Analysis
-
max time kernel
122s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
20-04-2024 01:04
General
-
Target
2024-04-20_ac5901c55eba16ba917f9ffdbf34ec66_mafia.exe
-
Size
433KB
-
MD5
ac5901c55eba16ba917f9ffdbf34ec66
-
SHA1
7705ef83634d6649d8b2e7922d136ed9cd268016
-
SHA256
6207b767eacdefefaaa90bf58395bc64174cb4bb43720b08ecd9a1136d54da2f
-
SHA512
7dda5454852e457730da84c030f3757a84c4e0b8b0f5190f2614756e6123cea0f2c6fe7721d00c18558a8c74acca4fae619465cab790ee7c5773de8df03bb700
-
SSDEEP
12288:Ci4g+yU+0pAiv+ZxAAatgOxtVy1EtfKogdVFn:Ci4gXn0pD+ZxMtdxt01EGz
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-20_ac5901c55eba16ba917f9ffdbf34ec66_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-20_ac5901c55eba16ba917f9ffdbf34ec66_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\879.tmp"C:\Users\Admin\AppData\Local\Temp\879.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-04-20_ac5901c55eba16ba917f9ffdbf34ec66_mafia.exe 0F8B6E2E0B3604183030CCB24F9717C898D53BF016FF6D27B7EF04D239DC9CD707982F96792381FAB7B664F09B72488C5512E0E48119C31E3A49D4FFE9B106172⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
433KB
MD5f1bb84fa6f185f7ef07fd8460be1e65b
SHA15b8d67dd270e1b43fd7a69099ddf6b2f45dc918c
SHA2568ac9dab119c9fcb9db88598b5d2441686dce376ac2cc80b9e195b87e8cc5b44e
SHA51271c954ee009644232528a8b8a236c6040e0fb904dab60a1b1732a7ae145b782362fa89190f48ac57281d8e2ae8fe31bea386284ad24e9e173a3e858fc6b46235