Analysis
-
max time kernel
144s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
12-02-2024 17:51
General
-
Target
2024-02-12_d3d89a81d653513398d2840c5c7acc8c_mafia.exe
-
Size
476KB
-
MD5
d3d89a81d653513398d2840c5c7acc8c
-
SHA1
9f7b6c348392089d10be55c6bbdf3632ae073d3b
-
SHA256
df12a6b9a2f5f775d3647426adc7d9ceff90e8c449d8366ebcf5a14c4770d334
-
SHA512
4a4e0b6564073122c766e9eaee813a53d8b822a6456ed93cfebdb313cea103626433167c2e57b6baef00c25b5e3333d2e0e79dcfba69e679b1645435fbcb4228
-
SSDEEP
12288:aO4rfItL8HRbu/gIM/rm+KU/LumbdpQ3o7K9wlsDpVFd:aO4rQtGRbuoIC/KmbQo+9wlsDpVFd
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-12_d3d89a81d653513398d2840c5c7acc8c_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-12_d3d89a81d653513398d2840c5c7acc8c_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\58BF.tmp"C:\Users\Admin\AppData\Local\Temp\58BF.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-12_d3d89a81d653513398d2840c5c7acc8c_mafia.exe B965FC41BB05C2D484ECBF451DDE895269FB5A1FF6ADE4FAB8F18A9038D12A0ECBA5DBEC2D233FC098E6CF4C028F6CA03596B669F13C78DE1C25531CAD54D8E02⤵
- Deletes itself
- Executes dropped EXE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
476KB
MD55a42080514146942e0410c049caaa392
SHA15f27c1c4445052f8a52888efadc9320fcde62495
SHA256ac875af563afdd2befc9795e9291229548f90957cf3d119daa7fa5de2d8600e8
SHA5125d931ac0a3ef86d3ff4203e505f85923cbff35c02e24fd105b624b0312eecaef7fde505a9603a1c076f8db50523d05ae7713835ef997a7ffecf1fb7ce48bad44