Overview

overview

7

Static

static

3

2024-01-01...ia.exe

windows7-x64

7

2024-01-01...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    05-01-2024 05:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-01_e8530d1045162038a997139cd598f0d6_mafia.exe

  • Size

    468KB

  • MD5

    e8530d1045162038a997139cd598f0d6

  • SHA1

    096632288285f5982a05d21b17c1fe1f83467652

  • SHA256

    6d867dbb2bfc7a40abafc01efc581de1a7519cf82942ef5272be697edfab7a06

  • SHA512

    988171d258536e4567360bb7084c2bfc468a76828b0151eaf55b6e7da937edb4c96e1872b9d1b92c5c1be58cfeed257c9c4674502c18b46042e62961b0dbb551

  • SSDEEP

    12288:qO4rfItL8HG16zX2mX9vyZ4Nr0cmq7bWmeEVGL:qO4rQtGGM/XS4plmqumeEVGL

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1989.tmp
    "C:\Users\Admin\AppData\Local\Temp\1989.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-01_e8530d1045162038a997139cd598f0d6_mafia.exe EAAF01C09035C408A5152BBDCDB3A99F1765E9AB54B0B0BC2BAF093F12ABC44486DFC598E3B98A07006604D6ABC286C51F18E573F5E0760FCE077403148A876C
    1⤵
    • Deletes itself
    • Executes dropped EXE
    PID:2972
  • C:\Users\Admin\AppData\Local\Temp\2024-01-01_e8530d1045162038a997139cd598f0d6_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-01_e8530d1045162038a997139cd598f0d6_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\1989.tmp
    Filesize

    92KB

    MD5

    479fe9ba2fdc121e1591c143d45f6176

    SHA1

    da26dc58c0416939a7a79aa83216954a84b4a16b

    SHA256

    3dd8d813a950a2ecee25f2ee386f4e2079bf051d7c2cc3878f4a918e0d7d5797

    SHA512

    63289aae7fc4d88bd34804af4296bd29a913db4fd47993eeda220cf077eb10d19156fd1f4f7d3bd325bdbfc991716c0793e8ed5fd17ba5c7865106aaf3d8d114

    Download Submit

  • \Users\Admin\AppData\Local\Temp\1989.tmp
    Filesize

    237KB

    MD5

    4c9658a0438970e998eeb4e45607bc87

    SHA1

    0eeab4bb944939d90f7d2637d2d4a40f5b3223bd

    SHA256

    97a16c15252e39948101aceffad5bdebb830515c66f269056b1b164ae897ba23

    SHA512

    eaecf12d2fdccac22b7d0647b1ffcaf408b0e057280946139fbbe6b06e07bae3c15b09beca69e55e4d52a1fd9af26cb2ca90299a21b67e65462658ffb85d7c0f

    Download Submit