Analysis
-
max time kernel
119s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
15/03/2024, 20:31
General
-
Target
2024-03-15_85da4e706e0aabe51e3563d491b0d6ff_mafia.exe
-
Size
384KB
-
MD5
85da4e706e0aabe51e3563d491b0d6ff
-
SHA1
4638f1c20ca96cac6dd1e63da887dc8fbbfded8b
-
SHA256
e67df93e3780c18a7bff922ca78b9c60c2ef06cb6534535e23debde8c6432685
-
SHA512
0d8e3db22542e02b2a6e206b4d50a6cb936cdf792686249510d158a98d96605e669d56f394146405c8879210768204017c90fb46cd6d7c644dd1b0738d2199b8
-
SSDEEP
6144:drxfv4co9ZL3GBGgjODxbf7hHF8Eoeiemzaoem32JG0QZPG2OlY+Z89Z:Zm48gODxbzae+aoefJGFe2+Yw2Z
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-15_85da4e706e0aabe51e3563d491b0d6ff_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-15_85da4e706e0aabe51e3563d491b0d6ff_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\80F3.tmp"C:\Users\Admin\AppData\Local\Temp\80F3.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-03-15_85da4e706e0aabe51e3563d491b0d6ff_mafia.exe D0B652FA1BDD219096B47C97E370EAFC69AEA86A0FA40C9C8520F394678C75A8FBF3844BF02448BA484BD2F2FC9BDC52AFD3076EFABCF98EB407DE3C0C6ECA2E2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
384KB
MD57e98a1e91ce76e42e25078128811ebb8
SHA1232f070f285ea7803d1f830e9df8f67b1b505f18
SHA256991d7db146f109e345398550a25aa838a4a9d0a8bbcfaa0c05bf2aff28c600e5
SHA51203fae407f303291c7e11c6a5ac4b0b25263d2b1487d344f3819aae13e7c07c00c621b5056aa04df883785df77e59780b65859cc994798b7ea815716175f9de34