Analysis
-
max time kernel
118s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
18/01/2024, 22:45
General
-
Target
2024-01-18_5052f9f743ddcc38a42541f8bd567dad_mafia.exe
-
Size
473KB
-
MD5
5052f9f743ddcc38a42541f8bd567dad
-
SHA1
dd7a0fc8d97e2c6b955065d4b452191a64386dea
-
SHA256
88c264be25ee2cb5732f1d7f399c83a6f75ba1c4650610270accd968d7702041
-
SHA512
d6f716826b3b7c52df064b733bf77f20c2397c0c02ffad62e2a702010c2ad3fcc4600da43d5ae95770eab47083c4bac3692fc97f8e36bbfb78f188e9279a7016
-
SSDEEP
12288:Nb4bZudi79LYjxysGAnvHGXH2lfiqTczY3lsU1yr1A0a:Nb4bcdkLYlpBnvmafVczGlFQ4
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-18_5052f9f743ddcc38a42541f8bd567dad_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-18_5052f9f743ddcc38a42541f8bd567dad_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\6ECA.tmp"C:\Users\Admin\AppData\Local\Temp\6ECA.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-18_5052f9f743ddcc38a42541f8bd567dad_mafia.exe 688F1D4424D564069ED8202C1D411E29A02A210A559B205895BD9BD0B9E911CE824AC5831D7CDBC5938A521E2B4E63E3F7626A459CFB3DC728D7144E57C911652⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
473KB
MD5a24939534e3b63b38af003752f31d388
SHA117cbba278093d1e277e6b73db8fc08aeed1da437
SHA256ae1648760a710c05dc7ccc825f0eebb38eefc61840abe47b06e64395c0ca2e29
SHA512ceea53180d6d21f3060fd21bf45b1baef165b18077230dcfdfe70f49116268e3e12125a92b63b40186edd0349ada645beef1968798763c0b0d4a9be5970ed576