Overview

overview

7

Static

static

3

2023-08-26...JC.exe

windows7-x64

7

2023-08-26...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    01/10/2023, 21:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2023-08-26_f6d67a95ba885012fc3718700addc6da_mafia_JC.exe

  • Size

    473KB

  • MD5

    f6d67a95ba885012fc3718700addc6da

  • SHA1

    d60ddaf71510410bda1dc1d7f7814ffc97bb2a9a

  • SHA256

    951891b6d4dd3e2ff6f1a9dd65d35f047de4205e689593de4a9eab3bcd56c12c

  • SHA512

    125599573bf8f8c621e3f733fa57cc41a7ae36ea99abf104d1cf3ba3b589f586216d8d6624ec9bdbd3c71c0b87fe7e3e4f0634a7d4532a579e5e7c01b91e3e04

  • SSDEEP

    12288:Nb4bZudi79LA8yZpSDyCpO6zcyC69PA0a:Nb4bcdkL9yZKwvH

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2023-08-26_f6d67a95ba885012fc3718700addc6da_mafia_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\2023-08-26_f6d67a95ba885012fc3718700addc6da_mafia_JC.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2544
    • C:\Users\Admin\AppData\Local\Temp\4376.tmp
      "C:\Users\Admin\AppData\Local\Temp\4376.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2023-08-26_f6d67a95ba885012fc3718700addc6da_mafia_JC.exe BA067B2265C7F5FD197EF5CF564C6B979432DBCB39EBF318183154117FBF73556469CB1984AEB4DA87734494DF1DCBEAD2D4C426B2543DEDC23F170BC03DFC52
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4376.tmp
    Filesize

    473KB

    MD5

    fc8a601363cb656352ede69685fb4d7d

    SHA1

    761157c7eab3577f54f13c9d71973d20c33f03a4

    SHA256

    31c23cef1f3e81bfa8b7014dd99ce59a2fb2490c3e72e3fe92e3b24d1313007d

    SHA512

    af418298f65e234d81b72bc99f7e3a04c6d4d11e9f613f9ab3e4d2375174fa50d01bddb6f742cf06c074c99f1e317323d01f67a145a8d87aced5376b46df0e04

    Download Submit

  • \Users\Admin\AppData\Local\Temp\4376.tmp
    Filesize

    473KB

    MD5

    fc8a601363cb656352ede69685fb4d7d

    SHA1

    761157c7eab3577f54f13c9d71973d20c33f03a4

    SHA256

    31c23cef1f3e81bfa8b7014dd99ce59a2fb2490c3e72e3fe92e3b24d1313007d

    SHA512

    af418298f65e234d81b72bc99f7e3a04c6d4d11e9f613f9ab3e4d2375174fa50d01bddb6f742cf06c074c99f1e317323d01f67a145a8d87aced5376b46df0e04

    Download Submit