Analysis
-
max time kernel
138s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
14/02/2024, 19:05
General
-
Target
2024-02-14_ba8dafa1afe9288622ce55c6711df536_mafia.exe
-
Size
443KB
-
MD5
ba8dafa1afe9288622ce55c6711df536
-
SHA1
28c7c80bda83b4199557605535d7456f08210e4e
-
SHA256
53860344612b5b7d90cab299c8c8db8e6fca62b69f9d6e5249a833b7e86e009d
-
SHA512
d6e5ff2df1fb2ad4a208e87f3a37383c9c0daf90ebf96553435a68166dd27256ecf357707f3e94eb75bd640cbf9131067058717fbb6c0f938c06e08be5bcdd31
-
SSDEEP
12288:Wq4w/ekieZgU6E5+6T6TfOquYF2gHQCcaKIQlMa:Wq4w/ekieH6RbQd7IQP
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-14_ba8dafa1afe9288622ce55c6711df536_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-14_ba8dafa1afe9288622ce55c6711df536_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\F32A.tmp"C:\Users\Admin\AppData\Local\Temp\F32A.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-14_ba8dafa1afe9288622ce55c6711df536_mafia.exe 300DAEE9C4C6E5B3BAE9ADA9B3440876F113023350EC843FC5E71DFBB89FA13C49A4723AF122F76DEC65B4194A0643440E8F05A720395156252A0D4D3E1AA0352⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
443KB
MD578e5e355b83e260fe5e6d19248d8b820
SHA16816814d040a45708ba6ab084752d019258118c6
SHA256a339257f7e3f93b7ab67f7fc1b77db29aa08c53ef72bbc5782643c910a79dcc7
SHA512413af160495e7d67d92f124cee300295724cb7e6a47f86e081e53feb0b37439e54163f91b7ae7bf6438f2f0ec3f42754f21dc603fb98c734538e578a7d9e5aa0