Analysis
-
max time kernel
142s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
26/01/2024, 19:30
General
-
Target
2024-01-26_64821bc882f88f59a810c01b6c30d870_mafia.exe
-
Size
412KB
-
MD5
64821bc882f88f59a810c01b6c30d870
-
SHA1
09c008716fe0b5a873fe9cf278909f718b79b4e0
-
SHA256
2922b11704315fcd5ea1be661cc6e2a77f9c5acf59463521200451f73a4104f5
-
SHA512
fdd3c24cbf271bcd23548d3a9336b40070cae3b891b3b82c7ff44c2410b970d2c28d367cc43f5d8a49aec9480144f86a0b4b8688c8bfee1da1ab484fd87096b5
-
SSDEEP
12288:U6PCrIc9kph5hP4jIcdTV8/d1CnvD4hDaWpr3fsmg0l:U6QIcOh5aZdak4hpxs1
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-26_64821bc882f88f59a810c01b6c30d870_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-26_64821bc882f88f59a810c01b6c30d870_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\6E79.tmp"C:\Users\Admin\AppData\Local\Temp\6E79.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-01-26_64821bc882f88f59a810c01b6c30d870_mafia.exe 1CEE62D7DAF5059995BB9CBDE0ACA750B533BFE6930339D625F862D0AAF6611717A9324DCB446FAD51920134019BB720B7C30896E904D312618918F23344F51C2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
412KB
MD5112b0d7a560066e1a88fd502e14385d3
SHA1a0924498eaf02c4d5a9c5fa3eefac28257c16c98
SHA256989f44e0c4cd9d6dfd519de56143277bcd7e92a53184549af44cd6e2ea9e9401
SHA512298d692d0a7d0c931986d1e10b230e86be0b254078066bd9a8cc6031395ab352e803efc72fc35abf073cb5751249f42316cba6a7e161363d3f4904f7d199cc2e