Analysis
-
max time kernel
120s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
04-02-2024 14:24
General
-
Target
2024-02-04_3321618b4421789aaaa52b6a5ad1c5bb_mafia.exe
-
Size
444KB
-
MD5
3321618b4421789aaaa52b6a5ad1c5bb
-
SHA1
6854c5c360f7809f5826b767c55d86579fd070da
-
SHA256
dbd113699ea9abab451bdae8e11f0f9c06f189d83faeaac9b77965684c56677f
-
SHA512
83e590d0d0804f7117c07cdbd9873112132822520e55f33aca704175d2e396d3aae2d3009aae8a12f562e8d67721e8857bfde7f2059ae71653ec36a0241b3ace
-
SSDEEP
6144:fFrJxvldL4c5ONK1xgWbd1s79+iStJ5oWx/2UCDfLAzEmf7DXKTiriwOulfoMSA:Nb4bZudi79LO/2U+8DXKwiElfaA
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-04_3321618b4421789aaaa52b6a5ad1c5bb_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-04_3321618b4421789aaaa52b6a5ad1c5bb_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\628A.tmp"C:\Users\Admin\AppData\Local\Temp\628A.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-04_3321618b4421789aaaa52b6a5ad1c5bb_mafia.exe 091B4545FBB7FFCDA974A4E8BB1E2AC8B8E3B065C5730B774990C5FF13769B94C4C16C2C364A1531A54E6A203DF50A7CE5E7A4DE79AEF8D12D6F1DF3A6DDB8DC2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
444KB
MD551db4f54d0bb3564279930f3e7f1ddfa
SHA1539dc3804efbd4f7d8c99327d276167f34b7e113
SHA256d10b7df40eb5921feed24a3c2ebec010d967791d07f1d686668f0c5bb303e5c6
SHA512007bf800e9eb9dcd05cb96f21347c9944e94f6c99804f542ed7728f1f594dfd1969f75f5e53165342aa14dccab6d5619f43b5a3db676a55c9f17000058d61069