Analysis
-
max time kernel
144s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
12/02/2024, 07:22
General
-
Target
2024-02-12_01e664731df2e8ef473f881740f4629a_mafia.exe
-
Size
476KB
-
MD5
01e664731df2e8ef473f881740f4629a
-
SHA1
047ea3bf1f15696d3f5df426a42e9d3a13cd88c3
-
SHA256
c99354e0167963d80e460cab190a0877236fb4ae5ab13e9664d585c14717241e
-
SHA512
a624bbb5ea99c7b8a2e0845afd1582d357595c8252ccf8af8b442f073aa86f64e4b0ac86e3d39c4cc0c7bcdea21cc3f68e152253cdd6521c248621726c218cc8
-
SSDEEP
12288:aO4rfItL8HRYeV2JyvmN7Z4SDTD6Gn7K9wlsDpVFd:aO4rQtGRVPmNN4WTDB+9wlsDpVFd
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-12_01e664731df2e8ef473f881740f4629a_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-12_01e664731df2e8ef473f881740f4629a_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\50DF.tmp"C:\Users\Admin\AppData\Local\Temp\50DF.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-12_01e664731df2e8ef473f881740f4629a_mafia.exe 68B4A799BBEF2845842E5F2F43D34D1EF416BA7B3670D423A4A5DB42C17863CEC05FFD3C5F8293C0B084135E5691A3B03BC51C88E5404C1EE238D79B56756FEE2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
476KB
MD5d498e87ee5edfe220984955f8a2dae8e
SHA1d82e150a13425ffa429bbc48c54e5eae189cbd1e
SHA2567ef93ac81f467ebdcfde0187b82a1b8ae26a2fb58775fbab58232212a2d04363
SHA51254162e64f004732f35d82d531326bdab2d2bb2e4edf588af82a6f01ee009b6d24d19c1e9ce92b947a6feb291c2efad0b30581418a1505395ece339228255e24b