Analysis
-
max time kernel
147s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
08/04/2024, 12:47
General
-
Target
2024-04-08_b5b9e32fbdd2b7ab40d73cd0f43d5e43_mafia.exe
-
Size
486KB
-
MD5
b5b9e32fbdd2b7ab40d73cd0f43d5e43
-
SHA1
bd89d37ba10cacc440fe44dd4fa3138f797d0486
-
SHA256
dbe9d7333a3e7a77bde77498128283a7b4b463ec8d07700a5be348818ce0089c
-
SHA512
d1435aeb48656a2018cbd49f5c842ac0660e2f3ea188f639eb742fa9a8ef9b449ef4bea23d5ab1e3fd58c54b32b4961b1c34bb253991a5e0525d3a2c3b3d45ac
-
SSDEEP
12288:3O4rfItL8HPSwAal872JwkZG67rKxUYXhW:3O4rQtGPSS+SXG63KxUYXhW
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-08_b5b9e32fbdd2b7ab40d73cd0f43d5e43_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-08_b5b9e32fbdd2b7ab40d73cd0f43d5e43_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\6273.tmp"C:\Users\Admin\AppData\Local\Temp\6273.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-04-08_b5b9e32fbdd2b7ab40d73cd0f43d5e43_mafia.exe 23447E3F6EA4BDA5E3E7C2B95869DD7813ECFE2F4A3F81049AF523B22DA9C127BE09D25F6B32C2A4F77A23157C9544D6C6D01B8F6C01214D5A0CEBE419857A242⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
486KB
MD5b5785734807539d3ac0b355ec5559427
SHA17c8f8a7062890d9f3a25afab4f8be76ee787fad6
SHA256c953b59afbfe699b262cb2771af61a03a415488ccdbd3203b4e1b202160fd2c3
SHA5120dbd4be4f88e51f57531295ce8521c752c2e19a6a334bbcc9a54f974adb4b3e9da4f894c1fc6a661bdbb618577840e394a2fc5338f2b0f1da5651322fc6fea73