Overview

overview

7

Static

static

3

2023-08-25...JC.exe

windows7-x64

7

2023-08-25...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    167s
  • max time network
    176s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/10/2023, 03:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2023-08-25_46804916817f43f16b5c9faee015265a_mafia_JC.exe

  • Size

    414KB

  • MD5

    46804916817f43f16b5c9faee015265a

  • SHA1

    c0fe7aa16c29fa4b2281b1f32f9462017ae9bee4

  • SHA256

    f3d9541e45ddba11673424220aaef99275ff667b180facce95bf5f36ed1bfea6

  • SHA512

    d6ff60aae0072dd753b46ac2ab2f13123d88e0fe22e4db5691cce19f14cb3d2aabc7b0150728d27e842aee5b57fd4c6b422953b79ad541144fbe369851dd297e

  • SSDEEP

    6144:Wucyz4obQmKkWb6ekie+ogU6BYSVaH0f43YcQAFE93XvLwC9Cl6v4gQl:Wq4w/ekieZgU6bg3GLwCvw5l

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2023-08-25_46804916817f43f16b5c9faee015265a_mafia_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\2023-08-25_46804916817f43f16b5c9faee015265a_mafia_JC.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3272
    • C:\Users\Admin\AppData\Local\Temp\FCAF.tmp
      "C:\Users\Admin\AppData\Local\Temp\FCAF.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2023-08-25_46804916817f43f16b5c9faee015265a_mafia_JC.exe 663D2ED223774E8FDA8E4855256667A8AB37048999B7E7F0AA4BBFE10E89F56A5BFC5DC82667A63B214D901637244E1CC70586FA4CE0309F282E6E238B96D31C
      2⤵
      • Executes dropped EXE
      PID:800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\FCAF.tmp
    Filesize

    414KB

    MD5

    6e58126bff518001e9ca3275f0888d35

    SHA1

    1819d07df7b4014ab51ff506d47202c69623184d

    SHA256

    8cca59f34d0df90f95f1f81088ae1002720721a8817d2945a56e1d8027456056

    SHA512

    2a477bd0277448cc44c7e61f3ccbcd470c32cc53ca4f40932f4bbae068ce8491e08b00e28a7a2d48491acc5cbf40353b621fc94172387e79bd919465fb7076d4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\FCAF.tmp
    Filesize

    414KB

    MD5

    6e58126bff518001e9ca3275f0888d35

    SHA1

    1819d07df7b4014ab51ff506d47202c69623184d

    SHA256

    8cca59f34d0df90f95f1f81088ae1002720721a8817d2945a56e1d8027456056

    SHA512

    2a477bd0277448cc44c7e61f3ccbcd470c32cc53ca4f40932f4bbae068ce8491e08b00e28a7a2d48491acc5cbf40353b621fc94172387e79bd919465fb7076d4

    Download Submit