Analysis
-
max time kernel
118s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
27/03/2024, 17:40
General
-
Target
2024-03-27_9c2588c983b8b1484e1e7e4c4c8ed6d9_mafia.exe
-
Size
443KB
-
MD5
9c2588c983b8b1484e1e7e4c4c8ed6d9
-
SHA1
8429ccacf90c7c19338a3f1f8153a2ba08f5821c
-
SHA256
8a438924acebfdbbcfc1d6a6e27d8284ab226936c69c6a5a31a38b20634412c6
-
SHA512
f0e5c0667df2ec475c93aa4177b8ad36a34dba476647773e01bebb8ca2f8dcf4d726d001cb68c94fc557c0936615bc377023b1247291a51fbbb12ebc9bc04dc7
-
SSDEEP
12288:Wq4w/ekieZgU6hyF3cM+fHzzTudCX+AzDqwqlMa:Wq4w/ekieH68B1+f7fOAkP
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-27_9c2588c983b8b1484e1e7e4c4c8ed6d9_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-27_9c2588c983b8b1484e1e7e4c4c8ed6d9_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\E43.tmp"C:\Users\Admin\AppData\Local\Temp\E43.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-27_9c2588c983b8b1484e1e7e4c4c8ed6d9_mafia.exe 9DDBC8F0004A87E0B7B859B726A26495F8C4C35F096F08F875ACFD54D3A238D991BFB79091C7CDD7EFDA160E371BFB3944DE055A986483E3DBCF0915D4226CB02⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
443KB
MD53ef39faf6061bfa40eccd504e11a6134
SHA144d257ce739914dd982abcc6ab5081732fc5638c
SHA25640317dbe2aa25604e195600afa49baeb3b859dae8592a9d84453fdabaa82053a
SHA512e47cd30a06dceeafcc70d3082754624a29e524ac0a80466e9e0703bd55bb4825ddde872f6cbcf3d3e1dc1a008f52ac880fe4f775fe14a6c38665f7bcba4ebb98