Analysis
-
max time kernel
120s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
28-03-2024 04:29
General
-
Target
2024-03-28_2a3ea1a1a160870e6c992ff1f9eebc09_mafia.exe
-
Size
435KB
-
MD5
2a3ea1a1a160870e6c992ff1f9eebc09
-
SHA1
dd6b5f63b90b8151b6884d458aba6252c8f821a2
-
SHA256
86245c26ce64b63b9f22aacb411094796b86a3de4aa3c602c23122c2845b0543
-
SHA512
bd49a6c4e8732889825b349ddf0cff3339c0da3dae38038b83142c9224a4ee837867f0fcd3a42e6010ceab44bc0238608f48ae21c026f7baa18105c9e84c4a22
-
SSDEEP
6144:fJvyW4ojUnQjx4qePix+qXQjBYQxIzCkDODqYdz5Zs4aI06CZs2ib6Vw9J:fd4x+ePixnXQjKQ9ZsW07xibawP
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-28_2a3ea1a1a160870e6c992ff1f9eebc09_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-28_2a3ea1a1a160870e6c992ff1f9eebc09_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4CF8.tmp"C:\Users\Admin\AppData\Local\Temp\4CF8.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-28_2a3ea1a1a160870e6c992ff1f9eebc09_mafia.exe B4180C94C638233C1B58A66761EB95F3E2B2A700B9B1DECDE6B5931422D5B893198589BF7874C73B61D9DD10C00EDE3296DBC9C26FFD6959E2EC62D5CBA98A552⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
435KB
MD5fd2cf4927a85d90f4d8bd3f27920f70b
SHA180b4734a344b976fe2ce3805d3fc0a41ff7234a7
SHA256b2615055e7a2a7a7cdbdc7dcfba30324a43177742d2a3620694fb5a0b04a0b9d
SHA51260d481634a2a26defcfe550a95ea7c121e3aa160bfb5091bdd2dea5bff746f4b72af0865cafcf4a6db08eec849b26ad13e89b6395fe0b1bb1c175adc6ba148ab