Analysis
-
max time kernel
120s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
25-01-2024 05:27
General
-
Target
2024-01-25_35c8d5d3a8f347612ef12aecd68ec0fb_mafia.exe
-
Size
468KB
-
MD5
35c8d5d3a8f347612ef12aecd68ec0fb
-
SHA1
9c425b25a446675ba66a1d42a3a8dbc24ee4c544
-
SHA256
18f0630c2b2b8a30f8b27ffcb1cd7cc99d73e109341c1b00e4eb86cabb952190
-
SHA512
649c124878ed7aee28eb83c5e98cdd78a43b34da3e27bae7deceabdae9cece3e6c3cdd849aa0d34fa7cb9fa991faebf558a43c4737bda78c6dc4e783d1679ec1
-
SSDEEP
12288:qO4rfItL8HGWxxpari/sDgjkzfSlYaKI0V0E1Q4X44H3+7bWmeEVGL:qO4rQtGGWxxp1UDHz6jKXV0EaC+umeEk
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_35c8d5d3a8f347612ef12aecd68ec0fb_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_35c8d5d3a8f347612ef12aecd68ec0fb_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\41F0.tmp"C:\Users\Admin\AppData\Local\Temp\41F0.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-25_35c8d5d3a8f347612ef12aecd68ec0fb_mafia.exe B7E6191DAAA95C545B6A8A8769DF9E3F781CA2C3005C226CCB2B9F500419E82EDF6D7716E0AE79EFA5261B2AAECFAEB2512E72211EC5D594B00EF5CF3077E6402⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
468KB
MD54d5478d4853a8925d201561374ed4c4c
SHA1e9ee78f62b08eafb9589c981ee0f59cedd70a8e4
SHA2566b08cb958eaa0f1728d9690486226f534ec89903ad7aa9a49acd488a753466b0
SHA5128483bde6d50b2bddf2531769799aef5fde976eed556e563e1fbbac692b718b1b5212903406432013b727a821f58aaea295ffd845202336c53e73c2cf345b2ce9