Analysis
-
max time kernel
144s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
-
submitted
22-02-2024 02:32
General
-
Target
2024-02-22_613c251575d9acc520b388fde14ac550_mafia.exe
-
Size
479KB
-
MD5
613c251575d9acc520b388fde14ac550
-
SHA1
91d4df44cc78396125dd7a87c754c29451d16895
-
SHA256
c3f659db9fedc41e9752f0489c0dd6e9b9d85ad4258fb4917a9fa867f6998111
-
SHA512
a0418d51384c3c3d2f277148dbd80509afb36dcfbbee8df6d45a4204ace63e5c26b123c78c28b629fbc90903d016db90e50fec722d4a511bc4bcb778fb3abb9d
-
SSDEEP
12288:bO4rfItL8HAYiv97wAYp8JSdc2MZn8amXom75UO:bO4rQtGAYiv90cJSdtmmXtVUO
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-22_613c251575d9acc520b388fde14ac550_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-22_613c251575d9acc520b388fde14ac550_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\DE79.tmp"C:\Users\Admin\AppData\Local\Temp\DE79.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-22_613c251575d9acc520b388fde14ac550_mafia.exe 6CB6A0C896478B42F83C822D194272DE19CB3522BFDA9B11DF0A0D53DDC85218EEB789ED9DDEDF87F19AA9B986C728B6BBDAED3A75AB95BDE2326966D58AA2672⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
479KB
MD5c341b49f3d80decd103a6dbb18d336d6
SHA1955cba76d15e9f060854a8aa6aedbec41ded15f9
SHA2569c6869a53c91e6a95e7040922705a1607e9ed530833c9b93de48808f684b4ef7
SHA5127a5b49cb5c8e5d23ff297f10f9fab4627ed5fc772015d33b615f23008d8cb60f9bfd73c9bd592e6514d63828d5fe883beb694da5758d266bbb0962111e758427