Analysis
-
max time kernel
121s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
05-03-2024 23:50
General
-
Target
2024-03-05_ebb1e35d79d38faf834731c3c0c4f7ef_mafia.exe
-
Size
412KB
-
MD5
ebb1e35d79d38faf834731c3c0c4f7ef
-
SHA1
6935da82f644951b0f61e0c0029a2b742382c7ac
-
SHA256
a779d14ef148f03e8a8467095b0d2d2f7cde8fd6fc75fb0be16336cb37e1c865
-
SHA512
2c2113417ed27b93d453a66d254c1a85082bcc8377fe73924c42d983929dd9a19221ff4410b981fe287d5be768c69191d3cd388dc989ee6bf3e6222467d8bbb8
-
SSDEEP
12288:U6PCrIc9kph5iSLs6/4zdVBnzPeVCmLoA:U6QIcOh5Zow4xVBzPegmLo
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-05_ebb1e35d79d38faf834731c3c0c4f7ef_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-05_ebb1e35d79d38faf834731c3c0c4f7ef_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\447F.tmp"C:\Users\Admin\AppData\Local\Temp\447F.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-03-05_ebb1e35d79d38faf834731c3c0c4f7ef_mafia.exe 169C1F76B7217A0FF6E03F42F9EB68A4C3EDA081BB5A21005FC071EF532B83CD6E29F4EB98E7AE3651EA9A436CC1F430B86D6537E7D6E039827FDC416CD8F80C2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
412KB
MD55a1d016c2c339090644edc914dd7f883
SHA1604f657b55f0985c49d210545098b33eb46f8262
SHA2566119d4d9c272e58bd80503689d5f3be485dbf4c75c281b217d877431bd6fd67c
SHA512d652128589584d08326a09b174462222715a3f34e53c7a1c30fcf73b58817a0ba73498e9906dd5c3a5b618d9ea51491fdf4fd1b3a39f45656cbe3073a76edb09