Analysis
-
max time kernel
120s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
04-04-2024 21:33
General
-
Target
2024-04-04_81800e24954ab65c8e58cccd1462d128_mafia.exe
-
Size
444KB
-
MD5
81800e24954ab65c8e58cccd1462d128
-
SHA1
907453e13c6d0df9b57a7509991ae1a5fb7d78d3
-
SHA256
40cd7beb860d8c925be31c4990ef1f295b1b4ac82954dad1ecead284c6dfc847
-
SHA512
48129214ba3d31d0a49d76d0015a0c54ee00d1ac2243c28bbb827279b34c3667fdac4f9698c0687fffe3fb0cce2d7547ad2eed63de3992788ef9f42d2c839d9c
-
SSDEEP
12288:Nb4bZudi79LWeVoGbYAAeNCthiSY7XkYvSkNTKCSM1A:Nb4bcdkLfbYp8CSSYgYvRhKC
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-04_81800e24954ab65c8e58cccd1462d128_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-04_81800e24954ab65c8e58cccd1462d128_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\73F8.tmp"C:\Users\Admin\AppData\Local\Temp\73F8.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-04-04_81800e24954ab65c8e58cccd1462d128_mafia.exe 695B9FA645F541F2723586D8C3A599D6699BAA9098FCB7AA865DF691406D6858A26B2E97D83F4183813849ECD4FA4B8AFEDF6087A2ECAF52F3845586499753E02⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
444KB
MD5d74f45672529b10654d8196b8640a606
SHA11ae32af1f73ad9f7b3ede00c2e733bd2d7f34145
SHA2567dd08e6424397cf64ec7e80b0be7d5875ae85892e7fd9c7b17cda0f1e2d6c1b3
SHA5127c2605d8a17d8f8c0e035478d1ffa8ce7507e7e4ae503b2c90463b370d942934917c11e5386a7abc5e24f1bf6bef0f9fb95ada3fdec23581069bb1f602df5e26