Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
24-01-2024 01:53
General
-
Target
2024-01-24_9f95c97c8506757ccf1113e3e1c26dc9_mafia.exe
-
Size
433KB
-
MD5
9f95c97c8506757ccf1113e3e1c26dc9
-
SHA1
57ac616fbafc457de6be13244a9dbadf502e38a8
-
SHA256
9d54734c413531e251b2531c6c89eb88f4987a92c71083dea16220b43c3e4eb0
-
SHA512
1b8e960bfe98e600a86d8fdc6862b905bb424ffa7af67e6af620fbea6bff19d95ead0b9ee22cc784b1c2ee31db480562cb24dd66d738f91f27d430f02e72d61c
-
SSDEEP
12288:Ci4g+yU+0pAiv+nxONWUuQjQ7z24kHvSRn:Ci4gXn0pD+n4XjQ7zJkPS
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-24_9f95c97c8506757ccf1113e3e1c26dc9_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-24_9f95c97c8506757ccf1113e3e1c26dc9_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\DF5.tmp"C:\Users\Admin\AppData\Local\Temp\DF5.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-24_9f95c97c8506757ccf1113e3e1c26dc9_mafia.exe 5FA38BF8320E684D6DE39081A42C48C717AEFB9DEB53B7933062CE6F9C6DDFC84F109AA5D9AA80AFE34A224A2EFC3AA0F79A5EE3F3246F0D886D63EE1737C4B82⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
433KB
MD54fd45a8fab3ad52df19274c5703e9808
SHA123dc500884b40f7e0fdf68e80925e31f82e23092
SHA25606ac66cf97c2e1c28b070d6b483fbe337caff9ef4ede69e39a27e90304fa0bbd
SHA512b2f11f30412c25a20af6be885bf741e9363f5463fdc686de9e006d39a1f11991be3f8bfbb741493f0e4224f4da703eef98a0f143a5eac4e9ace8a80a3e277c28