Analysis
-
max time kernel
92s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
18/01/2024, 23:22
General
-
Target
2024-01-18_ce9cfb63bb0d8e37344b82d20ed3692d_mafia.exe
-
Size
468KB
-
MD5
ce9cfb63bb0d8e37344b82d20ed3692d
-
SHA1
13a9163718ae0372b75284e7e1e086f9f9fda475
-
SHA256
4e088a58a23fcc96bdc305cd35c13323b59f0adff8f65b2fdd7bad591291a490
-
SHA512
724e3ef07c156f1ece15587aa7055d7aeb51ea15007d1ba40a3a46f5cce094add86cf711cf12ea57c064a3fed348129a51ff8c4c253c58b80d7447f6991430ad
-
SSDEEP
12288:qO4rfItL8HG9p9948xBXxPMgAYpJafuk7bWmeEVGL:qO4rQtGG9p/xxCJiEfukumeEVGL
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-18_ce9cfb63bb0d8e37344b82d20ed3692d_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-18_ce9cfb63bb0d8e37344b82d20ed3692d_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4352.tmp"C:\Users\Admin\AppData\Local\Temp\4352.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-18_ce9cfb63bb0d8e37344b82d20ed3692d_mafia.exe 70F2A81E8226A23F451A1773C750183871DE85AE41D5DFA564AE1DCE08C128A37513BD203BFC35C78D8381A1696BF59D6A65CD566DC6430CE87AF137C133F5E92⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
468KB
MD5fecd003f5e17f5106ec3cfa94a025325
SHA1d1b825823fdecb2dc1878ecd6995c26af68fd8d4
SHA256eeddf9af881994eb41eba07615141e622dad8ff630d0bc2e3c675e9bdad719bc
SHA5128b89bdefe5aaafa6c33ad94c80b69b07074c3fba21a1870a95ea60e166cfbf4d7c34f102ee1e5d9db73735f5115eaf78977e141d8a1c5b68382dcf7dfb019f5c