Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
19-03-2024 08:22
General
-
Target
2024-03-19_05e03642646c5cdaf2f6afad15d31be7_mafia.exe
-
Size
412KB
-
MD5
05e03642646c5cdaf2f6afad15d31be7
-
SHA1
1ba4b8ee8c4729606edd409948bbc69464ebdae6
-
SHA256
314be1cf70b6c6ec0995bac34b40b2c7485459f07826af85504a9418078d3a7d
-
SHA512
2e3b20e06468c43a63f6e5daaaf256b549d40ab1fa76ad84e5f027748cb9808caa35f69ada89b3f619440c789e8c21a83602f147d28c6da26085d5353f5331fb
-
SSDEEP
6144:UooTAQjKG3wDGAeIc9kphIoDZn78GZ599OwycHEHhvTIN9/lIS3swy8+CJMP:U6PCrIc9kph5J8UP9Ofof9//q
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_05e03642646c5cdaf2f6afad15d31be7_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-19_05e03642646c5cdaf2f6afad15d31be7_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1E79.tmp"C:\Users\Admin\AppData\Local\Temp\1E79.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-03-19_05e03642646c5cdaf2f6afad15d31be7_mafia.exe 4598B166FF7EC96072DAAA0B068B2198B698954A3D5F85C96296781317B7E42315BC23E5BAA651F6C80E68F9CA9B0B83F1178D4AC86DD2FB0A563417E593890F2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
412KB
MD58068dc603400b4677c96a443ef7e094f
SHA1abeed377052051d3c4a913ca1dae0132fb582668
SHA256ccf963e0e1c16855bafa4e5619aef9cba3a5b9b11aa7610666ea35fb53954303
SHA51226df94c27cda53415419a9e60e53f43c4962f8f804e6c6406818948b491d6b19195aaef807794b8da9a1c7fce1a1ccc2e65c4c8e647e61fcb907331755159d82