Analysis
-
max time kernel
147s -
max time network
161s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
26/01/2024, 21:23
General
-
Target
2024-01-26_668656b8fdb9d29e3c0438069e5afab6_mafia.exe
-
Size
443KB
-
MD5
668656b8fdb9d29e3c0438069e5afab6
-
SHA1
2618630f8b236c97f8a3fd2fe394e937c211606e
-
SHA256
7db01d86b6fdfd3c97abaa71f41bc1754b33ca112df536ac17a82260d4378fad
-
SHA512
7bd49ac45766c4957382fd362f56c265783fa15670025ed48d15fa8d770dd28faeb0d5e831a7d94e1dbbbc99eec8a46175211fb4bac68aa332b614b6b21531df
-
SSDEEP
12288:Wq4w/ekieZgU6b/lS2W7Sf4WVHna1wlMa:Wq4w/ekieH6bQJSf4nSP
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-26_668656b8fdb9d29e3c0438069e5afab6_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-26_668656b8fdb9d29e3c0438069e5afab6_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\EDDA.tmp"C:\Users\Admin\AppData\Local\Temp\EDDA.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-26_668656b8fdb9d29e3c0438069e5afab6_mafia.exe 78C7E3A854A391368114D80A2A41BDB6C2564C22BDC6D81C86AA6D427B00DC9161A3D912FAAD9BE51104260F018E027AAEC4DB1989108693EFFB490645A662552⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
443KB
MD5e816a65950d26ab753eaf0ae82a7daab
SHA1cc3253fabee8bc0ef079f28598ddaad117ad7616
SHA256d883e46e34cbdfd95469dd4a52aaa4e79eb5975e02911c1a4d0888c8769902e9
SHA51259a8ee23a481cfbb6fa4234b81336efb9d27106c9116a20df41b8a38b2787b0fcb0c202a67b445db1882282e430bbbdff7604611d2f22b70a90931ac573153e0