Overview

overview

7

Static

static

3

453bd3b84c...JC.exe

windows7-x64

7

453bd3b84c...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    02-08-2023 19:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    453bd3b84c40472237574e0e446c2c79_mafia_JC.exe

  • Size

    412KB

  • MD5

    453bd3b84c40472237574e0e446c2c79

  • SHA1

    40a7670e11e7335bba033fdc046554b3469f70e5

  • SHA256

    cd4495dfa3959a36bf633b238b485fed1667959b8d9ff9eb862efd40cfcc6e97

  • SHA512

    39a602a71ba8635882ab0ff900bc26758ec9b04fd6c5d0729e8a15d3a7e52222260d5e2d6250bd9f9b2ea9f4195f332c75c650741ad2385742753c461444d498

  • SSDEEP

    6144:UooTAQjKG3wDGAeIc9kphIoDZnJ6DZggohFLlVrV9KHnBnLh2LIKQSbP:U6PCrIc9kph5mgFhdHqBn92Eeb

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\453bd3b84c40472237574e0e446c2c79_mafia_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\453bd3b84c40472237574e0e446c2c79_mafia_JC.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2976
    • C:\Users\Admin\AppData\Local\Temp\6FF2.tmp
      "C:\Users\Admin\AppData\Local\Temp\6FF2.tmp" --pingC:\Users\Admin\AppData\Local\Temp\453bd3b84c40472237574e0e446c2c79_mafia_JC.exe A5E51BE6A88CA97B8CA067925A0B669A6CE6B778A93EB01873B440AE0BE1AB0BD429C65927E0BCF763C8BB1787D4A66398EA08D191E531E3179D15BF56BC597B
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\6FF2.tmp
    Filesize

    412KB

    MD5

    af5eb1ba249000dfa07fe41d02043263

    SHA1

    ca3e809dd9010530af9226589597478645e091da

    SHA256

    348fc1858ae293383370c2c42100216cc1db3fdef16506635c779d7d9d55a49a

    SHA512

    31270022c3295ca7fd9eb972ffbf6e4391f2a1ac92b792ba8779fe0d28fcea7a6e12f9be3e67e8dc97baa486bd85f500a39e99ae8a154bc6bf652aca5eed1d7f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\6FF2.tmp
    Filesize

    412KB

    MD5

    af5eb1ba249000dfa07fe41d02043263

    SHA1

    ca3e809dd9010530af9226589597478645e091da

    SHA256

    348fc1858ae293383370c2c42100216cc1db3fdef16506635c779d7d9d55a49a

    SHA512

    31270022c3295ca7fd9eb972ffbf6e4391f2a1ac92b792ba8779fe0d28fcea7a6e12f9be3e67e8dc97baa486bd85f500a39e99ae8a154bc6bf652aca5eed1d7f

    Download Submit