Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
09-04-2024 04:05
General
-
Target
2024-04-09_8ebef6713458c9485e538f797a0158d9_mafia.exe
-
Size
435KB
-
MD5
8ebef6713458c9485e538f797a0158d9
-
SHA1
26969e44ff41f218d158c7060f72bc88054f4b27
-
SHA256
a74729ef9241d3ac4f41ef2033664abb25c592c5c95625e0440efa1ddaad71af
-
SHA512
ea9ed746f7f262f5b6a5452f92512d7c58061748c97d66ecbb9e66c21d91b7bdb1e21b12655bf67805f277febb779295aca8f1f799e04487976777b2aab51958
-
SSDEEP
12288:fd4x+ePixnXQjS+v4hFSsw0Qutri3ovwP:fd4x+ePixAj6hFzgov
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-09_8ebef6713458c9485e538f797a0158d9_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-09_8ebef6713458c9485e538f797a0158d9_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1767.tmp"C:\Users\Admin\AppData\Local\Temp\1767.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-04-09_8ebef6713458c9485e538f797a0158d9_mafia.exe 5F46B02AF2C94FE3311979BC8B159603C207BF135C92AB03A2302866F1D3D84CE54883B578A5926703A7754BFA73B73D3A75B91CA36C7370032D87CD023370BE2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
435KB
MD55ceb8f2519f371a1bf4ce94afa7d2082
SHA1ad54b104a84d81335f332dff379b5dd22e520862
SHA256a68b68bcce8502746b298a746c2c815b7cbe2f85bb250cda4bcaca55441c44fa
SHA5125199c6c6aff4229b2869232f36fc2d45d02765d5800d1d739e30861226b690ea759000a7d0ae7190fbd58dfb7debdf598ac3723dad295469685192f5dbc531b8