Overview

overview

7

Static

static

3

1be578f64a...JC.exe

windows7-x64

7

1be578f64a...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    17/08/2023, 17:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1be578f64a3ff9cdf4c08d5c90da1a47_mafia_JC.exe

  • Size

    444KB

  • MD5

    1be578f64a3ff9cdf4c08d5c90da1a47

  • SHA1

    95446c6b6a20d367ee8ae664281bc8ea697cf8b5

  • SHA256

    3d9dff0453f2065ce1e56ff8797bb2497165d9057fb4677b08b0c1922ec9a630

  • SHA512

    288c9c430cc090a0bc83bc22ab5e272db500ae1bf79d3169bee9659accd093c85cbfe8440712804a8b444b846d0fe65c95750b2eb513b0b35583402e62e90a7e

  • SSDEEP

    6144:fFrJxvldL4c5ONK1xgWbd1s79+iStYlE6s3eazNnxpClYfBugQZdSGlx7SA:Nb4bZudi79LDlE6s3eazNxpbfowGSA

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1be578f64a3ff9cdf4c08d5c90da1a47_mafia_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\1be578f64a3ff9cdf4c08d5c90da1a47_mafia_JC.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1588
    • C:\Users\Admin\AppData\Local\Temp\77FD.tmp
      "C:\Users\Admin\AppData\Local\Temp\77FD.tmp" --helpC:\Users\Admin\AppData\Local\Temp\1be578f64a3ff9cdf4c08d5c90da1a47_mafia_JC.exe FB73F579CAE8DC66C3856D83C033BE57391EF966BE6DC2507926B15F32E0E0C549BBA53DB0C79712779637B0630F3350651AD6AE0C886131B7AE36A2077FBCE0
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2152

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\77FD.tmp
    Filesize

    444KB

    MD5

    fd95e539021c713255c363f1ce781ce0

    SHA1

    944f075292be71ff26721348bda3478823da07ab

    SHA256

    bfcd9df97f35f758680e15ef5ee71e8035ff64f0faa1f6171275d90cebe8e0af

    SHA512

    bf56cfadbf37a27581d885a06fd720a9ee9d20caf0a54ce4ba82951f36d848a96c71003ba821dd1d8b0f6e8f729fcc78069481533180c7752bcb1748bae92a90

    Download Submit

  • \Users\Admin\AppData\Local\Temp\77FD.tmp
    Filesize

    444KB

    MD5

    fd95e539021c713255c363f1ce781ce0

    SHA1

    944f075292be71ff26721348bda3478823da07ab

    SHA256

    bfcd9df97f35f758680e15ef5ee71e8035ff64f0faa1f6171275d90cebe8e0af

    SHA512

    bf56cfadbf37a27581d885a06fd720a9ee9d20caf0a54ce4ba82951f36d848a96c71003ba821dd1d8b0f6e8f729fcc78069481533180c7752bcb1748bae92a90

    Download Submit