Overview

overview

7

Static

static

3

4842557970...JC.exe

windows7-x64

7

4842557970...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    03/08/2023, 15:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4842557970d9bd0a73e6fc4824c0ba6d_mafia_JC.exe

  • Size

    414KB

  • MD5

    4842557970d9bd0a73e6fc4824c0ba6d

  • SHA1

    11de60cdd397c7d7449e4a844c87d6cc1933a032

  • SHA256

    6bfc47c1a6abaaa9f3cf6ddee9fccd9db65ad7d68dbb0b03558782353630bef0

  • SHA512

    f8769e39e47f5c487aecc353ad05d832d40bfd0c0699bbcc26474ec5ee06480aec8bc21a14d07abd28ded441ad7e9b8540cddf944e94a0b5f87358db3e9cb50b

  • SSDEEP

    6144:Wucyz4obQmKkWb6ekie+ogU6BYzCPkCDit97GVY28HO+VmhdKwQcLS+iq7FMDlx:Wq4w/ekieZgU6YCHetgKlmKvcLFFilx

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4842557970d9bd0a73e6fc4824c0ba6d_mafia_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4842557970d9bd0a73e6fc4824c0ba6d_mafia_JC.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1580
    • C:\Users\Admin\AppData\Local\Temp\74B3.tmp
      "C:\Users\Admin\AppData\Local\Temp\74B3.tmp" --helpC:\Users\Admin\AppData\Local\Temp\4842557970d9bd0a73e6fc4824c0ba6d_mafia_JC.exe 3DDEE8FFD2CE97827B723399BE518BBD06C65730FE698924C0E0B0A79D1BD5335451282268748AD414891E10090F8834D2BEA1251A0CFF95F21312A088DE3B10
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\74B3.tmp
    Filesize

    414KB

    MD5

    e8530d5cb429a417c261f6c29786f930

    SHA1

    2a2ab2dcc96304c2be3a1e7818c8263ac71b680c

    SHA256

    5babc8f9d5a41dc78ae59de673b013ae500ca8c8c97973b11b90baa9f4e73f13

    SHA512

    e8bf1ae32705a38a6626956e76b88896e0f57869b091da7dc4e091ffbd331745951bb723a6becc400fe39e538d506461ce187df6dbd25daee8b7e38e5b6e7f4d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\74B3.tmp
    Filesize

    414KB

    MD5

    e8530d5cb429a417c261f6c29786f930

    SHA1

    2a2ab2dcc96304c2be3a1e7818c8263ac71b680c

    SHA256

    5babc8f9d5a41dc78ae59de673b013ae500ca8c8c97973b11b90baa9f4e73f13

    SHA512

    e8bf1ae32705a38a6626956e76b88896e0f57869b091da7dc4e091ffbd331745951bb723a6becc400fe39e538d506461ce187df6dbd25daee8b7e38e5b6e7f4d

    Download Submit