Analysis
-
max time kernel
136s -
max time network
167s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
28-01-2024 23:22
General
-
Target
2024-01-28_0e686e4a8b4ca33392f825d72fd6d8a3_mafia.exe
-
Size
443KB
-
MD5
0e686e4a8b4ca33392f825d72fd6d8a3
-
SHA1
715a3acd2192119c29760dcdaf4d6d1ec70a33c3
-
SHA256
3b276a66e8bcea4e770cbc90d9b96584eb40c0334da8b92b8c797bf021c77477
-
SHA512
534a2b62dbb3cdf705c2a05f70de660c177a520370b9fc2383e997d711a0b51de70337dc99f402a3a929d7e28fa5e35a0f1a3b1536f14d8eb36bf81818bd7790
-
SSDEEP
12288:Wq4w/ekieZgU6FuVFNda6/0zrPKxJoWlMa:Wq4w/ekieH6Fufa6cPPAP
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-28_0e686e4a8b4ca33392f825d72fd6d8a3_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-28_0e686e4a8b4ca33392f825d72fd6d8a3_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\B43C.tmp"C:\Users\Admin\AppData\Local\Temp\B43C.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-28_0e686e4a8b4ca33392f825d72fd6d8a3_mafia.exe 20177A191CB44A598408286C65C9288989BBF025D52324FD95FE51A8F4C6C246DA82C410E03DAB99CA336E6FC0CE7828E94AAB52DB5B0AFA9D927E312B9636732⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
443KB
MD5cd9fda442365cb2ef5653ebc1e0df7bf
SHA15fff127a609a1f8b3f47c9572f0fcc67d1100d1d
SHA256771c293b2aac7f7c8f10ed15c7eae44566de01bbcceb9ee5dca7cea482f2c01f
SHA512b3c74e1cbf07f83d028ed3f9ebd77d7bcd7311cf4f0aa6b2708cc910293c2fd4e3cf157d56b8c101fe163ba1d8011c1d2643d952ab015144d07fdc48c035c7ee