Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
18/03/2024, 10:53
General
-
Target
2024-03-18_ea23403257bc5629a04912785bce60a8_mafia.exe
-
Size
413KB
-
MD5
ea23403257bc5629a04912785bce60a8
-
SHA1
5681a05099b1e7085a2d1ab060ab83e416b5b385
-
SHA256
578a6e4e61acb981413bd259f033e9bc2a07d0aa97aa9a18c79b3d96c6417fe3
-
SHA512
6c1e3af75d08000aef769e87f02031b5fa981ef1c19681dfbb72f6073cd7e420acf6adb8476271c5693e88b71b4311cecc41a53c76137a1c79be08f625a3a71a
-
SSDEEP
6144:gVdvczEb7GUOpYWhNVynE/mFFdzwXbizGo+8U/00KPrr/2VtF35XBs7VUrkqHg:gZLolhNVyEKdzLKovtWP15+75qHg
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-18_ea23403257bc5629a04912785bce60a8_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-18_ea23403257bc5629a04912785bce60a8_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\43F3.tmp"C:\Users\Admin\AppData\Local\Temp\43F3.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-03-18_ea23403257bc5629a04912785bce60a8_mafia.exe 5634202B7E2540489A409E7FAECC71D853E1CD224946ECCEB0F18619FC291AB456A24F3CE83F074C5F5B14E08C32F623B80CFEF36E2671318C1CA611F91160952⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
413KB
MD528009e3cacfb7507abe96214b59ea688
SHA153657e7007986256c76a597210473185d12c19aa
SHA256e1dcaa3f7daed7c807c6807a39848fcd624428393c50d8ec9a8237efd1700ac2
SHA51220cdbcadbbe1b690615735246b3720182265664b1ad0b673101d46f789727e8565b5a176b9ae2410e0fe0f7b1a8387e677fe5ba590fca7f20babfde58009037b