Analysis
-
max time kernel
122s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
19-01-2024 10:18
General
-
Target
2024-01-19_dc200f36e808a0736686330510eaa3fd_mafia.exe
-
Size
384KB
-
MD5
dc200f36e808a0736686330510eaa3fd
-
SHA1
166606b3c784122ea69b064529cc0c9816396534
-
SHA256
5c747c6e46480cda518a4d74ada76991f5c721798d8e89797b99e226e82ed757
-
SHA512
2cd60759991727af761ca216d58e673def440b718fa0e8751418c6a37abd87322ffe2ea11894daabd550f67048f78f354d38640765b6a4fd767d61299b33dc24
-
SSDEEP
6144:drxfv4co9ZL3GBGgjODxbf7hHtLl3Q7ubCQQ8lFUgOojUCdjtEDN76dbFGdZ:Zm48gODxbzLh3TbCb88DGTdji56dbMZ
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-19_dc200f36e808a0736686330510eaa3fd_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-19_dc200f36e808a0736686330510eaa3fd_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\45A8.tmp"C:\Users\Admin\AppData\Local\Temp\45A8.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-01-19_dc200f36e808a0736686330510eaa3fd_mafia.exe 43B4EE14E06C352BE3C02FB91DB42B9F8EB2B9B9DBA860C9D87CE5ACB15F5C08653A7C3753EBAA5957F48CFC0B54E877FF74D575D87CEC18915BB2060340CF082⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
384KB
MD50cb2309bf4f411cf0d5c4184b1c9921f
SHA10afe451ee4efb9008eabbc5405dceb3bc71a8ede
SHA2567f3af2a09a625bed6c2277f57b914c6206891cb2c83a45af919cdbf9a24cdfd8
SHA51286aba60d642113b3ac1d8c7d7bc2f2b5628af4afcc942f604f7f7837256ec12641d9b65854fdb1da4f87d14f5d09d1d894fcf7790c3a95c359f103a86f1fb8ad