Analysis
-
max time kernel
120s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
12-02-2024 17:51
General
-
Target
2024-02-12_d3d89a81d653513398d2840c5c7acc8c_mafia.exe
-
Size
476KB
-
MD5
d3d89a81d653513398d2840c5c7acc8c
-
SHA1
9f7b6c348392089d10be55c6bbdf3632ae073d3b
-
SHA256
df12a6b9a2f5f775d3647426adc7d9ceff90e8c449d8366ebcf5a14c4770d334
-
SHA512
4a4e0b6564073122c766e9eaee813a53d8b822a6456ed93cfebdb313cea103626433167c2e57b6baef00c25b5e3333d2e0e79dcfba69e679b1645435fbcb4228
-
SSDEEP
12288:aO4rfItL8HRbu/gIM/rm+KU/LumbdpQ3o7K9wlsDpVFd:aO4rQtGRbuoIC/KmbQo+9wlsDpVFd
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-12_d3d89a81d653513398d2840c5c7acc8c_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-12_d3d89a81d653513398d2840c5c7acc8c_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\695D.tmp"C:\Users\Admin\AppData\Local\Temp\695D.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-12_d3d89a81d653513398d2840c5c7acc8c_mafia.exe 6B0D6C8AB9787CCC397EC6EA1633FD83C632A685E8E879F9B21C8F219F757A3B71819D2DC5766DA649ED3FBD19A8B8F9792B470E511132A7D2B55C7B2A518B642⤵
- Deletes itself
- Executes dropped EXE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
476KB
MD5151fa649c6914390804ed0e0970dcd12
SHA1d48bab74c3da56e0f6dce4dd2e9f5fcc4aeca64f
SHA2563039387457f04f7286807e900617cdc919ad7255cd61520411f42d26bf9b7f54
SHA51286130319dd56e65c401ecba6d7973ca7285b66e39a896c01a8f356abd4f8caf1baca3d664c911e95200d94190201692ef828bb526ac1589f86dd9779847ceb3a