Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26-01-2024 17:39

General

  • Target

    2024-01-26_de1c7dddd673005fc731e50cb3975d62_mafia.exe

  • Size

    443KB

  • MD5

    de1c7dddd673005fc731e50cb3975d62

  • SHA1

    1f47317eb10b5fcd449e73a8af7f631881e639a0

  • SHA256

    45db64675ee7c27ba98d77d03ed741aaa7ad8ecb86df151d9b3c21dccc6b2092

  • SHA512

    dd2702f6dff4fec56eebd8ae906f23266be7d431a32bf2b53cd9336aa159de97bd4e64f7106cba58be19bcbe19104de52f776754b5d5a8eaf4913386622cf051

  • SSDEEP

    12288:Wq4w/ekieZgU6bsg8Ni8uK0r/pJiVqikdlMa:Wq4w/ekieH6Ag8Ni8uR/iUiSP

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-26_de1c7dddd673005fc731e50cb3975d62_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-26_de1c7dddd673005fc731e50cb3975d62_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2000
    • C:\Users\Admin\AppData\Local\Temp\6577.tmp
      "C:\Users\Admin\AppData\Local\Temp\6577.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-26_de1c7dddd673005fc731e50cb3975d62_mafia.exe EDC3EAC5F0F9AAD85BFBFE442D40A5BAC8E1ED212E34B4E3158DB5796C249A4AC22E29C9CDE14FD6ED2AAD96F6CEEF643EC2C9EE85B56621383178D768C47E73
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2120

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\6577.tmp

    Filesize

    443KB

    MD5

    a59616ff846cf14f2219a470422af4b6

    SHA1

    7a793360758ad0f946d7a26949d1e960244ad25f

    SHA256

    337d95ae6fc467c39843ceb00b7b9d1766d2e61996fb95099f75c5c5dd723ab8

    SHA512

    e38f2d5b96a6bef49de77fb8de728a092431c9bc4fe8c4c196dc4372ec2d164e473ec268e055529f5faeee40a927c481fc70efba4ed0d2d993294ea0aa874a29