Analysis
-
max time kernel
90s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
20-02-2024 04:51
General
-
Target
2024-02-20_757ca42aa03287df2b83e6a5697078c1_mafia.exe
-
Size
433KB
-
MD5
757ca42aa03287df2b83e6a5697078c1
-
SHA1
58476ec2bf6d2bc91481d06d498331d647f306c4
-
SHA256
838493f981f06b70ab0e55c07598b88b953e9275810279f013b35066e5e37778
-
SHA512
84eaeb11119570993c43bbc4271936dfc5f0b9bcaee9706b0aff40312a3d00f76999e58f73d92e01744ecac96b9638bce5fea22f2028cff286c7e42efc2b678f
-
SSDEEP
12288:Ci4g+yU+0pAiv+wP5nxhtMOhSY/yqa5dAA8huiAsn:Ci4gXn0pD+ApSY/yddAXuD8
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-20_757ca42aa03287df2b83e6a5697078c1_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-20_757ca42aa03287df2b83e6a5697078c1_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\54A8.tmp"C:\Users\Admin\AppData\Local\Temp\54A8.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-20_757ca42aa03287df2b83e6a5697078c1_mafia.exe AB5EFC245801156CA41A428846B6EB6C4E3E41664B8C11863EC919522400FEE54C0AF0F78D4A95320CA2574818F064E9E2A28396FD3DFC7C115FEECFF2D346532⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
433KB
MD5c9ab41b23380ef3ec3cb4b0991f5c562
SHA1eb77789cf09b84eb4422b91de1717e12f63aebf4
SHA25645361fd574c9d7e0da35c2322a7703a983afe8eabd827d5e7bf14ba32e4a51c8
SHA51298d3bedd2dc8ef60191195db95beb6dc93ef2688703e634ce14a896a86d949e171f54809be9e8d18d1828c1fe4d9aa4a54a790caee54b1fbf4feaf9e1360e59c