Overview

overview

7

Static

static

3

2024-01-06...ia.exe

windows7-x64

7

2024-01-06...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    07/01/2024, 12:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-06_8a2a703f54e5ea54a93e881f89a147ad_mafia.exe

  • Size

    479KB

  • MD5

    8a2a703f54e5ea54a93e881f89a147ad

  • SHA1

    b454987d3f7d349d13de2806f448e2cffe15bf6b

  • SHA256

    0b3850497be32e627f3d8b7f6771fa1aeb2bcd85227543f9cac08826b54b3cf9

  • SHA512

    49da043e831a32e9197489250c8630b40f6bddaebac9f64b7efbab90cad41ffa302d5feaeac5ff1a6c189512b131ce90fe2482f7b4c6bb807f226c473a8bcb83

  • SSDEEP

    12288:bO4rfItL8HAK/rkEUerd9DgOVOJx7AnI9t80p75UO:bO4rQtGAKjhUerd9ZVOAIk0pVUO

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-06_8a2a703f54e5ea54a93e881f89a147ad_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-06_8a2a703f54e5ea54a93e881f89a147ad_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:3044
    • C:\Users\Admin\AppData\Local\Temp\9C01.tmp
      "C:\Users\Admin\AppData\Local\Temp\9C01.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-06_8a2a703f54e5ea54a93e881f89a147ad_mafia.exe BF9ED57FFD84D76AA3C124170B718A5144D2086BD064F7A8774A106033D3B176299FC3D97603F1119DDCBEE6DBD0902726DE94FAEFAED1EAC2BF2CC2336AD274
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\9C01.tmp
    Filesize

    129KB

    MD5

    682364327f77a3a5bf096757fb6a0461

    SHA1

    fb22616a0bbb5d07ce0209a2ca446b84f508fc16

    SHA256

    3474e748580f863061fa743f4b2de50998ca53243fb7b98c5783588b0972c376

    SHA512

    60787d440564253aac4d2564816e3b710d07a1ffb12eabde6d89be0de5bbe48938e05366042fe6d429b1986589d0f5adfe7086d530be2a7377b3bee6169bb379

    Download Submit

  • \Users\Admin\AppData\Local\Temp\9C01.tmp
    Filesize

    183KB

    MD5

    b03c9f170f94a47fe57afef657e6ffb4

    SHA1

    df2766166f3b7b143b975da851e8afc40c78a4ff

    SHA256

    52053b49aaf4ea32a59fdbab991dc075c287f8a5a1dfcd79a26887dbf1982d40

    SHA512

    b7f65e1e52f4c3ac6c6a50409d5f88e391a22709e007bedcb50d9fbffd2417bfdc19cfd4f866c66861be53f0d45b1963955e02a7bccc0ab2fdf9004d87a467b3

    Download Submit