Analysis
-
max time kernel
119s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
26/03/2024, 01:46
General
-
Target
2024-03-26_ca4d9a23c1fb916c45918d57fb68f7bf_mafia.exe
-
Size
384KB
-
MD5
ca4d9a23c1fb916c45918d57fb68f7bf
-
SHA1
ba04ba1cc11940349474045ad96a16ee9161013d
-
SHA256
5a201a37d4a7754e44004b39d099c81c81d9c695c1c0a7ef4cc16fa1eb0ab79d
-
SHA512
7fdaa86760283bf85752d56126bc575960f7dbc7952f2d79810280ebc74fd6edab5c355aa10e9f45dff0c2e278e474dd31609c217a4b37e9f55895894ed948d8
-
SSDEEP
6144:drxfv4co9ZL3GBGgjODxbf7hHui1jb9GfRCHjEY8DGRVJH03gQNTT5avGMFGbxMg:Zm48gODxbzYyjxyRCjx8SRc3FJTMvGM4
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-26_ca4d9a23c1fb916c45918d57fb68f7bf_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-26_ca4d9a23c1fb916c45918d57fb68f7bf_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1890.tmp"C:\Users\Admin\AppData\Local\Temp\1890.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-03-26_ca4d9a23c1fb916c45918d57fb68f7bf_mafia.exe C398A1FC56FAC2D7BE1362930446F83DC44BF70C3007F6F8F8B180999F521C872B778CEEAAD5E2752B14C2368BD2CBFCF32D4993AA5029EDC498ECA7825239E82⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
384KB
MD559eb45c8672b2e5683670817895111be
SHA12c8eead41af0afc22d975402af1035618474edb2
SHA256eeeeacc8cd7b733540fad42b07542afef769336e984dad28e8905d2b9249e876
SHA51235b42556d7b54fdd6513919d1151e02919ed91f377458cd428f1dcd5528aeff472655d4e706ebfafa1d5d6fe475f74c0f241e3ac59db45e79418a7bf023c4dbd