Analysis
-
max time kernel
120s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240319-en -
resource tags
-
submitted
05-04-2024 04:10
General
-
Target
2024-04-05_d44724f33261799f9af330b50d9779a8_mafia.exe
-
Size
479KB
-
MD5
d44724f33261799f9af330b50d9779a8
-
SHA1
7fd5d2ea8eb2389ab62acca63ce8d59d2c6d813d
-
SHA256
8588f9334456886dc90ea590372cbb02efe8767dde20e2b2a91e5bb08258f206
-
SHA512
ddd54285cb87f0c4beaef0edf569d813f40e86759aaf39e989fb2e384a4db725dbb7362ea071bc436792945e74f96c7ab03346f3b89272fe982f2be557479b7e
-
SSDEEP
6144:b9EyS4oMxIkjxcWqHtg88HARRTxrvMV/ZNbquwq3bjgZ2RJYZTzPFZ75UNY:bO4rfItL8HAbxrvMVZtqupbhuJZ75UO
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-05_d44724f33261799f9af330b50d9779a8_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-05_d44724f33261799f9af330b50d9779a8_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3015.tmp"C:\Users\Admin\AppData\Local\Temp\3015.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-04-05_d44724f33261799f9af330b50d9779a8_mafia.exe 25A8AF7623700753D68416DF6C2AB9FC06815778288E6F0D1A879EE308B76181C5AABDAC8DBEC5221A11B46AAB996E8C3CFF9F26CF26EC2BA318038B260F4F942⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
479KB
MD55b65ce37ba9dc819f2914dcc2eb66f4d
SHA163bb5413afa7e1b5c0f6911c5ffbe020c477060e
SHA2565ee83b969f1758392ce71faaeb571e2e4f80b94976875874368011a88f265502
SHA512c722839cf819f3df97c471c9e7aa81e1b4494bbd1c2a994e102e13c9d322be253bda32cc3227b6d1c8544884dd2ad5c45630b6f335d7e199ec1f27baa194e23b