Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240319-en -
resource tags
-
submitted
26-03-2024 18:29
General
-
Target
2024-03-26_4b6d90be529a3db6d59a0f078d0dbd5e_mafia.exe
-
Size
411KB
-
MD5
4b6d90be529a3db6d59a0f078d0dbd5e
-
SHA1
1cf8d3145d6cdd24b36e9e1efcebf476cf7b8385
-
SHA256
9ba376116978f4cd1c8731a467469c2094ac41fe4b68c5bcac5edce0c08bf75c
-
SHA512
e8af34682945f07be9835ee33b13d153260dc1c6fafa8baa16f368c05fa9f421ee67fccbe1482825cac36ef1ae1f41d58d7a1ff52a3edc7fb38ac8b7ab91bdfb
-
SSDEEP
6144:gVdvczEb7GUOpYWhNVynE/mF+lfQrWeFlEoIZAV7I0AKiua/WvDqHI:gZLolhNVyElfzeMoAAV7UH+7qHI
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-26_4b6d90be529a3db6d59a0f078d0dbd5e_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-26_4b6d90be529a3db6d59a0f078d0dbd5e_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\42EA.tmp"C:\Users\Admin\AppData\Local\Temp\42EA.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-03-26_4b6d90be529a3db6d59a0f078d0dbd5e_mafia.exe C31EE239C86F0F6D3C11F9841B25D5814562CC8292B8A94EC5C2EBBE4345193C681B349C94909F22147BED5EB2CD1F13706F7F5514FBD0D29F103AE2C00065012⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
411KB
MD51d820d416e072bd94e57e81d97303837
SHA1c308d787af26c2a0713803d580d718af432a5d0c
SHA2563b294b837106ac5f999db946eac72a00e19973b964902008292fbf0565ac2ddc
SHA512f3ed671206b832fc759a57a99659780253975ee575b270f522e80626148351e9e3f2d92086a797f5fed89cda8ea9121deefc9404069318725a2d1ca4b7ffbade