Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
25-01-2024 16:42
General
-
Target
2024-01-25_4a71aa67d2648f36c72f5089b1deb323_mafia.exe
-
Size
414KB
-
MD5
4a71aa67d2648f36c72f5089b1deb323
-
SHA1
6aeef6113d1a0cc94437eb24ed37a2af49442fcc
-
SHA256
8ce8230346042343bfd0aa98b525a104fada1e47b782d4ee14ffc575f571cfc2
-
SHA512
8cfa119c117b9dc42c015e7482cb850cf3aeba788cfe06d77fc64ff520c076cf200c823ec206549444300b3aaf2bd40d77622eb81a15b0fc89c1078ffed5dd4e
-
SSDEEP
12288:Wq4w/ekieZgU6O6rbn+rrQ2aF2uE/OtjKlx:Wq4w/ekieH6N7+vQ9Wr
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_4a71aa67d2648f36c72f5089b1deb323_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_4a71aa67d2648f36c72f5089b1deb323_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\8D7.tmp"C:\Users\Admin\AppData\Local\Temp\8D7.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-25_4a71aa67d2648f36c72f5089b1deb323_mafia.exe 9EE83F502FA265EDDAF000721B1004F0DB04475CD7FA5EB5CE3DBFA7A1F4638255B5C882D9DF8CD0198D08F6D98E0B52ACC61F5E4E5E5E66BB33A09D14D627C42⤵
- Deletes itself
- Executes dropped EXE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\8D7.tmpFilesize
414KB
MD5582b6150fa6f1d1b2bf5317178ad2ee4
SHA1c0597e74b3c8a02e42cea542956179c4b4049e6c
SHA2563148cfb5674d016e5b456d2284d4291cad6ff1e45a5b83e06be7612ccc26f0ad
SHA51212e5780df345a8d3136518f0afb6c9ece730108c39d986666d41913d2010ea31a1526fcd4c0dbe68c74813dcb592ac1e7ff987b91eb0269478a2430697a934d3