Analysis
-
max time kernel
120s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
20-03-2024 00:27
General
-
Target
2024-03-20_1a5c1dd0b2685e7d16d3a570a2b1105e_mafia.exe
-
Size
384KB
-
MD5
1a5c1dd0b2685e7d16d3a570a2b1105e
-
SHA1
ce88b56706deeeff409dec79fc463cf6effb4f08
-
SHA256
e0fe6a10f6643894309d1445d778e41f0cb9a04f9ce4ecc20c25022b2a22579d
-
SHA512
efd8f2877e5944343d26734350cafceee0704ba501346b9abebf4b2a6cb4e6f03b432eb9755bfe1db85c33f9f8204befdffd1a790afb8f6044281a9b99b63106
-
SSDEEP
6144:drxfv4co9ZL3GBGgjODxbf7hHAWaMFlYJwQ9JAmpDsI0xXou2Qk3vZ:Zm48gODxbziWRyJwC5yau2QuZ
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-20_1a5c1dd0b2685e7d16d3a570a2b1105e_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-20_1a5c1dd0b2685e7d16d3a570a2b1105e_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1FC0.tmp"C:\Users\Admin\AppData\Local\Temp\1FC0.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-03-20_1a5c1dd0b2685e7d16d3a570a2b1105e_mafia.exe 3056FC587BF162429EAADBC56E7ED503DEE0C3C1BA49B3AEE91B34C49ECC5D2DE165847445B23F15554B0AC914CF0C2DD8DE9662FFE3AEC057FF03F43E33F9692⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
384KB
MD564e3679ce87e450cac5533c396d735b1
SHA150bde19710d99a01e4eeae530ceb479caf40afd1
SHA256d33b584a8f9e879b277425fbee6d8212a1dee3da1ec906dda2173cce5deae053
SHA512b52db8733eb091a870032520dc8995fae492e1914ed9a83e5d2585689a20dbb597e0e1071c626dc6efa2c43577475a0bcb1eeb7ad6b991e2a20ca3d40b508a6c