Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
29-03-2024 17:41
General
-
Target
2024-03-29_6f889a979609a912d453606fa66deb40_mafia.exe
-
Size
435KB
-
MD5
6f889a979609a912d453606fa66deb40
-
SHA1
e9ce4c7ef1cef966b18ed6b5a408ca8417eb5fb1
-
SHA256
1d86c0f6a70f2748c80b13e8017c74af5f239b6a5d014246f6da34f025ff583e
-
SHA512
cc31bcc6160344278342aafd21cafe6875c3b240a12e5fc7fd3cc875be2d24f4550aaf4f407bd2ac2ad7b49be38a1d5f40685e84726c04eaac32863d0544f030
-
SSDEEP
12288:fd4x+ePixnXQjWCMJsx8dSGpO26dF8B7jSyrdowP:fd4x+ePixAjWdsgSGwbdFQ7m
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_6f889a979609a912d453606fa66deb40_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-29_6f889a979609a912d453606fa66deb40_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\558F.tmp"C:\Users\Admin\AppData\Local\Temp\558F.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-29_6f889a979609a912d453606fa66deb40_mafia.exe 0E5394A93A78ABC22C1F860EF59F522B03EB6E9BF0CE75EE1AFACB392D3BC8470B2FF26970E7B7DDBC3C0F1F76FFD43396997CE8FFFAF6D78813E90E31932B0C2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
435KB
MD575f6067e9e95bbb6507bf0f55b289ea5
SHA1f7eef47ee23583ae100ac868c0f28c553eb08d1b
SHA2563949aa2cb16df16f1a528ab7e6a6c4433758467d1216ee238dedde8edfef1030
SHA51224647c4b80fccca624ab0ec43bd17236e7c16055ef435bf999054b5fa838ec36e1844eba0cf5860abc9711fbf8f9cb8b9b78ddbe7a12cc422e741acc78d53285