Analysis
-
max time kernel
120s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
14/02/2024, 07:04
General
-
Target
2024-02-14_af2705659d3a625a3227293efe746c33_mafia.exe
-
Size
433KB
-
MD5
af2705659d3a625a3227293efe746c33
-
SHA1
fecb7a15a10a4349098a96f1b26f4a3868f1330e
-
SHA256
54861d46e307f353b253cbf667e52b0eea9d879fd0863f692dde24c38989f524
-
SHA512
9aa3c20a208fefdaacde5d9b943ab925a039bb357058ccd4c275cfb5c6dd4ef4022270abfce3cd70f1b8332bd1e78ddb70e82f2611c1eb5cf3b00bcc694f2905
-
SSDEEP
6144:Cajdz4sTdDyyqiOXpOd0p6Jiv+vtvXor0t7hvKPgd6UxpYkjJ1O4JAwGeADnQj01:Ci4g+yU+0pAiv+3Qod6Ux7bl1X4dTn
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-14_af2705659d3a625a3227293efe746c33_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-14_af2705659d3a625a3227293efe746c33_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\63B3.tmp"C:\Users\Admin\AppData\Local\Temp\63B3.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-14_af2705659d3a625a3227293efe746c33_mafia.exe 6FE57D8EB1422730166BF30AAA631663214DCE7A2005B790828B9D7EEA8D15EA38DEE384E5512411273D379E3E55A1B9ED05D6EA7EB012EA3CBA2BC0EC854FBE2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
433KB
MD5ce480f924edfb0823d1a725ca1220c70
SHA13216931fc6ae386ad830cd7c2651c6f4adcfe02c
SHA2567d018109378babe0c6fa3b41857930bdef6170f7f46b0605befea417ade9affe
SHA5121ed2adb706ba7790715841c9f448651965e885fdce4837b7e957b6a688779b053d7d7cf58a78dd9c420a6a202b0ed8c6852b51ef3e0709a2d64aa27be7392a86