Analysis
-
max time kernel
122s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
25/02/2024, 14:22
General
-
Target
2024-02-25_0dcdf1658f9b59e40686e0d3ed32f689_mafia.exe
-
Size
613KB
-
MD5
0dcdf1658f9b59e40686e0d3ed32f689
-
SHA1
7edd580bce82fb1c4209293f96db5399ba8eb2d1
-
SHA256
9da6dda2b1d336a356cdb0e0d2154b35f8201127b9acd5d5222dadab1d58487d
-
SHA512
13d06707547e648540185e4acbc4da84c57d7043caf29a45d548fc18b6137d06c64b9feadc22da877689e28780771fe6387121a830034c69bf561a7e700e82b3
-
SSDEEP
12288:XO4rfItL8HPHzmM2AwBmyAynDHGBIp0BX7Q8mO4rfIt+2:XO4rQtGPSMPwMyAQmBIp+dmO4rQt+2
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-25_0dcdf1658f9b59e40686e0d3ed32f689_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-25_0dcdf1658f9b59e40686e0d3ed32f689_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4125.tmp"C:\Users\Admin\AppData\Local\Temp\4125.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-25_0dcdf1658f9b59e40686e0d3ed32f689_mafia.exe A48D50282AE19EB64E1F2386FD21121ACBF2901A0A4A6A670A83D22F01FD6DCE93EA54A3E7945308C369C5431A7CBAF67167C905784740095717A205C8AAA6C52⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
613KB
MD57e4b7151177b6220819d83140580a59c
SHA1cf071ea8ab93f596616709c370200f5dbbbc496c
SHA2565a81bee228c9bd559d93ed847ff42bb7cf3e28d80507ae0af75155acce9ce689
SHA512afe2937a11645dd21c88728c21c34c5aa9383874003074f4764dcda86809542d1354126aad37961b9c064469a9608c197d8c3a3a485ada13bd64cefe8cf27c98