Analysis
-
max time kernel
143s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
19/02/2024, 16:41
General
-
Target
2024-02-19_8b5344c04fcc882ac377ecf167e5f5cd_mafia.exe
-
Size
384KB
-
MD5
8b5344c04fcc882ac377ecf167e5f5cd
-
SHA1
614e4e0bcd17101dee1e1a631d104b2a9b5212f5
-
SHA256
e45b8874905cf7bae91a0c944152c80e8a580d74de76f8c0d64cc0add3cc8e2e
-
SHA512
67e194b1d66cde2acad2dc68c6968b2c8c877fea2a3e4fadbdd660434bff03f78ee864afe4a58daeb0855635c82045a49913a63dd45ec62afcc24fefae944de1
-
SSDEEP
6144:drxfv4co9ZL3GBGgjODxbf7hHlswGmYINK6BdvXgvzLfG/vYOoGhtGPtIWjHUZ:Zm48gODxbzvswn5/+XMvxopbDUZ
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-19_8b5344c04fcc882ac377ecf167e5f5cd_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-19_8b5344c04fcc882ac377ecf167e5f5cd_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3FB8.tmp"C:\Users\Admin\AppData\Local\Temp\3FB8.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-02-19_8b5344c04fcc882ac377ecf167e5f5cd_mafia.exe 1CD95C8CB40E13CF9C6C01A5A59B1A37C5E5FC902C1B013E07806C9E5894C5798F0B6183D88C052445A46B1D2DF5560AF4DF5545924DC9CBEFA981A46BDA65252⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
384KB
MD5c4a134af7ba17f91c7cde6e101b6e594
SHA1274cca9e13f9efe84402f1ddc44ca936ad956606
SHA2565b96ea86cad3b81aecec762daa9fb3df5deb2d2502e390ba46edcf0fd3182993
SHA5122ab9bf00cd64981a5a5150102bfe175ad11abe154db4adcd09ba103c4ef1a60c6271c40511d06846f0a8856b95d4ecf45391723a8ed34cdb4224922a83c26ce3