Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
05-03-2024 23:50
General
-
Target
2024-03-05_ebb1e35d79d38faf834731c3c0c4f7ef_mafia.exe
-
Size
412KB
-
MD5
ebb1e35d79d38faf834731c3c0c4f7ef
-
SHA1
6935da82f644951b0f61e0c0029a2b742382c7ac
-
SHA256
a779d14ef148f03e8a8467095b0d2d2f7cde8fd6fc75fb0be16336cb37e1c865
-
SHA512
2c2113417ed27b93d453a66d254c1a85082bcc8377fe73924c42d983929dd9a19221ff4410b981fe287d5be768c69191d3cd388dc989ee6bf3e6222467d8bbb8
-
SSDEEP
12288:U6PCrIc9kph5iSLs6/4zdVBnzPeVCmLoA:U6QIcOh5Zow4xVBzPegmLo
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-05_ebb1e35d79d38faf834731c3c0c4f7ef_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-05_ebb1e35d79d38faf834731c3c0c4f7ef_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\320C.tmp"C:\Users\Admin\AppData\Local\Temp\320C.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-03-05_ebb1e35d79d38faf834731c3c0c4f7ef_mafia.exe 46C52E3E2F98123B8B8ED5AD7143B18DE5B0C12953CF3C342032A0855156F9C9893F43FBBE7A2B95642E29817C277432EC6611BF8539AE0035B4E5A3290326782⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
412KB
MD519b0ebf303759f41b888aed6415a6e31
SHA1aeca7fd32d750da5d11c6c0b3c63afee80379c3a
SHA256ddf0e61598a54c0c964568eddf76c0259a5653ef00db0d356e12495c3a300444
SHA512802a7d4affb038c730d4366670eb123776d7e3499d18be770cc5c43d644cc4e5daaa498556a6d28127f8881490355e7bb824ba01bc880f31a43f4704e769503a