Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
25-01-2024 15:52
General
-
Target
2024-01-25_e17d89c8a82507d43b6bc95cc9d70b2f_mafia.exe
-
Size
476KB
-
MD5
e17d89c8a82507d43b6bc95cc9d70b2f
-
SHA1
4349a65552c6a8176477958d855e9906cb5a293a
-
SHA256
2e605bf4f1c2a3637fae222e35126a6b5f6965577cca309cfbf19a3bda80282e
-
SHA512
aab62b8b6b68670735732463ab2504e472ca7daead7a4792b842a1e1cb9a6b90c96ceeb91b1949f742df1c34a48b3593d6d5114c4b165033c56791976afc9f55
-
SSDEEP
12288:aO4rfItL8HRs44/vqWMebTrH7xReHZxYUgq7K9wlsDpVFd:aO4rQtGRCvLMebTr1wjjgq+9wlsDpVFd
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_e17d89c8a82507d43b6bc95cc9d70b2f_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_e17d89c8a82507d43b6bc95cc9d70b2f_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4116.tmp"C:\Users\Admin\AppData\Local\Temp\4116.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-25_e17d89c8a82507d43b6bc95cc9d70b2f_mafia.exe BF475835F066B6990CCD9FE08B208509D3E372D68C48A0C514948215556A177CD91536BA1DA854F54E4E96AB407A3CC97BEE7F71FFBB7DC9572E08004E39FBDA2⤵
- Deletes itself
- Executes dropped EXE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\4116.tmpFilesize
476KB
MD5f83a0d581e56e6906e050fd29500ad0e
SHA1427a38e6af219c52896eb8a5347cd0c8f1f90333
SHA2567dd8ec5c769c6a938345865e2845c1772ef2f5bcda714c16669f53bca1585605
SHA512acf325abf4592051fe467bff43c1c7927dc04e1f5910b663a480125c8af8556e4a6320d7217d99f688c19cdea65c7d9769f8d52dd784b7edcac010a89b6617d1