Analysis
-
max time kernel
117s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
16-03-2024 04:57
General
-
Target
2024-03-16_c31d10d5d566f638723d6e86403f4fab_mafia.exe
-
Size
428KB
-
MD5
c31d10d5d566f638723d6e86403f4fab
-
SHA1
21d852ae1fff193be6de4afb921f34f9203d6108
-
SHA256
87a927705a879304cb9c0315761213f693cd892e524ddf0431ca8047baa0c398
-
SHA512
1f87c376906eccd4875f2979f779a9e0b9cebcafac0160a2cc1d59573a08304537149831c9ed6559e61df06533143c35b191b2617462c01d622f34d17baea7a8
-
SSDEEP
6144:gVdvczEb7GUOpYWhNVynE/mFmfWN5Hg35ftEJvzfYU6Oe+0qHR:gZLolhNVyEBfy5ch4LgxOAqHR
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-16_c31d10d5d566f638723d6e86403f4fab_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-16_c31d10d5d566f638723d6e86403f4fab_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\45A8.tmp"C:\Users\Admin\AppData\Local\Temp\45A8.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-03-16_c31d10d5d566f638723d6e86403f4fab_mafia.exe 731FCBED2631CA8B2F4C92E9E096DD6D0E3A56D9D9B81D16939517FD77EACA6C126E6E34D01D43221FA636CD978BEA36C32A0ED8BB142D4F67F99212CA4B44E92⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
428KB
MD536b0d2d8e337a48af580290a9b940465
SHA1a5b134de153e089ff8422216807cf4910932b22c
SHA25662036a640c8ffe8e622ca4911ff341ca938629b9d94aee369520ede868f6b6c4
SHA512ff4eb8b100b92b6bde0ed47e64236b8d70f86716648bf19cafca5c5b89403ba81d2ae836382742468efbac158c67c2f118e51a534464285886e414ea429e1d9a