Analysis
-
max time kernel
121s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
25-01-2024 15:53
General
-
Target
2024-01-25_e539392b15377a4bda4b5af156103bfe_mafia.exe
-
Size
412KB
-
MD5
e539392b15377a4bda4b5af156103bfe
-
SHA1
905e97b7fef9b62bd027203e8f0bcd53db5440c5
-
SHA256
15d1416b3ff81a1e985160d5c250505a9fd18114b38d3541658e59f3065967a4
-
SHA512
eb361d30f2519533c241425d2a614087496b2d059471b637b5c306f331d4488163d9ed0ec4e9619a0f028659ae72421bfc9dae05f2d3fba8bd6ce8c51fb6bb94
-
SSDEEP
6144:UooTAQjKG3wDGAeIc9kphIoDZnKaHeCH3GDANTL/R7EHzNPDHvp1j6eCFQeupQaf:U6PCrIc9kph5UCHIAJiHZPdtCFTaec
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_e539392b15377a4bda4b5af156103bfe_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_e539392b15377a4bda4b5af156103bfe_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\9195.tmp"C:\Users\Admin\AppData\Local\Temp\9195.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-01-25_e539392b15377a4bda4b5af156103bfe_mafia.exe D39DAE115876EC25444789728D0A2354AFB5608FB7E656EACCC1208F5210667821912BCCFBD44C11D68A74FB7FB62D07C35FFC8964664296CFDA0662484CBEB62⤵
- Deletes itself
- Executes dropped EXE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\9195.tmpFilesize
412KB
MD53272d956b4e2d7d47b2b52bd08308811
SHA105be43eb7418cf0b7eabe8b2f1fc6b7798be71e2
SHA256867efdff30dd91bd64af037bb23940ec2e5e0b86878bcff4930af411e16c2eaa
SHA512420cbbed60f9a915672560f28f428fa7dfb1b5ef9a44a1140177f7ea3e04f7bed43e6acf5586830f7fd692cf8e97f7c3bf55b5376dea28bd55612d64894aebde