Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
14/03/2024, 08:47
General
-
Target
2024-03-14_d2f0f31ff30efea1f8101d6c9d527ec7_mafia.exe
-
Size
411KB
-
MD5
d2f0f31ff30efea1f8101d6c9d527ec7
-
SHA1
aca3d32bbe79f0dd0e578bad6ed6c2b25fe9c389
-
SHA256
cbeefb5d22fbb9347335649054005e923365029a4977df1aab774cd316521fbb
-
SHA512
47adbe35a2a207c2234d6facc6b7b585e33c815f7985cac818de57af58123266aa24a82d08866dd9c8fa9f503d805a44ddfd7d5b2655c2f08ad4cb7869ccb325
-
SSDEEP
6144:gVdvczEb7GUOpYWhNVynE/mFhDfK4O4b8hW1z+BkWov8offPx02DsboqHI:gZLolhNVyEEfK2IhWwBk708Gn0qHI
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-14_d2f0f31ff30efea1f8101d6c9d527ec7_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-14_d2f0f31ff30efea1f8101d6c9d527ec7_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\6690.tmp"C:\Users\Admin\AppData\Local\Temp\6690.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-03-14_d2f0f31ff30efea1f8101d6c9d527ec7_mafia.exe 23F9AEBF6A520E92456ED4B7664BC5F24533B391D904DCE5CBE143BDF95460CA6242A22F31A438C2703146E700F69E0F57584E4FD9937209A72FF86A5167DCE92⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
411KB
MD54ae319b1ce7259a33a82b0494fc73fe9
SHA105d3d71ec14f697c0a5301f691f07a5ee6015cdd
SHA2564d0c3283021867ca72d3f0d574d57e9f97203beaa7e3fe1a1eba4bfbd4861ae9
SHA512d5ec8607558408a220d19785eae552a511fce9152a73601bb10c4a3a76d14212ead7ecb1042be993bd4570ea91cf1f45b1aca099700e1baa1151764788325809