Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
23-02-2024 01:33
General
-
Target
2024-02-23_4ab0065af53088f19bd20b6a05da6ecc_mafia.exe
-
Size
384KB
-
MD5
4ab0065af53088f19bd20b6a05da6ecc
-
SHA1
4b53c6a7c5a0a38bf1444b1f6640a8cf817539d3
-
SHA256
dcb9cb3c8a2b5e66d0a362cd14ded53a5b9699290e8996f220ac2081b1a8be1a
-
SHA512
e1801a0570ce2f594c6ea28cd11585663d59ce1d5cee90bc02e4b698c3f4ef73cdf229e064fd8563d31d2ede89974432d283b0551881f66654772968bade68b5
-
SSDEEP
6144:drxfv4co9ZL3GBGgjODxbf7hHaz44fRjSEferSqBWLaE7wNJ8gYjhIfRSsNzWfZ:Zm48gODxbz8z44RuEMS9uCwL8g1SsN2Z
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-23_4ab0065af53088f19bd20b6a05da6ecc_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-23_4ab0065af53088f19bd20b6a05da6ecc_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1DAE.tmp"C:\Users\Admin\AppData\Local\Temp\1DAE.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-02-23_4ab0065af53088f19bd20b6a05da6ecc_mafia.exe 73A57F6BF23C10B487711DB3159B2D8C2FD07274BC356CB0055F89113805460AC3557B7B865B1D6212ED17B9E5AF0D88DD01450F3E6A2C4C1AD947E1DC0388F82⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
384KB
MD5df3dc62a462bc0b2e90c6be19f9aa5da
SHA18e6a320b5618884518d24afe6b072dcf530ed069
SHA256fd4c0320b5d69bccb53e3e986a32d0941629a5d0d57c2f899ef65595b8392e60
SHA5128b05fdb7d5935ccb03c6a86f29f420b25edeab818ed8fadd4fd6a4f4885aa65ab4cdfb71c19b5d4c8182b8eca40c8e8137332075da0ff4793848498388d96a8d