Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
23/01/2024, 22:39
General
-
Target
2024-01-23_ffd173e2e38e44eb01fdaab7158c6264_mafia.exe
-
Size
412KB
-
MD5
ffd173e2e38e44eb01fdaab7158c6264
-
SHA1
afa4f3738b7d8c075b50d4af905b5757b40d8227
-
SHA256
bd68e332e2d466de53c83c4493bbb6ca09a8fda7f772dee30c4b26ec811ccc86
-
SHA512
e913ab8ead5c25bdf181512377d89f048a4e0d67a3d528284391bebcfbb856272208a1adcd2a0590929b744f5add9f6c6b901d2fe3dff8275465efcd9db780e7
-
SSDEEP
6144:UooTAQjKG3wDGAeIc9kphIoDZn7Liibf94IioiVwcHoYBU8FH2QKhkJY6e1auSl3:U6PCrIc9kph5Zfp4Ii3BoZTZqz7N
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-23_ffd173e2e38e44eb01fdaab7158c6264_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-23_ffd173e2e38e44eb01fdaab7158c6264_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1323.tmp"C:\Users\Admin\AppData\Local\Temp\1323.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-01-23_ffd173e2e38e44eb01fdaab7158c6264_mafia.exe BC2BA5FFBBD738FD906BB0520FA3F1CCA61C321DD4E47D76049CEADDA71BDFFDFDD73D82BDD309EA7CDDC40CB0F28E4E640618E9B887A35A5DE181B488B1C49A2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
412KB
MD59375ba77f64667f847faa5f424fa41ec
SHA13593f0b1c697f319157a2216eac1f1ce5eb7ae77
SHA25677e8e176c996dff396433410f9901d7c145078e78a851794bd8aaff737626abb
SHA5128ea62ca9c4df195e4f415c71bf4b9c95c45e239589475f02dca3878b1772ddd8c8644a0b19f6c15ca056d8b5972685dcd834c4f9990fa901b514a3a3463132f7