Analysis
-
max time kernel
122s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
05-03-2024 21:39
General
-
Target
2024-03-05_7bf4c7492a5a5343d8bcc65bc2f3eff4_mafia.exe
-
Size
412KB
-
MD5
7bf4c7492a5a5343d8bcc65bc2f3eff4
-
SHA1
25d8e74eb15108c70055c129818fd462f44ea1f6
-
SHA256
c97fe1383a11ea2e8d7542e3cf4e3b95ac8d45e054cd13faff1d131dec6dbabf
-
SHA512
9b8c4cad4dbbb5a7afb9798ff57531e7f4857f5aa951fb20b86223ffe85a08605732e9079eb574430b8c5adf7a8574391cf185d7876f9915ffa055ac8898f633
-
SSDEEP
6144:UooTAQjKG3wDGAeIc9kphIoDZnGBHvg2EfMeSBEKgnoyqlVFOEd4kgaI8nzosuQ2:U6PCrIc9kph5MPg2kI/dOEuaTnzopQ2
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-05_7bf4c7492a5a5343d8bcc65bc2f3eff4_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-05_7bf4c7492a5a5343d8bcc65bc2f3eff4_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\6C89.tmp"C:\Users\Admin\AppData\Local\Temp\6C89.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-03-05_7bf4c7492a5a5343d8bcc65bc2f3eff4_mafia.exe 1443C550AB53C4A79658847F454DB869BC6DACA1EEE7E0B4468D7D7B081430131EE60A21BC7073068E4C40C5CD19A8AC569F756B353513BDC3529A4607A86C5B2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
412KB
MD5ea1248162da536165ffb6cf5c578ae07
SHA10a9c71c92dc282ac0344409e67ccf78773d47b8e
SHA256d8d9808e5bb7ab33146b86280faa472783a0f3c3f690528c21afbb83fc08d48c
SHA5120935f30f483c119c920d4ef336d0c903e8914283a5099dab6c2f251c5a44b33c89cc0dd5d48be065417daed6f0a758f40ea4e9a33b049e91246bb3f0877badf8