Overview

overview

7

Static

static

3

2024-01-06...ia.exe

windows7-x64

7

2024-01-06...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-01-2024 12:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-06_091b0d4d2c3fdbcfc63356ad5c6aa0b3_mafia.exe

  • Size

    476KB

  • MD5

    091b0d4d2c3fdbcfc63356ad5c6aa0b3

  • SHA1

    a634c8743181bd0126c08facee8009b5e0b303fd

  • SHA256

    990db4be389c8e92fcdd89c8f2a4356da4353eb6d64d08912336fb66a66bc209

  • SHA512

    871482f98b929c1b7da3d446b347e76bf066d63c90d527a6910a5e7dc9370b270b55857facf7ec615429fa240284ffd6c938f7cb930c18b08d9d15f99b119d2a

  • SSDEEP

    12288:aO4rfItL8HRBYUesFpkft7KyZ68oXxecoBFFcfJ7dbvI7K9wlsDpVFd:aO4rQtGRB3HI4yZ6tscMsfjbvI+9wlsL

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-06_091b0d4d2c3fdbcfc63356ad5c6aa0b3_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-06_091b0d4d2c3fdbcfc63356ad5c6aa0b3_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1856
    • C:\Users\Admin\AppData\Local\Temp\4268.tmp
      "C:\Users\Admin\AppData\Local\Temp\4268.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-06_091b0d4d2c3fdbcfc63356ad5c6aa0b3_mafia.exe 61DDA935235D4E6AC106CEC3BE61E4609897E84450E033C3A349F9C6DA760A377F970C243D5D09F0C69E168DFD3FDACC895AC66B95E82FA4C2545B017B9FC895
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:4596

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4268.tmp
    Filesize

    331KB

    MD5

    9c55ecfd354dee531312fd59de9562c8

    SHA1

    0fe568965644c2e5928373f0f2320e2cd2390014

    SHA256

    129a64dc3fb9cec7809328f6d528fab7713609f4b94413ea58912769664f9e53

    SHA512

    3a1eb57d5d25173f9eb57cb732a451b4f0abde8673d1ae8d54b8afd5b551b509baf9a351c4cefbf7c6e3f579fd21ed79f071a1e134111f4876a3ab7e893567d4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\4268.tmp
    Filesize

    122KB

    MD5

    aeb921147c1c519d2ef36c5918c9212f

    SHA1

    ae60924e7b4e371ff6d295f1b11aab56e2547b5b

    SHA256

    bc6837b6e58813c5a23d96c2b8a838124fabaee9b59cfacfb4a187eb2a1865a6

    SHA512

    83c56ef6eb3f6f6849cc2eb161850e545bda89b60ddcbe9a1d0eeb4045ee3ab602deaea7cf729b60635bdada268bd9acdbe1555690df94f197e657526b1d19e6

    Download Submit