Overview

overview

7

Static

static

3

6b80515b69...JC.exe

windows7-x64

7

6b80515b69...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    05-08-2023 10:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6b80515b69e691da62a1bec94f81e980_mafia_JC.exe

  • Size

    384KB

  • MD5

    6b80515b69e691da62a1bec94f81e980

  • SHA1

    d19e1b6ff42121ee476ea85e420f8cd05c6e7a56

  • SHA256

    8e1f576adaabbbe5881e64aa728704a8869db6110c6cf0c8f87316a4ea37d5c8

  • SHA512

    c91252cd634e7a04b043413d001770d015f26bfb4db41d5363e219609020a6367070ee4db2ef163b1ac1198bb7db89677ca85ffeae24e39630be509b0a4498d9

  • SSDEEP

    6144:drxfv4co9ZL3GBGgjODxbf7hHSjXubmly17QE3d24vWvAvbYotxYyJZ:Zm48gODxbz0+bmlQ7JrvO0bXYyJZ

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6b80515b69e691da62a1bec94f81e980_mafia_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\6b80515b69e691da62a1bec94f81e980_mafia_JC.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2880
    • C:\Users\Admin\AppData\Local\Temp\8B01.tmp
      "C:\Users\Admin\AppData\Local\Temp\8B01.tmp" --pingC:\Users\Admin\AppData\Local\Temp\6b80515b69e691da62a1bec94f81e980_mafia_JC.exe 66ADB65AFEB589EA5C536676E21316042046670D187987B20BFF9098A098C349AC1BCB53ADBF62506277FB76A3FEB820950A15234CE85BD45C61D3A34F0471CB
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2408

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\8B01.tmp
    Filesize

    384KB

    MD5

    6dd4c12d5daa4c8daeab509e797625ff

    SHA1

    8a03ed6c030874756c12dfae8ccf8f8c8d99e359

    SHA256

    05ed98405a66d3d2f5a112bf6b2769e21bc8d057e215b7ed4125ad630f02fe23

    SHA512

    c430386004dfbdeb57fb356c3ffa709b2c6a9210fc489c298893f9572d504ee6349a9c5bd37fde5987cab64489cad537c068a8fc8e34e95901bea4925ca74a78

    Download Submit

  • \Users\Admin\AppData\Local\Temp\8B01.tmp
    Filesize

    384KB

    MD5

    6dd4c12d5daa4c8daeab509e797625ff

    SHA1

    8a03ed6c030874756c12dfae8ccf8f8c8d99e359

    SHA256

    05ed98405a66d3d2f5a112bf6b2769e21bc8d057e215b7ed4125ad630f02fe23

    SHA512

    c430386004dfbdeb57fb356c3ffa709b2c6a9210fc489c298893f9572d504ee6349a9c5bd37fde5987cab64489cad537c068a8fc8e34e95901bea4925ca74a78

    Download Submit