Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
25-01-2024 17:27
General
-
Target
2024-01-25_49391cacd3db9af1e71be0b61d9171fb_mafia.exe
-
Size
486KB
-
MD5
49391cacd3db9af1e71be0b61d9171fb
-
SHA1
a3c2346451f5326a96192e5fcde5a55d5a7f785e
-
SHA256
b44bd2193f4abb87d3ed04a56f1da78a51257b5063e7298b8b58325154d9f28e
-
SHA512
6fe0d1218a3bb7c167cfcfac19523b747362ef8f47cd4dabdcdbc0450b5b50185affe4a8ac251d97783535cba390d27d2b46b6294cf9e7a65c4c19b7b58b40e3
-
SSDEEP
12288:3O4rfItL8HPdn/4KTwgH6WpSn7aDQjmw7rKxUYXhW:3O4rQtGPdARgHS1D3KxUYXhW
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_49391cacd3db9af1e71be0b61d9171fb_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_49391cacd3db9af1e71be0b61d9171fb_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\B56.tmp"C:\Users\Admin\AppData\Local\Temp\B56.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-25_49391cacd3db9af1e71be0b61d9171fb_mafia.exe E4338A3E1F55614BA0C764FBE25902D51FBE1F2976257C3A7D06691C2975A5173E42BEBBC135A9B982C0DCE4B0B63D59EB8CF1D15EBC19AB8FAADE6DD93045CD2⤵
- Deletes itself
- Executes dropped EXE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\B56.tmpFilesize
486KB
MD5e8943e11d7a40b6d69c40484bf99faec
SHA1b3cd71ac5b61104fa8960240c0db621fea4a7323
SHA256a82c382aeeaabc09db9f5245bb9423faf61b0c34f53c18894872232723be3edf
SHA512531d5e96e42c11c203ef321db4dad0ac3d888d0555e5b269a06b6ecdee2d5f3c6bf2bb5ce731352ae7df3e48f514bc5f05821cc5afb7b3f43c57a5dce1840212