Overview

overview

7

Static

static

3

911d866eca...JC.exe

windows7-x64

7

911d866eca...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    128s
  • max time network
    134s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/08/2023, 18:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    911d866eca7dde3b5f0ee003dfe213a6_mafia_JC.exe

  • Size

    412KB

  • MD5

    911d866eca7dde3b5f0ee003dfe213a6

  • SHA1

    82edbfc92602983d1fca5a227b78c953c886af89

  • SHA256

    6399ad85c2db9bf83240b086ac6d1e98b26ef3086eee63cb585fb44d5f722580

  • SHA512

    f58fbbc54d2253af6389fe16812cda1bca5bb3bb68b65a1a938da903770c9c3084e6df3058687dd70b148080b6ddb5fcaac4e993e51075586f3facfce1cb263a

  • SSDEEP

    6144:UooTAQjKG3wDGAeIc9kphIoDZnVQRJoQS3CUwBHkckUoYueO9QdiOLcDxRtP6P:U6PCrIc9kph5zQkwBEckIdiOYBi

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\911d866eca7dde3b5f0ee003dfe213a6_mafia_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\911d866eca7dde3b5f0ee003dfe213a6_mafia_JC.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4460
    • C:\Users\Admin\AppData\Local\Temp\A894.tmp
      "C:\Users\Admin\AppData\Local\Temp\A894.tmp" --pingC:\Users\Admin\AppData\Local\Temp\911d866eca7dde3b5f0ee003dfe213a6_mafia_JC.exe C00B7AC4335BEFE675E6D9968C7F93F27A3FC4DAA723AE8D9E6193AED47D422892BA3C4298805D97DE4A98BF9F882284311773FB384B754CD66495EC600C3D8F
      2⤵
      • Executes dropped EXE
      PID:660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\A894.tmp
    Filesize

    412KB

    MD5

    582332ed5b6669cdc72558f7ebd9bd66

    SHA1

    643954c9468c558d8a6937467e078865cb5c5149

    SHA256

    825317ef167229c6af5a6f16e24702180699eef5e17351973dd5a92f018bdc23

    SHA512

    4febad2f397187628577b5bd668fd24904c67317584be00ff4793cad6a7c5d97632e26437f0a0c901c8f8c752b10953b8168d00e5f9fbdaa97ad862539bfb692

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\A894.tmp
    Filesize

    412KB

    MD5

    582332ed5b6669cdc72558f7ebd9bd66

    SHA1

    643954c9468c558d8a6937467e078865cb5c5149

    SHA256

    825317ef167229c6af5a6f16e24702180699eef5e17351973dd5a92f018bdc23

    SHA512

    4febad2f397187628577b5bd668fd24904c67317584be00ff4793cad6a7c5d97632e26437f0a0c901c8f8c752b10953b8168d00e5f9fbdaa97ad862539bfb692

    Download Submit