Overview

overview

7

Static

static

3

2024-01-01...ia.exe

windows7-x64

7

2024-01-01...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    05/01/2024, 05:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-01_8bd307f6e871513c83fc8f7f7a1a960f_mafia.exe

  • Size

    479KB

  • MD5

    8bd307f6e871513c83fc8f7f7a1a960f

  • SHA1

    6101afd7e66b41f1e69834ebca2ce7b090e9bbf0

  • SHA256

    b2a24c335f9d69320dc39269532f10d2e4e5cd3ab1936d0f46ab384d85d5142f

  • SHA512

    46feaf4eb1b9f80ddf860cee75f9909126ab76346a0931c144ac53eca3866a00b87feeaea489577966a97a690a9a1759d3e2767bc296651a05e1f1c37dc084a4

  • SSDEEP

    12288:bO4rfItL8HAplWnEFI8UZeXbacWwI4ob75UO:bO4rQtGAXxUQ+cmbVUO

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-01_8bd307f6e871513c83fc8f7f7a1a960f_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-01_8bd307f6e871513c83fc8f7f7a1a960f_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2360
    • C:\Users\Admin\AppData\Local\Temp\148A.tmp
      "C:\Users\Admin\AppData\Local\Temp\148A.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-01_8bd307f6e871513c83fc8f7f7a1a960f_mafia.exe 64C92846FEF9F08676F2253095223B8C8BE7597013804F936795DEC43BA6CF4867FF533BF89C8DDA2752D451B9EC4F032FC65EB12A9B6136D8603123735000EB
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\148A.tmp
    Filesize

    13KB

    MD5

    a1ed136191b5ca9911cb087808b3d70a

    SHA1

    55abb0fadcfa466e37bd53402eca7ea18c2d9662

    SHA256

    a581ec97c3526a27c873372afc5b7ca4d1a6d0aea0510f63d043d557851ad3f5

    SHA512

    a0f62c9571f66623b3ad35dc449998a2b3ff1ce7e0448b0bde18200ce34d9ba7565bcacf99e40b994f48af16f25f70ffd64cdd678d9c58e1fc9a2aeae9dc20fd

    Download Submit

  • \Users\Admin\AppData\Local\Temp\148A.tmp
    Filesize

    33KB

    MD5

    3b06d5b7a319e682ea1bfa44f71d9928

    SHA1

    02c6cf878b6c7b0ac1906e1f0dafe7b384ebca03

    SHA256

    a37ffd22403b82b78dea9c08919d781fcd86c2b6d1c2b6161999feb47ff01696

    SHA512

    ce8670e8a339833cb04191ec7461cebd35f5c8d7ca094d160e5fd4044a3f9822d16ee9c55b1556b365ce6888777233a50ca5805e585c05ace272515a888728db

    Download Submit