Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
26/01/2024, 15:32
General
-
Target
2024-01-26_a5fb8a48a37263d9dfd5952be9317028_mafia.exe
-
Size
479KB
-
MD5
a5fb8a48a37263d9dfd5952be9317028
-
SHA1
373e6961e9edac9979b3ae941f9b22168211b353
-
SHA256
4368b1a9a26a8de9e4262de8a6db1693c069f92d6079133921b677da3cb435cf
-
SHA512
c10c722ad088b113734b958e9480210a027b7584a51c75b35d3be7efc3b5be061f50281a45b675cb93b7880ea077c6f1942dc458ba5d21a0ee30d3fd8cc56b40
-
SSDEEP
12288:bO4rfItL8HA9zW93f5tKbLVr7AajKjVjFmg2jN6D975UO:bO4rQtGA9K9P5tKbLxMI2j2xiVUO
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-26_a5fb8a48a37263d9dfd5952be9317028_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-26_a5fb8a48a37263d9dfd5952be9317028_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4125.tmp"C:\Users\Admin\AppData\Local\Temp\4125.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-26_a5fb8a48a37263d9dfd5952be9317028_mafia.exe D1A5D77B04A4F12445E3E5C7EF190DC295017599E3929316CA87C44CC8DA51C09BE37E603227D1F08B9B887510B40317D17718943021C265E7C9C61B13D6787A2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
479KB
MD53dfaa9df463a56ab2ced7d1216a0c454
SHA144bc9c156d46b708175d95be00fae37965077e4a
SHA25633d078341756c1a439eee60e2cbff11b405a0d5ca4f5c6747f4214b50c8b506c
SHA512cdfd64ab3f7c760c8c16df82f12dcff6e92ca2cbd05c261ea25715ea34679f3cd60917358253c8758100b32c9d6f26caf40a31d59afaedfb1068c719102a7345