Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240319-en -
resource tags
-
submitted
28-03-2024 04:07
General
-
Target
2024-03-28_c3c1685490255ff5cbd7fff239ded32b_mafia.exe
-
Size
486KB
-
MD5
c3c1685490255ff5cbd7fff239ded32b
-
SHA1
cd8280a076dcd26056518ee2f21371d7ccec05e1
-
SHA256
aa907041d7e39be783c6969214534918848fac353289e0308793dc506a4ed216
-
SHA512
c23b9c4ab6d9011c399e176761ae3e8e72d13ffea064808647d451c48368e1ca0f4626e1de7210730ade1db2654ad1e62f095cbc47a16bf639d760821a4961b1
-
SSDEEP
12288:3O4rfItL8HPMLYGBLhI15mTr7IC1KrPmfBHND607rKxUYXhW:3O4rQtGPCJlh11KrP4lL3KxUYXhW
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-28_c3c1685490255ff5cbd7fff239ded32b_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-28_c3c1685490255ff5cbd7fff239ded32b_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2913.tmp"C:\Users\Admin\AppData\Local\Temp\2913.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-28_c3c1685490255ff5cbd7fff239ded32b_mafia.exe AF65710A00B9D4FEA0F7FB446FD53211F5BFFD1EA14C7C89634CB2E6D9FADC9C48D9A34766DC16CDD1FCD333CD522398F2BE713171802ABF62A1293F3586510E2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
486KB
MD59396ad33e6fdabd9682e664969cbd845
SHA10bbb1af565ad4ac6448eff0850157e5650464bc7
SHA256b7773a65b7d1aa37517264089bfe77b1ac4a3f0772daee1a301170f56a9b1901
SHA512306c3aeca3b7b05caa85b08ba9d6fc3c8ce8fcace7a43294ed45d936e35f2286bc28263b92fe04d942dc8829e548f734b4add1cd808a7e2f8cea21c43a2cf9b3