35837ab71908a9a0f2e2aa354f24861021040cdf5af1cb9f4f25b1bc8a1c2b23

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03/05/2024, 17:44

Target

2024-05-03_044d9f46e11f39e1fbe232806dfba424_mafia.exe
Size

2.1MB
MD5

044d9f46e11f39e1fbe232806dfba424
SHA1

569ad5b35f5760456d64aedf5b88239478527de5
SHA256

35837ab71908a9a0f2e2aa354f24861021040cdf5af1cb9f4f25b1bc8a1c2b23
SHA512

c53000e2615aed57cd565464c49009e6e57844de76a3900ca3eaafddf07ccce89b7409117e4038424a09b2ddd3704ee4b7b61c7cd344bc2173da4bd121c04e3d
SSDEEP

24576:7H2+ecjUcmFV2r7YTjNwlIbUp3dsOzlFZAl5pDODRqAHCwXxXml4iAChD8N01CSO:ScUhV2rawlbptshFAHmSpRSg6Z8Qqv

Score

7^/10

discovery

Loads dropped DLL 1 IoCs

pid	Process
1936	2024-05-03_044d9f46e11f39e1fbe232806dfba424_mafia.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1936	2024-05-03_044d9f46e11f39e1fbe232806dfba424_mafia.exe
1936	2024-05-03_044d9f46e11f39e1fbe232806dfba424_mafia.exe

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

\Users\Admin\AppData\Local\Temp\del.dll

Filesize
1.0MB

MD5
23de30293757c5ec4c2eb81bd9c02190

SHA1
69061c651393feee2160d351b936d2eb7cc053d6

SHA256
f1210e662e27294eefe6157eb8b37f955b741f2e9a4e10124428548e50b571f2

SHA512
3987170bac63518f620f470abc54fc2e4206e361846bdcb0332b509213991ca46dee98b073b62eb8d90a070d36de7a519d17c60ebc6c8969b8c3c1dd8a104d87

Download Submit
memory/1936-5-0x0000000000440000-0x0000000000441000-memory.dmp

Filesize
4KB

Download