Analysis
-
max time kernel
118s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
05/03/2024, 05:43
General
-
Target
2024-03-05_5c3f6d4bb7e432700b26fcf4b345e9bf_mafia.exe
-
Size
486KB
-
MD5
5c3f6d4bb7e432700b26fcf4b345e9bf
-
SHA1
945771541886ce3d3dd98006a0683cded4791e4e
-
SHA256
35ad9be61acb1fc4a7c7ef1b7f3ce35d821403f7b7b9fc6e868cceb2e550d8a9
-
SHA512
a9a179ee2e817528f31a47afd8125799901cab6b5bed5e3f19dedf313d911c4ebc4b13f49e33ae619fac23327db89900b3a799cf0cece98d1aea7af07fd74c06
-
SSDEEP
12288:3O4rfItL8HP8M1rNwURe87ScuRSSk6lUPRbZiWdaY87rKxUYXhW:3O4rQtGPnj98yRPjiWdaY83KxUYXhW
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-05_5c3f6d4bb7e432700b26fcf4b345e9bf_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-05_5c3f6d4bb7e432700b26fcf4b345e9bf_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\7639.tmp"C:\Users\Admin\AppData\Local\Temp\7639.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-05_5c3f6d4bb7e432700b26fcf4b345e9bf_mafia.exe 266727870B6A998E060A525A3C7E73132CAB5717E6AB8244ACD23DCC187CC3EADBE5F5F6F90FBB6C9CE2F4DDDCB7D5E2E77CB881CF622970365EAF2CF643C9B02⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
486KB
MD514b2cb2a0f10148d28f31cc08d281103
SHA114846053c6bbdd8b251cf21758a275c12124c736
SHA256c3096175cd58d80a620f0e7598522eac93e7b166207bd2a03e37c513a72d887f
SHA512c0a4bab019974126d1b74897cb77afd4db8f9f7b4ca74368f181e15e645fe74d5fab40823d636f5963b6be114c2473d3e9e45cc80f59934574c479438f9b1452