Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
14/05/2024, 21:23
General
-
Target
2024-05-14_d305a06025bd11972b1976ec4f44725c_mafia.exe
-
Size
413KB
-
MD5
d305a06025bd11972b1976ec4f44725c
-
SHA1
050f72b1ad36e035c39612a30ee3c913be379515
-
SHA256
89594d0c6fcc14221c50d70b1f2f8756aedeb1da3be18acd3e54ffe649f309d6
-
SHA512
8f4f1d21125f86a92d319d314cf83bfb81d88c661927ad7d669146d56cf22cc2604e8e9f2f6a50abadfd5dfde7692c81515f89ed711d2cc993ce0314f3199075
-
SSDEEP
6144:gVdvczEb7GUOpYWhNVynE/mFqjNu7lU6vZblAb5zRkJ9iEDPZ4qHg:gZLolhNVyERUlhbKbwvB4qHg
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-14_d305a06025bd11972b1976ec4f44725c_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-14_d305a06025bd11972b1976ec4f44725c_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3930.tmp"C:\Users\Admin\AppData\Local\Temp\3930.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-05-14_d305a06025bd11972b1976ec4f44725c_mafia.exe 8FB6EFCFEA99C7E4B538771017958BBC11FA5C2FBFA4287BD739266A0B97CB748044A0B40C7B65A8E3AD4B8D2C7D90372C15CA3528CF80BA604F2CDBB9FC14FB2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
413KB
MD5e22fe300c50b1474d19f484d05c60cc9
SHA1473eb8fce17afc0c5bc61b6f2d0ad76d53d94329
SHA256824f3640f43b263281504fe6b5c82769b5610a02b5a4910219269577c59aa6d7
SHA512c976875dc833e948d3a2271bd2ff70e210f721f330b8b7fef10eefb15ac99a8ee4be1d628056328f59bd4809b6577ccf3f59056753d5f58597226900f989e3dd