Overview

overview

7

Static

static

3

0f0b6efcd3...JC.exe

windows7-x64

7

0f0b6efcd3...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    16-08-2023 18:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0f0b6efcd3a16c3b3c8eb3db527e105d_mafia_JC.exe

  • Size

    412KB

  • MD5

    0f0b6efcd3a16c3b3c8eb3db527e105d

  • SHA1

    24e8364e0215bbf2734cdf72f810b3fde7b67f18

  • SHA256

    23a3c67cfa871df2bf7cdee2695b8d93305bc88eb37a40348d05a4e31752338f

  • SHA512

    490ecbc59dc2f243125ff731f2c7ef497e7b86f2b94bf6b33e1f49a77b1db8d265c6b39daff679d15a0432c93dae7cc957f662ab301299170a19fc5c0d6f751f

  • SSDEEP

    12288:U6PCrIc9kph5a0RSyMxnaKEtyPf0mPmv:U6QIcOh5a0DbNtG

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0f0b6efcd3a16c3b3c8eb3db527e105d_mafia_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\0f0b6efcd3a16c3b3c8eb3db527e105d_mafia_JC.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1176
    • C:\Users\Admin\AppData\Local\Temp\C590.tmp
      "C:\Users\Admin\AppData\Local\Temp\C590.tmp" --pingC:\Users\Admin\AppData\Local\Temp\0f0b6efcd3a16c3b3c8eb3db527e105d_mafia_JC.exe E5A508A288B2166502513C81919BA09541F39D30321F57B7A4C6C7749BC550D646435B4FE75426549A281093CD1876919D76CD40C69EFBD52DFB9967299F5440
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\C590.tmp
    Filesize

    412KB

    MD5

    8ade892b8c920fc37eb5e18daa704bc0

    SHA1

    51a785bdc9e4b16e1233a0857d60aa65316a3fe3

    SHA256

    3e008cac6a01042eec9095ce0c2febc144015652946f19afb13f5c84594fbcf4

    SHA512

    c151ccea20bf7d9212125868105855db93282113dca8c734c172b926b3b578f1cb28bc64f5d106fb2fdc228652476b9e8b6b17c66de4c8387e48c6448db7e992

    Download Submit

  • \Users\Admin\AppData\Local\Temp\C590.tmp
    Filesize

    412KB

    MD5

    8ade892b8c920fc37eb5e18daa704bc0

    SHA1

    51a785bdc9e4b16e1233a0857d60aa65316a3fe3

    SHA256

    3e008cac6a01042eec9095ce0c2febc144015652946f19afb13f5c84594fbcf4

    SHA512

    c151ccea20bf7d9212125868105855db93282113dca8c734c172b926b3b578f1cb28bc64f5d106fb2fdc228652476b9e8b6b17c66de4c8387e48c6448db7e992

    Download Submit