Analysis
-
max time kernel
120s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
26/03/2024, 05:43
General
-
Target
2024-03-26_9dcaacffde60788759382707fa91761f_mafia.exe
-
Size
473KB
-
MD5
9dcaacffde60788759382707fa91761f
-
SHA1
4f601c7bed64866398c03f13f0966f9c2a333fb7
-
SHA256
bc554c0c61a858dd780654c101e6b016aac5adf21f36e5f1941eace7e35c2cb0
-
SHA512
a0a8150b3ea5e4dd1de2317ae73d214d1233328fd99deaa96af26d8ecf25acc0382356ef728653be43018086beed4ccb822c18a533ea678313aba43d7a906237
-
SSDEEP
12288:Nb4bZudi79LfZ/ebhJvPTnj02YJuzOA0a:Nb4bcdkLejzNB
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-26_9dcaacffde60788759382707fa91761f_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-26_9dcaacffde60788759382707fa91761f_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\8AB3.tmp"C:\Users\Admin\AppData\Local\Temp\8AB3.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-26_9dcaacffde60788759382707fa91761f_mafia.exe F8AEDD604380FAFD39956A1A32FB986E05760F84888EA8A12A4939A36D508472783FA3BFA7190CB1B576C5C81196F00A91B804FE68ED0FA0718233D95AFA55D52⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
473KB
MD5d6b706b38f6b5cfccc7c8844dceaa96d
SHA190f6907da7fe2ad5d1bf97d9320947fc96e4d698
SHA256be35e68174f6f51f2edf2670c6b08838ceeee43ec4916261bdbc3dd8d934b211
SHA5122557933cb2c6143f1f13866f3b9815458789d7a8b166c4d87bbb038c93264bd9ffe58398717ee7abdc6a43ff9fd156cfc77df884d54f3aaf124a93ffa84d2959