Analysis
-
max time kernel
90s -
max time network
122s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
28-03-2024 04:14
General
-
Target
2024-03-28_ee704322f589481888f239cd10bef34a_mafia.exe
-
Size
435KB
-
MD5
ee704322f589481888f239cd10bef34a
-
SHA1
4fd91f44892203b100d2b0dad400dc6be2e8e761
-
SHA256
2ecd05b8597b99b4048b5702c3ba11ad57e5282791d183a5daf8277fa30aad73
-
SHA512
bf21f0813beea49d235d2ccdb5e657f8bb87f2901809005eece645e1cc86b478f4db1efbfe0e69e027b0d5a66e43a06b90cdefd08ac490d576d5f1f10a53aad7
-
SSDEEP
6144:fJvyW4ojUnQjx4qePix+qXQjBYe+wQKQhX8TzLwMD3bekKJXc/sObY9z0NrXw9J:fd4x+ePixnXQjcAQp8TPekKJMUOxxwP
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-28_ee704322f589481888f239cd10bef34a_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-28_ee704322f589481888f239cd10bef34a_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4844.tmp"C:\Users\Admin\AppData\Local\Temp\4844.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-28_ee704322f589481888f239cd10bef34a_mafia.exe 3D4B16AB3314D4F59036C0FD66FC3B23570DD4E0F70A5FED80F4E02B45A505ECD0CB6F3385C3D0A56231833A854A74D5464B1CFD7540AFD7ECE34EBBEC7EC0842⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
435KB
MD59e18bddc58b1a8484a53f2ce5a5f57c2
SHA1f6e9edd65e50a6e495275d22795d59fbf5c7dfb1
SHA2565df4ba7067d3bf7e05555e807dac2d9dd8d4b29d6387916bba5c6cb1faee7a1f
SHA512650098b699419a4275a5afe50a5a86e4b4f8e844cfde9c741a6405dc8310f73120981f254b03bb86b79cff1394d0d167efd060c8878726728aedfa4dfd3f15d4