Overview

overview

7

Static

static

3

2024-01-01...ia.exe

windows7-x64

7

2024-01-01...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    05/01/2024, 05:50

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-01_c797be449e27eb7855c8923ad5e1c1d1_mafia.exe

  • Size

    433KB

  • MD5

    c797be449e27eb7855c8923ad5e1c1d1

  • SHA1

    d3ad6893fedb751aeeac848a034666ce422c7978

  • SHA256

    d0bc2cf8c761dbcc9dd594a7f6d17d6f14fbfe8e72c1a0e77f51d55242a9942a

  • SHA512

    6f755869384a1180708d5f374969abf4d9488403f37039f71af1112da6e5dea24c5f6d718c655e4d55f75f5605aee9a987dcdce9a27aa289f04c18d0211b1777

  • SSDEEP

    12288:Ci4g+yU+0pAiv+MkB+C6EMjzQY9hw0u7ZtHn:Ci4gXn0pD+79Cjz7u7ZR

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-01_c797be449e27eb7855c8923ad5e1c1d1_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-01_c797be449e27eb7855c8923ad5e1c1d1_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1300
    • C:\Users\Admin\AppData\Local\Temp\6B7F.tmp
      "C:\Users\Admin\AppData\Local\Temp\6B7F.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-01_c797be449e27eb7855c8923ad5e1c1d1_mafia.exe EE24D2A05B9BBD1E14673704F2E0E813C188A3C1C0DC5CEEC44D1080E74DD97439477FC85E57CED26780F42CEBDE6BC12044FFF0ADA04CAB3901D1C2F34C055C
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2880

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\6B7F.tmp
          Filesize

          162KB

          MD5

          3bb872a318e9af44f996b21a8b32d724

          SHA1

          81662561bb73f00b7e4ebf2f09224c38ffdcc01d

          SHA256

          6c21db6c2c392768f111b9f166ca11a841f4d16b8a5f94ec7b90ba0c2f3c3ba0

          SHA512

          1c812e3780139d7a4dfc5ea61fb56f7250cc72bd6ba0b09f5971e2cd354c110269c5587e04fa3398d70d5dcb3f9b78f792102585be4e5833276cbcbadf40d0c8

          Download Submit

        • \Users\Admin\AppData\Local\Temp\6B7F.tmp
          Filesize

          151KB

          MD5

          9bb9542e19bf05af7f05dc67fa0c5da3

          SHA1

          ca547577d62daee3b00f332aeb53115f308c6113

          SHA256

          22756fda60c4ef47be721243e1c7c8be7909bd978be63ed0217e1a1711a972b7

          SHA512

          b8f7f6673dce0d29f76b16ca38ded7755dadf5d2c0c228493ec4d0aa68a813731c99fcf20788adf84304aa35885d66563766f1f4d44779c21d2a5ecd6529f131

          Download Submit