167415C6B228F392422D814CAED78AEE9F55944CC6A86093C7D899D142BCD57347CCEE1297C8D72E4FA2F1BF72EBD6855A1BC0EDDAD54CCEC4CA6D3F162⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
476KB
MD59b59c72a651fa95dbf34f3752cf9d512
SHA1c57a3bd8a17bcfc0adcdb5d59b66ecbac456c36e
SHA256d9cffa028b38c2aba61b83f08f7c62ff35e7bcd8a25ddf6c7691db03c6d7b41e
SHA5124044ba25a52b9a9a772c70963e9f31b1a47b668208263204416a230ab72aeda7a2e4fcf986a9ee387134664db813458c5241e7b3f6207d551dd5579fab51ce34