Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
05/03/2024, 21:26
General
-
Target
2024-03-05_12c9c20892cb4a2a2911fad1f569bfeb_mafia.exe
-
Size
468KB
-
MD5
12c9c20892cb4a2a2911fad1f569bfeb
-
SHA1
1d0d4e49109daf3ab5d3e52eb0e721de19c47173
-
SHA256
f83c253e34675db93de4032cfe2b832a0674a91347e524ccc86438318e0334ab
-
SHA512
e07201a3efab0e0afd2cb590e90fe9155201db605e778e277c5cf10116f1a31469d14cc6c79d8f8cee83f73244cf9ff80fc0e99e5b246764c8ec25a48caf7c09
-
SSDEEP
12288:qO4rfItL8HGS0SaRCaKTRFufySHso7bWmeEVGL:qO4rQtGGS0XI/FudDumeEVGL
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-05_12c9c20892cb4a2a2911fad1f569bfeb_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-05_12c9c20892cb4a2a2911fad1f569bfeb_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4229.tmp"C:\Users\Admin\AppData\Local\Temp\4229.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-05_12c9c20892cb4a2a2911fad1f569bfeb_mafia.exe 3A44348CDB664990EC373C848E412EA85B7923A64028AFDD96AB3010DCA4EA08A6ED3E3FEE46F10917F2559E3357A7FD2E46FE2A7C8FF9F2998B21E3CDCE57E92⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
468KB
MD529e945523208fecbff646a8508da828b
SHA123493603873430ad296878e21898f46fd805da68
SHA256d4bc1dd04651911bac4eef8ca274645ff0f3b673ab69db247c88f48b3ab51fd7
SHA51230ee3dbd9be630d22b26608ad147154eb1e87a61c9d564d94c21c35e326dc23d6dba706dc3b1cf78327672515887cfae906d1212745f1ce8c236b6e4ce0fac81