Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
25-01-2024 16:31
General
-
Target
2024-01-25_37f3aabe720a5d8a36fa8d50f06441b2_mafia.exe
-
Size
476KB
-
MD5
37f3aabe720a5d8a36fa8d50f06441b2
-
SHA1
a8f6df76c46ea2629644cfb21213667b9a961829
-
SHA256
798ad29ebed8924172b4b21512c47e3d912d455f8ef468d9e38327bd345f7cc1
-
SHA512
8e7b9e2f29357c8ddee88fefb6f2662a87ab701b882751a867a333b2a130987b67590f64bb7a4baf2d7756b7adb0d81396d521eb2dd8f64362b10f0304ac0e84
-
SSDEEP
12288:aO4rfItL8HRxtcB13qSpHO9pel9lvxaO7K9wlsDpVFd:aO4rQtGRxtcHqS80vD+9wlsDpVFd
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_37f3aabe720a5d8a36fa8d50f06441b2_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_37f3aabe720a5d8a36fa8d50f06441b2_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\F9A.tmp"C:\Users\Admin\AppData\Local\Temp\F9A.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-25_37f3aabe720a5d8a36fa8d50f06441b2_mafia.exe DE0DFAE9F79CF52C2B3187D88DEA7027E8258247E663FABB5011B9C8A3339D838602672FED8B48FB865CDFF6F696FFA0041CB2321491C9933B09108DBF6953C82⤵
- Deletes itself
- Executes dropped EXE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\F9A.tmpFilesize
476KB
MD5e9b425d61437a2a8d9938efc77696d49
SHA1c493fe9419ca404c94714d135076103f67fe4f99
SHA2561b0580ec9b8c2f73f4d8f3e6d2ba3eb20d08620c1aa91e42e79970ca77ce7353
SHA51212f6c5b4f19ea7ed57427bd18a332d5aa6f64f9b55ce866ea666339a2d828e079ca8aa223874a813f52b4ecfef71f9fbbf3181a3683d7cfffa785f44323b349e