Analysis
-
max time kernel
132s -
max time network
122s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
-
submitted
05/05/2024, 05:45
General
-
Target
2024-05-05_de1dcedd77233076563373bddb48416c_mafia.exe
-
Size
428KB
-
MD5
de1dcedd77233076563373bddb48416c
-
SHA1
44c46bf9696e3ca21909ce1441b0766ba722054f
-
SHA256
a782419401dcb5f63fd29dfd33477bd7848047b662cd7d2e2ee303969bcd19be
-
SHA512
e1bbc0b72907d7251ca5c322f6332fca27690a9ffebf23f3c56f3afadff30fec4447de42fdb1415c8e44327dccec22ef58071d58c3ce5bcc0e7e54d65f190112
-
SSDEEP
6144:gVdvczEb7GUOpYWhNVynE/mFh0IOE9MU6Xq74XJSKLJ5to1bW8Qr+mhIaTWUqHR:gZLolhNVyETs61SKi9ZYrAUqHR
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-05_de1dcedd77233076563373bddb48416c_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-05_de1dcedd77233076563373bddb48416c_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\421A.tmp"C:\Users\Admin\AppData\Local\Temp\421A.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-05-05_de1dcedd77233076563373bddb48416c_mafia.exe 8C3FE579FB507DAD7985ED015CB73D25DE6BB2DE6FBBC8F19A223262E52CD424F09AC1BF2F1E81D2C8DFD82CDAF27A29DE24419F7BB708B6D7B4672558BE8AFC2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
428KB
MD5680333b8f7b85c0ef3d6f0e10c95114c
SHA16da26eb33010ffc8d17c27cb811707eb1e8919df
SHA25646422060a0b800bc05c3c99658ee6d4c46e2985e5194d10df7445ff2daba6551
SHA512c7fba5bf7a8c784807c4306b583b19fd7242cd9620402a2267343e5c953b4fd9d86f0b8f8246469ee9e387784f7ce9de50d676cc22f65ec1d24d507ee7be145e