Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2024 17:44

General

  • Target

    2024-01-25_2db203ba8871d47fec9c4f8079dcb8b6_mafia.exe

  • Size

    433KB

  • MD5

    2db203ba8871d47fec9c4f8079dcb8b6

  • SHA1

    58d74c2abe004faf8f27644db3e34d5942c2c0ba

  • SHA256

    fd130e26ebeb994c6f23162a37f4f91ecec4bf7aacb726a424b9377bd62716f8

  • SHA512

    2ab1a64381d9afafcf33fc51cd366b3bd69c8860a0448d44092db76d3efaeec0d887b4f3763e0971d5a3b9dfe210ea59a5d4019e10d2216c7dd91a090192a6cd

  • SSDEEP

    6144:Cajdz4sTdDyyqiOXpOd0p6Jiv+vtvx0apoN9CmqPx/CW9h22rshFZx5Q0YloHiKy:Ci4g+yU+0pAiv+MOCW1shFz5RIrn

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-25_2db203ba8871d47fec9c4f8079dcb8b6_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-25_2db203ba8871d47fec9c4f8079dcb8b6_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:836
    • C:\Users\Admin\AppData\Local\Temp\780.tmp
      "C:\Users\Admin\AppData\Local\Temp\780.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-25_2db203ba8871d47fec9c4f8079dcb8b6_mafia.exe E88E2A8E23E64CC4F993E0E77BDDAB4EE6F6D7D4B3924C2C9D8E687F74D3AA3F9309557591EFA6F8740B39E58425C6A45C87FD5893396E6CDDB0CC7696744256
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2328

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\780.tmp

    Filesize

    433KB

    MD5

    357792d5d0c0c717a05b1d6fae43c532

    SHA1

    e29b43185aafb77d0573ae26b4833505dbf8a349

    SHA256

    746777f7100c00e076f0e3a18d2638f157c7595b9bc027130aaf209694a6a87f

    SHA512

    e250af2fb2f4a13d34b379574511c7e5815a9c4d27cdcfb5f2ae057c05cf292bd9bd9dcf2d66e47158b63468f956d0439c581924c095e56e4c6482b3d3fc316f