Analysis

  • max time kernel
    117s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    05-05-2024 06:23

General

  • Target

    2024-05-05_19d8cc49328e94f2b04449478e2e15e1_mafia.exe

  • Size

    413KB

  • MD5

    19d8cc49328e94f2b04449478e2e15e1

  • SHA1

    c4c9af9722775f5601dd56bf769af1cb8d18e6df

  • SHA256

    5c4717a700462d20912f63494694671eb77953ddae2ec4496551cd07074a8a29

  • SHA512

    8fb0908ca53a8cf5e58fe40545e64f11f852fa1237cd250d68ff0e8c632cbada33b43360d7393e0421eda86c632663583b96a3c05b758b1f30580c6b0aa56e1b

  • SSDEEP

    6144:gVdvczEb7GUOpYWhNVynE/mFBqeBLtK2fRFZ0q+jTBBvOZMBT2P9mfLTdOYxZqHg:gZLolhNVyEiBU2/ZB+jSZMpwYxZqHg

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-05_19d8cc49328e94f2b04449478e2e15e1_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-05_19d8cc49328e94f2b04449478e2e15e1_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2032
    • C:\Users\Admin\AppData\Local\Temp\77CF.tmp
      "C:\Users\Admin\AppData\Local\Temp\77CF.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-05-05_19d8cc49328e94f2b04449478e2e15e1_mafia.exe 1EDDD5BBEB7ED639C756950CF6AC62A8791D8883480EC3FB27BFC15F028F753B00AC2A6AB0C7824A2EB86217311BA1E741A8D5FA8C07939FAF392E8E15D34114
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\77CF.tmp

    Filesize

    413KB

    MD5

    1401564a0322daa4ab2eec7451857f6a

    SHA1

    678f98c01b29d4cca901dc731c41b192e1d06088

    SHA256

    d197bc636d4980fbc47c03b23fec41fbe4003e86f14a1d67add2a9c1d4bb450f

    SHA512

    4d34e1a84209cbbc241e1705fa9c59625b07293ec52f6e3e0451aad9f87ec74edcc27e9c117f8176dba442a239d114f994f388e2417cb650505b70bebf90e7bd