Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
-
submitted
21-02-2024 21:43
General
-
Target
2024-02-21_ffd6d0193538403ac923262ec909932d_mafia.exe
-
Size
468KB
-
MD5
ffd6d0193538403ac923262ec909932d
-
SHA1
f055f84cd999b7ac8163d83ab5943e2a2e1ed175
-
SHA256
934085857436d3dfe0ce86cb589152251fa37ce8edfc68d48a656410d8f3f8d7
-
SHA512
4b2b4d2007b78256959f6d453fc878594731b04f5c74214d7ed2179c9ab4738da27ad785101e755bc3df46c2678a6bfe59ea212aec7843be1cea052a16713e5a
-
SSDEEP
12288:qO4rfItL8HGbtNfBs/7T2owsFv1X6h7bWmeEVGL:qO4rQtGGJsX2bsFtXgumeEVGL
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-21_ffd6d0193538403ac923262ec909932d_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-21_ffd6d0193538403ac923262ec909932d_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3894.tmp"C:\Users\Admin\AppData\Local\Temp\3894.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-21_ffd6d0193538403ac923262ec909932d_mafia.exe 69BB991E8FB081BE5CC484A9B30D41E58FA3019DB3E758CB68F7D3043F806BBED73190D24E58D36946C863FEF5EADE4D17DECDB90E39B22864120350654088FE2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
468KB
MD5a85234747b2280d20b2d52d5bda8eedb
SHA181028d7b127b159358ccd6e493e382acb09fe5c7
SHA256d4f27eee4dbe01b42497f35a15a28d3850f38d7b409df5dfc63dffc47b96ab0e
SHA51214fc0cfb921683f6349742a07110ada32af78d1b0605ecb5c9f7bf95c794eb7ce1bc838d069b748a3b9595f6aa1b897b768801cf8ddbb0f0c11277f9464d6392