Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
25-01-2024 15:51
General
-
Target
2024-01-25_d8bb1b2795acdaa5142bf49e4ccb9c69_mafia.exe
-
Size
486KB
-
MD5
d8bb1b2795acdaa5142bf49e4ccb9c69
-
SHA1
25cca7921d7387dc3292b82e0c7f3cd1e8300e6d
-
SHA256
9de031a929f8b34f20bd53bab2261f8947a47bfeed1e45bddb9271f4f05eecc9
-
SHA512
75cf397fc927d0ce87e5df4476f4e6f7c911bd02c11c30e0e88b3c9cfce4262034ae778e9bc7421dd73bf42e4e3be151e45e85b8f7337506ccb919630ab9e20b
-
SSDEEP
12288:3O4rfItL8HPCIzXLDRT5OTvml8CK7rKxUYXhW:3O4rQtGPCQLDRT5OqyCK3KxUYXhW
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d8bb1b2795acdaa5142bf49e4ccb9c69_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_d8bb1b2795acdaa5142bf49e4ccb9c69_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1323.tmp"C:\Users\Admin\AppData\Local\Temp\1323.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-25_d8bb1b2795acdaa5142bf49e4ccb9c69_mafia.exe F4CF8DBF8447C45270FBB8F2DFE96A5F3ADBF079BCC7C81ED1D845882E109D524954B089BA1A0E6B9856C6BC64646574CB528594C209378F56907A4825C615372⤵
- Deletes itself
- Executes dropped EXE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\1323.tmpFilesize
486KB
MD5276ed37f86e8539a3032c6b8acaf6e7c
SHA18603ecdb1f9568edc9c46167856dea9aa62d8948
SHA25661b19d5024f574cd409d5276263efced10ba005d52224f44b1c2280124de44fa
SHA5122441b3effb0c20741aaab80710e636d25d544e509996371572b094f767aa507c7d9b0f908669aa00094c4f906020551bc20d6ecc5faa83e36f1fb81540ae893a