Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
22-04-2024 21:43
General
-
Target
2024-04-22_b9f901d26cf6cdedeeb6c66b4fb49d11_mafia.exe
-
Size
473KB
-
MD5
b9f901d26cf6cdedeeb6c66b4fb49d11
-
SHA1
d573dab2e89c77e7e877466bb19ff72a3d3e334b
-
SHA256
16e59e7e85774d934231e767fad8578abb4ab7e77008b057726610a072a206a6
-
SHA512
caf47d0dad6de62beb0a1961a95642d63b34a6b1e10f31b00532c3816d30340f2229b5c4d1b907ce833878ffe2cc23876f390caf31135cb97bbf94bea28a93f3
-
SSDEEP
12288:Nb4bZudi79Lg/FvT73+s4jFEGjv7hW3EA0a:Nb4bcdkLg/d+sAFEGT7cP
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-22_b9f901d26cf6cdedeeb6c66b4fb49d11_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-22_b9f901d26cf6cdedeeb6c66b4fb49d11_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3009.tmp"C:\Users\Admin\AppData\Local\Temp\3009.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-04-22_b9f901d26cf6cdedeeb6c66b4fb49d11_mafia.exe C1CC1C2DFCA648BA831AB030EF8AC4C2C663FC65E34F9020DF547830E5B3FCD09DB90AAEDB0C6D70C2A1D27D535E0C21A98D6257525AFB7BC595DDC8C2943CED2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
473KB
MD5f18e80a68bc78746b83b71329f9dc40d
SHA1235501279b9794cbb4fd4bb9c39149cb9a5903c0
SHA256f29f53c49d58e8a81a01afa79474cf1d8268faddf5a5b3129cf7c03da1d6fc66
SHA512e62b689302488f8cd81e33d0b43f21af68b14bac9a7fcd58eb34157df7fc76ba374636b0748afbd587d1c6cde5b7f81563a0729b28a6fbb4c19221b96b2cf94c