Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
29/01/2024, 15:23
General
-
Target
2024-01-29_05483324ae7924107280de961a522140_mafia.exe
-
Size
384KB
-
MD5
05483324ae7924107280de961a522140
-
SHA1
c7d6a441ca4024098e714c4f67528cec4e940643
-
SHA256
63639f57298dc8eb0f8ac7ee8d4e3ac7d2416f29c812fe1f1369bcba832a2d0e
-
SHA512
f0804560f4fa9c262b3f658fd9efc99603e6ab2d6c14448953c3af0f958e0c723fadcfa6d7be4c5a9b37611fd292281311682604af89815237fb647f7c115144
-
SSDEEP
6144:drxfv4co9ZL3GBGgjODxbf7hHzhQsQmP1Jt3LvUZ80XM/bd9NrUszP3qC8zawNnZ:Zm48gODxbzFpQmP7t3LvUmbdjrUszP0J
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-29_05483324ae7924107280de961a522140_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-29_05483324ae7924107280de961a522140_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1352.tmp"C:\Users\Admin\AppData\Local\Temp\1352.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-01-29_05483324ae7924107280de961a522140_mafia.exe C0921B21F74F5FD4AC132BEFFA8DAA22274D5E5D636711585769BD4E2DC08F910F183897147D78703CD8E5659B865C92B337D4A73A19F51F24DE6F0D9C5E55F02⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
384KB
MD530bea5dc71b83d533a54600d8b05cdd6
SHA1fca05178977f5e5f575b9c3361b1552f90d2e959
SHA256f105e9652a1d00e653b3cc431aec3c8634f66ab5850250887548bf7e5e083434
SHA5127d2d44a92d45356321ef6648093c64a62082f27acc0d4b946e59fd469b8e9da64626a8c2c142af7c3a65ac4854eaef0c1dc39cd09214193273250fa470ccbd0d