Overview

overview

7

Static

static

3

5863c71c75...JC.exe

windows7-x64

7

5863c71c75...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-08-2023 15:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5863c71c75b1083b72c9737ae33fdbeb_mafia_JC.exe

  • Size

    384KB

  • MD5

    5863c71c75b1083b72c9737ae33fdbeb

  • SHA1

    07e6a2d5155d8095fcf5ff64391bda79d3df27e3

  • SHA256

    926072f24c767c038d2e5bff9cd3e4cfcffb55f8abeb4457739334fe3cb313c2

  • SHA512

    333d66184e7dc9936f80ff3f50195f2ecc6396ce5bd5a662e13344d32cdf060be6c9045667663be2d4a3bbf2cd5c96e84851896e11ef1f89ca266500c1d06761

  • SSDEEP

    6144:drxfv4co9ZL3GBGgjODxbf7hHiqJABS0qP6r4XA0RpqNE+ixPmzF+2Z:Zm48gODxbzg+8r4XA0RpqWS1Z

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5863c71c75b1083b72c9737ae33fdbeb_mafia_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\5863c71c75b1083b72c9737ae33fdbeb_mafia_JC.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2168
    • C:\Users\Admin\AppData\Local\Temp\78CA.tmp
      "C:\Users\Admin\AppData\Local\Temp\78CA.tmp" --pingC:\Users\Admin\AppData\Local\Temp\5863c71c75b1083b72c9737ae33fdbeb_mafia_JC.exe 653E75A71C3D62DC6EF02DD70FB20AB38BB280DE6A3A9CDC2323AC1700009133065014D6651D5F1BF68D766EA57FFE59AEFBD369FD64014FAFF47975921AA8E3
      2⤵
      • Executes dropped EXE
      PID:3696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\78CA.tmp
    Filesize

    384KB

    MD5

    7cff2297c9d36fc25761fcaa81d05b05

    SHA1

    51ef2e8cc010a577d611216d77780ab9e5fe53c1

    SHA256

    c41e54b4c99479c485fb139eff709c3c61c15df215a5591ae40ef3fa4ce7f179

    SHA512

    ffb74fb3e7ffb1a2d08383adf40731ec285d291756908d5e67858538c531c55b13159a3efd134679f5773b07fb7678cee852a6f1dd7b7c1791a2147dcc1d0c61

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\78CA.tmp
    Filesize

    384KB

    MD5

    7cff2297c9d36fc25761fcaa81d05b05

    SHA1

    51ef2e8cc010a577d611216d77780ab9e5fe53c1

    SHA256

    c41e54b4c99479c485fb139eff709c3c61c15df215a5591ae40ef3fa4ce7f179

    SHA512

    ffb74fb3e7ffb1a2d08383adf40731ec285d291756908d5e67858538c531c55b13159a3efd134679f5773b07fb7678cee852a6f1dd7b7c1791a2147dcc1d0c61

    Download Submit