Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    23-10-2023 19:42

General

  • Target

    NEAS.2023-09-05_25e3b87e7b91c37518f6829738607e7b_mafia_JC.exe

  • Size

    444KB

  • MD5

    25e3b87e7b91c37518f6829738607e7b

  • SHA1

    e821c4cb69b72e3893845847cbdfd4f468f3e6d9

  • SHA256

    6fee90b8c063fd5de60e48c113a6aa49f503b0680d1d291a45303ab6619062cd

  • SHA512

    9860affad8761fd269a7c71adc61a15dfabc9f7f5aeba6d83900f55c98256f2b6f1679bfaa018307ce2cc9606f4fe95cac8e394fc065ed3107cbf64a69793b84

  • SSDEEP

    12288:Nb4bZudi79L05bb3q2Hg1te8i3gVSTNw1A:Nb4bcdkLurRA1tZi3gV0Nw

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-05_25e3b87e7b91c37518f6829738607e7b_mafia_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-05_25e3b87e7b91c37518f6829738607e7b_mafia_JC.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2920
    • C:\Users\Admin\AppData\Local\Temp\8DFD.tmp
      "C:\Users\Admin\AppData\Local\Temp\8DFD.tmp" --helpC:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-05_25e3b87e7b91c37518f6829738607e7b_mafia_JC.exe E56AFC307A3D5369D6A3C0ADAE23D64800F30BCD35A3AA89C6DDA32418984BBB1EECDFF4113351EB9EA933962CCD5630B9EEA695D389C6E7B42D09155BC03236
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2152

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\8DFD.tmp

    Filesize

    444KB

    MD5

    31c07ee99394538817e7c004ae5cc2cb

    SHA1

    00c521a5324edb7158f2a376afe2384833521e82

    SHA256

    7323e40e2457ea6e48a471ad16870ea47a3601997a3e2e1cf234870ab1b27d4e

    SHA512

    157a1051b6818207945251fe6f5e27e9de58005a0c27f9e417a49f978ea67f9a0c783b9e14a6062e2878631f0d440d5128811329f7c1e9920dd990a1ae9ad42b

  • \Users\Admin\AppData\Local\Temp\8DFD.tmp

    Filesize

    444KB

    MD5

    31c07ee99394538817e7c004ae5cc2cb

    SHA1

    00c521a5324edb7158f2a376afe2384833521e82

    SHA256

    7323e40e2457ea6e48a471ad16870ea47a3601997a3e2e1cf234870ab1b27d4e

    SHA512

    157a1051b6818207945251fe6f5e27e9de58005a0c27f9e417a49f978ea67f9a0c783b9e14a6062e2878631f0d440d5128811329f7c1e9920dd990a1ae9ad42b