Overview

overview

7

Static

static

3

789663544c...JC.exe

windows7-x64

7

789663544c...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    23/08/2023, 16:38

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    789663544c0dd101137d5a96977cb23b_mafia_JC.exe

  • Size

    444KB

  • MD5

    789663544c0dd101137d5a96977cb23b

  • SHA1

    ec60185f73543854ab8796679285ebbdb6b266a3

  • SHA256

    2d7eb07e4b2bd611d108a3bd45b4c5137afee51453a7d747f4aadb2a2c69bb19

  • SHA512

    f9dd260ecfdbf18a52be4a6a40597ee81a459684afac4d5bc3e42f172941daae35b9011cba2d65426513ec5efe3d7453eb0a1b2ae38114f9216d8ffb5ed9ce00

  • SSDEEP

    6144:fFrJxvldL4c5ONK1xgWbd1s79+iStahx0gsXr8RaKOJoGAr91UW9+kLkAa3vSF+N:Nb4bZudi79LJsO3XUW9Da3KEpmccA

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\789663544c0dd101137d5a96977cb23b_mafia_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\789663544c0dd101137d5a96977cb23b_mafia_JC.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1660
    • C:\Users\Admin\AppData\Local\Temp\8D13.tmp
      "C:\Users\Admin\AppData\Local\Temp\8D13.tmp" --helpC:\Users\Admin\AppData\Local\Temp\789663544c0dd101137d5a96977cb23b_mafia_JC.exe 518347347E8BCA616C6EFFE8AECEACDD971BE352BD207952D59AEBC102C89AC0BCB6DA7B78C32FDD44ECA4351F130EC0FF3AD234257B58090ECF7EBE35321B77
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2192

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\8D13.tmp
          Filesize

          444KB

          MD5

          fcc62e0241b25e2ad465fd9035a51faa

          SHA1

          6c6634cd7136227f4b04320f51465f50970c24ea

          SHA256

          7fb5771297aef3cfe4e089cb4d6066083e0e1ea5fdf1b4ff22a0238f1a030ab2

          SHA512

          e89e2a8333f4c4efb2fd5891fd638b20647de0e0c0388b78c023e52c52acecfdd592295ecaae9196ef6e4cbae4f4a2faa189d3f51a6e080cb1c05e0d00de09cc

          Download Submit

        • \Users\Admin\AppData\Local\Temp\8D13.tmp
          Filesize

          444KB

          MD5

          fcc62e0241b25e2ad465fd9035a51faa

          SHA1

          6c6634cd7136227f4b04320f51465f50970c24ea

          SHA256

          7fb5771297aef3cfe4e089cb4d6066083e0e1ea5fdf1b4ff22a0238f1a030ab2

          SHA512

          e89e2a8333f4c4efb2fd5891fd638b20647de0e0c0388b78c023e52c52acecfdd592295ecaae9196ef6e4cbae4f4a2faa189d3f51a6e080cb1c05e0d00de09cc

          Download Submit