Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
-
submitted
22/02/2024, 05:51
General
-
Target
2024-02-22_87e5ba0d215a2976c3f58d5cb008e7ca_mafia.exe
-
Size
476KB
-
MD5
87e5ba0d215a2976c3f58d5cb008e7ca
-
SHA1
91f3e71bbc9790ee0a3c1ce8dae3d788772c1a71
-
SHA256
d01200e96c639eecd71d39cf9888cc1fc63d06e2a68e9d2b4f2f4798171c417f
-
SHA512
13aff43123d5b7b12d8a7a8c675c177b8692e9758ded93338a28929e831a1e07767837af932c0806f0b17b6afc8bf5f1143f8e968286779cc3c2bf9213d9ad7d
-
SSDEEP
12288:aO4rfItL8HRmmBH2IzMEeurO6iUI7K9wlsDpVFd:aO4rQtGRBH2qsZ7UI+9wlsDpVFd
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-22_87e5ba0d215a2976c3f58d5cb008e7ca_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-22_87e5ba0d215a2976c3f58d5cb008e7ca_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\6F83.tmp"C:\Users\Admin\AppData\Local\Temp\6F83.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-22_87e5ba0d215a2976c3f58d5cb008e7ca_mafia.exe 028D02B843117B54E730C98744515F01215E3824E217D30518D04872AB492A3BBFC3D61E33DC257CC82381B8DCE154AEB140AD5B42B2646F434D4EA5355084162⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
476KB
MD5c3e3059cff09e528e3d287fc3af67a0c
SHA140a768fdcf5ea5ee84ad0b37dea53cc3fd7978df
SHA256a4ea4973df61d959894786e2b919409f8968a9a88fba9bba0aea44da8913dd0d
SHA5125805e9d795d3f664921f9ba8e16f6887b522958f32c9a8171f772aa631a0d2d790ab8ebb73707229474d7c9de4082872b47a1ce8636cb7f0ef8b7ffde4c9b05e