Analysis
-
max time kernel
147s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
18/03/2024, 22:31
General
-
Target
2024-03-18_6f3266a820b4906df9792c795fd933cf_mafia.exe
-
Size
444KB
-
MD5
6f3266a820b4906df9792c795fd933cf
-
SHA1
f582b7f85d0fb83bd5752ab197ce7915d1afd004
-
SHA256
4bf77208a24dad87de948660cfa0353ac91da1e4442045d40d4bcf3a0d4e81a4
-
SHA512
f383ae95483293edfbc8b99f3d24017249049360bcbf3dd18ab2ebb9451b85d1f8e1075801bfbe5e2580160827c20efd0924d1f19c36ad3b4039450d506c26d9
-
SSDEEP
12288:Nb4bZudi79LraTnKw2z8B1ad94cnk/e30A:Nb4bcdkLr4neEXe3
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-18_6f3266a820b4906df9792c795fd933cf_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-18_6f3266a820b4906df9792c795fd933cf_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\6997.tmp"C:\Users\Admin\AppData\Local\Temp\6997.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-18_6f3266a820b4906df9792c795fd933cf_mafia.exe 86F5DC33F23D32A9B88499C21446F4AFADBABC33A7B1EB9AE4089C95AE91C641E5CCA2F8A9CFCC49152606865361EB8EB02DB3F8F68EF56BFEDCE57F701A5BFD2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
444KB
MD5a6e071b8290d408b13a1cbee3ca345b9
SHA165813d7be8e6929695003d2f725217e7514c9b62
SHA256d616024050a1f28647ed03ac24c048e536ee5b8913ff2aa8226766041abd8219
SHA5129a8dbe31cc287b52fa8316182b0709310ca53055b5fa71925905faa82d1f651f278b558e6ce4b6908bd7d447a5ff51e1103e9397589d01d8d653802ef02040be