Analysis
-
max time kernel
147s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
-
submitted
25-02-2024 13:02
General
-
Target
2024-02-25_6298b2155549970ecbd0ab8ece9e05d6_mafia.exe
-
Size
499KB
-
MD5
6298b2155549970ecbd0ab8ece9e05d6
-
SHA1
3155d5c3f5def2e63799757ee410adeac05901a0
-
SHA256
c42843656a2412241d98a91fe92b221419f0e1d7bd9769017549a19bfa6bb731
-
SHA512
0a34435f6a9bcfcf253d187ecd174163067a366529dda2b4b6071e6dfc2283d689b30bcb43143f13a0d8c5355b9f67b85daea5b0fd71c87c61ae7ed27b79cdba
-
SSDEEP
12288:sO4rfItL8HP8U2l1a24psw1G/7dmsIhiqlj:sO4rQtGP8aR6OG/AsIhiqlj
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-25_6298b2155549970ecbd0ab8ece9e05d6_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-25_6298b2155549970ecbd0ab8ece9e05d6_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\6820.tmp"C:\Users\Admin\AppData\Local\Temp\6820.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-25_6298b2155549970ecbd0ab8ece9e05d6_mafia.exe E985CDBAB5CF68E24D407E5EF17341A6A51F898A992BD3851DB5BC395317EF024299778EF92E5FD526627755241FEBDD290DAECEF172A994BEBF6BB592DE6EB12⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
499KB
MD5cc3d1b7485bfbb2669fb0ac3056d748a
SHA104902e2ccffdb9d6831d88ead6e66e02ea454013
SHA2563001cc961e40af5fe53aedac84d2f78ca445a66f99b9335d1e8818581e669e51
SHA51210a909a4c642e1cbdb19d30c87339b75494a4c80fea96ccd246a8beee61ff7e9fdcc2d28be01e6f4aed4161a1ec0931fbcd8d88b4f1bbcfa277ffd50c063a5e0