Overview

overview

7

Static

static

3

30e9180000...JC.exe

windows7-x64

7

30e9180000...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    18/08/2023, 15:26

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    30e91800003261c60ae96e5081d45d7d_mafia_JC.exe

  • Size

    443KB

  • MD5

    30e91800003261c60ae96e5081d45d7d

  • SHA1

    b2f116c012af113a60fa8e2ff961903182f4d294

  • SHA256

    bb8150c56e0485457096364631f34c439eacb50f829da67b288a9ee22d34a356

  • SHA512

    4608d2830baa45cc730fc58f08e0c76088c504bdd82cb1683816d159aaa0189ec95213307bb8635f390ff03ef4da3500ce718b3a69db98803d4656942b3701c5

  • SSDEEP

    12288:Wq4w/ekieZgU60enlBGnH+atMZH+W4zLlMa:Wq4w/ekieH6llBGnbk6P

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\30e91800003261c60ae96e5081d45d7d_mafia_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\30e91800003261c60ae96e5081d45d7d_mafia_JC.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:324
    • C:\Users\Admin\AppData\Local\Temp\F815.tmp
      "C:\Users\Admin\AppData\Local\Temp\F815.tmp" --helpC:\Users\Admin\AppData\Local\Temp\30e91800003261c60ae96e5081d45d7d_mafia_JC.exe C9BC63ECC534607BDEF39FA0F2BA71059453318D7BFD371F893FDB796D47A9708D13D8F2FDD16F45319FCC357FE4ADEA6AEFF71E37CDFEF8E639AD6763843B25
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2088

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\F815.tmp
          Filesize

          443KB

          MD5

          fafc1a293940ca249269dcc699832f18

          SHA1

          5338e8c0da213806016fb4c3e30b44905c53c6a2

          SHA256

          f5b0fe85241d5fea652994dc56832d5e154eb8c7759901cd37e74f1f04d1ac65

          SHA512

          2c30271b28a452a218f213b869c82a74d2d8322585421940303bbb815140eb31665502013b1efaec6b9eb482ff81089b66e42a1b7d4bce08ff79219ef2cfe395

          Download Submit

        • \Users\Admin\AppData\Local\Temp\F815.tmp
          Filesize

          443KB

          MD5

          fafc1a293940ca249269dcc699832f18

          SHA1

          5338e8c0da213806016fb4c3e30b44905c53c6a2

          SHA256

          f5b0fe85241d5fea652994dc56832d5e154eb8c7759901cd37e74f1f04d1ac65

          SHA512

          2c30271b28a452a218f213b869c82a74d2d8322585421940303bbb815140eb31665502013b1efaec6b9eb482ff81089b66e42a1b7d4bce08ff79219ef2cfe395

          Download Submit