Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240319-en -
resource tags
-
submitted
27/03/2024, 21:26
General
-
Target
2024-03-27_338088517fea4a2569b38145a69e4856_mafia.exe
-
Size
444KB
-
MD5
338088517fea4a2569b38145a69e4856
-
SHA1
1b0d035182150612cb37e4f8f04d0411e5c0dfff
-
SHA256
d610c4cba7280c6ed43d4a55490528b7becc1e74bae99dd3407bd617477c38d6
-
SHA512
30b821aa8b8852d7382ae754c5067963027e945d8617ad7fd60e75a06af6a48d58396ab096ab20963f14fd19c99bee0a47b99917757e50d55d3445dd88380e89
-
SSDEEP
12288:Nb4bZudi79LtgKap0EhWqHbJxScCP/Q/+X24yA:Nb4bcdkLq/p06WabJx8/9X24
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-27_338088517fea4a2569b38145a69e4856_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-27_338088517fea4a2569b38145a69e4856_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\29AF.tmp"C:\Users\Admin\AppData\Local\Temp\29AF.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-27_338088517fea4a2569b38145a69e4856_mafia.exe C6859738AF0FBDD6DD4C95F10ACC81AA6A8F9ADA590AA4F0F5E7E78DBC1DCA5D70E32DEF7CF76680DE2896D70E594C3AA0116EDEF40927D9677737555A097FA82⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
444KB
MD5cf2f1cd35e3f0acfccbbebc93640234a
SHA1323114f0c4fe85608341a4aed17242ab40636923
SHA2567b3b908b43a2bdec6b8271c168fb29b4a58c17acf03426a5d5203052869d6ea9
SHA5127f2733d6233237e7189500f8ff1a69e01a3ee2f0dd3d09b63fe26ae7a3f5c63fba6a0fdb663a2b47f4a65e864a2487e5fe9e5ddd2b499c06275ad54370424ca2