Overview

overview

7

Static

static

3

02ecd5c35b...JC.exe

windows7-x64

7

02ecd5c35b...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    15-08-2023 19:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    02ecd5c35b087779a92f0ea0a6cb0107_mafia_JC.exe

  • Size

    414KB

  • MD5

    02ecd5c35b087779a92f0ea0a6cb0107

  • SHA1

    76b04cb89e3f88f15f40a030505f1d6950fb4bd7

  • SHA256

    911d0e99951bdb05964724082b170a03f260519a8219395beef3e4d8c56f7d5a

  • SHA512

    43411b3da860125785330338196c727614e15ac9ca236978cfbf55a7ffe669f8ee63a865a833ad9f4646930c76f9a477efbfff00d73799050fba933ab574fb3e

  • SSDEEP

    12288:Wq4w/ekieZgU6vjw8Lb9gkcGlCnjuuVvgHl:Wq4w/ekieH6v08NgRwCjLY

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\02ecd5c35b087779a92f0ea0a6cb0107_mafia_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\02ecd5c35b087779a92f0ea0a6cb0107_mafia_JC.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1632
    • C:\Users\Admin\AppData\Local\Temp\8353.tmp
      "C:\Users\Admin\AppData\Local\Temp\8353.tmp" --helpC:\Users\Admin\AppData\Local\Temp\02ecd5c35b087779a92f0ea0a6cb0107_mafia_JC.exe AF3EB5AF5826F18597E077752DF5F387D9889C3CDB9E0FAFF35777BBF3D60263C6660B6CBE282C6B6103BDD8BC2997D289CB69A3A6595E8F1740EC962677780D
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\8353.tmp
    Filesize

    414KB

    MD5

    e6939aedbafd9ac348a3c2d6d752a598

    SHA1

    bf7e441afc29eabaaef0815a8676bfcbd90e45a0

    SHA256

    a3d89618ccd3cb3b9dc5406c6befe9b58a81560362dd9c500901ea30b98d0f63

    SHA512

    5b4cf6abad565b95204906d2aeca7b72b8b8e416ea59c6692b902c6f3655e8adc2f6a8d6adf08f2aa28ff88114fcbaee34a88f42aa35af77ad1d26ed632f3643

    Download Submit

  • \Users\Admin\AppData\Local\Temp\8353.tmp
    Filesize

    414KB

    MD5

    e6939aedbafd9ac348a3c2d6d752a598

    SHA1

    bf7e441afc29eabaaef0815a8676bfcbd90e45a0

    SHA256

    a3d89618ccd3cb3b9dc5406c6befe9b58a81560362dd9c500901ea30b98d0f63

    SHA512

    5b4cf6abad565b95204906d2aeca7b72b8b8e416ea59c6692b902c6f3655e8adc2f6a8d6adf08f2aa28ff88114fcbaee34a88f42aa35af77ad1d26ed632f3643

    Download Submit