Overview

overview

7

Static

static

3

2024-01-06...ia.exe

windows7-x64

7

2024-01-06...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/01/2024, 12:14

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-06_ae7728c7ad07da05d69dfadde5722ad4_mafia.exe

  • Size

    444KB

  • MD5

    ae7728c7ad07da05d69dfadde5722ad4

  • SHA1

    fffcfcdd7c52b57f2751b441556d3ee9775e05c8

  • SHA256

    df164633f0e5d5bcfbb095feef5d44049896e1402dcfa2815220a11a56911fe9

  • SHA512

    dcfb4c7699f996703896daf1d21d1f0f9afb4c6a8f7cd70dee219494122b14151e22154355d5000d9cbb76cf19e5761fe4260fb9fdadb2a24c49e4f71261e45c

  • SSDEEP

    6144:fFrJxvldL4c5ONK1xgWbd1s79+iStzVDGyfbW49JDFqQCazJyyBCsq1SA:Nb4bZudi79LsrbWkr4azYyBCsJA

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-06_ae7728c7ad07da05d69dfadde5722ad4_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-06_ae7728c7ad07da05d69dfadde5722ad4_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4392
    • C:\Users\Admin\AppData\Local\Temp\4779.tmp
      "C:\Users\Admin\AppData\Local\Temp\4779.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-06_ae7728c7ad07da05d69dfadde5722ad4_mafia.exe 91A767ED24A6585EF1C846989EBF73798D9E0C9327E0A0EBE7D995AC58661DACC3AC50DA554327797990FD7273704F655EE73B18F771B080B742EA3A2A3828A0
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:4876

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\4779.tmp
          Filesize

          98KB

          MD5

          0e3153667aee0f00cc4b5a94eefd723a

          SHA1

          ecf4384fefb3f4abe66f394e40bc9894a56db47e

          SHA256

          3cc27a0c6b10f9f0016b86f6896f5024ce10b6d647512d32e43c2117de1fe551

          SHA512

          14a24f83497b24d13749d20da16b19b9fc581b9103cb640f6d0bcd466c0ad3b6e7181b1ab1b6baf2280b87fc79030898953d548805190aef51ecfa07586beb3c

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\4779.tmp
          Filesize

          92KB

          MD5

          3597d496e720574836bc913f858eff1a

          SHA1

          0198015901f873c5e0bf530c7a7e9d373a2628df

          SHA256

          1f9df3b23782c121557c5d4ff8ed389a091e900688e9daa1a4a7b3b596c9fd8f

          SHA512

          a16e68f589841edf1460b0906f175fc8cf3ed5866a0c064d11af49d77491e526ce95bcc70ebd1d5b31e86c1c7629415d249b3eb09570734a3bb5b469a4316fb3

          Download Submit