Overview

overview

7

Static

static

3

2024-01-06...ia.exe

windows7-x64

7

2024-01-06...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    07/01/2024, 12:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-06_408b8cf0e21cb51d5bd75ab3500d1f38_mafia.exe

  • Size

    486KB

  • MD5

    408b8cf0e21cb51d5bd75ab3500d1f38

  • SHA1

    2522ade979a9fbc5bcbfc2654571ef93b646b9df

  • SHA256

    66aee9ddf155d822b6e204f9332368154235488fb0b0c2675ca7d390289b346e

  • SHA512

    50cc6e622fbd78970033d7fda27f1eaf298885576ce67485d62c98ee11f33fbcd4ba309b0f52c60d182487d43abb2974c46bc29c05d264703ab26887406f632f

  • SSDEEP

    12288:3O4rfItL8HPT6PnLjOAxeeVQT2s9OLowxHT7rKxUYXhW:3O4rQtGPTmLCk3VQT2vLoiHT3KxUYXhW

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-06_408b8cf0e21cb51d5bd75ab3500d1f38_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-06_408b8cf0e21cb51d5bd75ab3500d1f38_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2896
    • C:\Users\Admin\AppData\Local\Temp\7BF3.tmp
      "C:\Users\Admin\AppData\Local\Temp\7BF3.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-06_408b8cf0e21cb51d5bd75ab3500d1f38_mafia.exe 1B2B20F5F3D36D852D4B5FE14DCE352A4010F4AB2A226D3F31814670CDDCDE4CEEB4486810B23C51E474C47CE99524A32B82917FDEAC8EDE9C0ECB8900E5CBD7
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7BF3.tmp
    Filesize

    185KB

    MD5

    bc30e9f14797ba2781f99ffac64ddd58

    SHA1

    23e56827bc562431c0e5b96de2caf92094c49c39

    SHA256

    71c24d4cf819ab5a41a515d41c176f5189bf0caf96b48dc093a5193bb3a8006e

    SHA512

    d00de8f33974e8a5c5b468a12c1f41c922cd885fe795dae1710a97eee0f1ad3cc4be0588b06cfb896c2b8b4b3bb85e333d4bf14b5446ea805d0dff88344223dd

    Download Submit

  • \Users\Admin\AppData\Local\Temp\7BF3.tmp
    Filesize

    486KB

    MD5

    884dd8ee1222cbb10ab08e958814ffa6

    SHA1

    ab011c57548103a8301118ab8fc83ab542419fa9

    SHA256

    50822902026e336359f209bfe9ae65bc9351c070ed5a947f3675411963e39846

    SHA512

    bc0c3240bc27e9c5e803ce5a243b2167ca48f0dc5ed2252a9704c32f8ef1bd89013d61417008747cce66496520abd4806b1dab53a9bf73c2760b0e3c81740a42

    Download Submit