Analysis
-
max time kernel
147s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
18/01/2024, 23:02
General
-
Target
2024-01-18_886bb856e6595d241165ad5376e86340_mafia.exe
-
Size
428KB
-
MD5
886bb856e6595d241165ad5376e86340
-
SHA1
bc688260eb0dffda11676e644de2eea31434e656
-
SHA256
bf326e252bdfe57b9022b90c99835090ae857b3b3e0fdd16d8ef1bd78d694a9f
-
SHA512
0670d959fef89e4daad718f0894db6d57710f1b970a1d0bcd4fbb8160685dd69ac22a9f4d4249fcdf20fc70bf33c4e9fd5a81b3ba2edf4ca6fcc6e1ff5131d9f
-
SSDEEP
12288:Z594+AcL4tBekiuKzErQXnQgCp8sJXkS/Onl:BL4tBekiuVrQ3nCp8Q0eK
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-18_886bb856e6595d241165ad5376e86340_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-18_886bb856e6595d241165ad5376e86340_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\49DA.tmp"C:\Users\Admin\AppData\Local\Temp\49DA.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-18_886bb856e6595d241165ad5376e86340_mafia.exe 9DD3F34D09D93066BBE291A6327AEB70FC92BCC10D5D603688139882A0F38DB4BE5F8AD7FF3CE0FB41337FE368532ABE60B4A4773C8B5C65A0AEF3E02AFD4FBB2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
428KB
MD52e06d706341afc4a3ca6f6751fbc5c16
SHA186cb2586c717638f07bf70efe859419395de3201
SHA256828898822b6162d297caaa502a3fa362ae1b2332894bb5040d972d29eef4d2c1
SHA5127cf5f3b664cbee51130653e1a4e69642c808f83dadd949e4b71769d0cf993ca7aa8837cf1759072e306f1f5cad41c56e2f710bf7019b371eca648d5c00f8d3a7