Analysis
-
max time kernel
92s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
17/02/2024, 21:41
General
-
Target
2024-02-17_6f36c1c7100ac35a73b0b6db3b72e8d6_mafia.exe
-
Size
384KB
-
MD5
6f36c1c7100ac35a73b0b6db3b72e8d6
-
SHA1
d5918226f0f923fd7b965504d668a2625b28fa27
-
SHA256
5a2316bb0377eda91fb5147002fce153d47032037790511cc5d4afde6aab854d
-
SHA512
064d8bf1ea3f8113dd8c19709eea21cae3bf6b35d0139d6eec4f64a6283d6339abac30412a3031e6ebff3f12e8be8223f968e56357efd9f11b1fb26fe208ab36
-
SSDEEP
6144:drxfv4co9ZL3GBGgjODxbf7hHbqGpmAhLGiTSsbi6tnFhsScZA7oQ3pcDZ:Zm48gODxbz5qGpjLGn6i6JFiSEA7X3p8
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-17_6f36c1c7100ac35a73b0b6db3b72e8d6_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-17_6f36c1c7100ac35a73b0b6db3b72e8d6_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4C5B.tmp"C:\Users\Admin\AppData\Local\Temp\4C5B.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-02-17_6f36c1c7100ac35a73b0b6db3b72e8d6_mafia.exe 93C148BA62AB02D8AFE747674F6F009A968E508080BF24AB32BBB417FFCF653DA748474246CDE8704112CC0A789EACC8B774BED84B58A25305AA91D4B414A1CC2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
384KB
MD5ebc9e1766994b01dccb65ed3bcaa554f
SHA1baec848f850b5926a0c8c84ec6ca224142682389
SHA256352b164d61d9b24380d585f6ab4d9562dfb718b2d4368d54d0eef5e1f444743e
SHA5127a97a45428a47541f5cea26620d2f3598113960b9a69ac5c44f75c7d1c3bfd232dacdd541d3c04a0f0565b44e438ce1fa03295177f1726a50d8b0da0b3c4222f