Overview

overview

7

Static

static

3

2024-01-08...ia.exe

windows7-x64

7

2024-01-08...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    09/01/2024, 06:45

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-08_9fb0e418a391917e0b7c08834a1acebb_mafia.exe

  • Size

    414KB

  • MD5

    9fb0e418a391917e0b7c08834a1acebb

  • SHA1

    b9a6fd17ba271d71c49dea05a147b419a3cbc52b

  • SHA256

    d58dff7716ac53dd29eac6bb009c5f953d5864d230072e395b577dc71ca409c5

  • SHA512

    8a635e30574479cf9d578ebd66af84ffff32cc1563368e1186b28d817b4e728ddab6e2b094b0168f9c22a52e92fa603152e83e8a00c1c6ece5491d0b747d9cd2

  • SSDEEP

    6144:Wucyz4obQmKkWb6ekie+ogU6BYxDTkdULeZunY13/HXT+BKJ3tAH7lx:Wq4w/ekieZgU6uTLe4nY1fjH5tAblx

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-08_9fb0e418a391917e0b7c08834a1acebb_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-08_9fb0e418a391917e0b7c08834a1acebb_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1728
    • C:\Users\Admin\AppData\Local\Temp\1056.tmp
      "C:\Users\Admin\AppData\Local\Temp\1056.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-08_9fb0e418a391917e0b7c08834a1acebb_mafia.exe E573FD5B9993C27EA17ED08AD20C81D41E6228A3A61253A423A581B66C0FDAD9CBE73720016AEAD875671D0EA2F3AAC7BA39D7A2F779ADE3FDE39E5BF686E026
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2104

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\1056.tmp
          Filesize

          312KB

          MD5

          1e3fec54953e918e9d926321c56e5797

          SHA1

          eb2cd6ff9db2cd0b7e936518e9eeab609f4dccfc

          SHA256

          79bb70b79b54647b5371e76457d354afa7b07141f8849fbca49d10866b306d19

          SHA512

          0447259c1ecbc7720a9f45c39332f7cbdea238de4976fb13c4cda1019b09c309c0cac2d06599821ee8475359a2669d9dbf1ab10266e325e22bcbb447ea764fc7

          Download Submit

        • \Users\Admin\AppData\Local\Temp\1056.tmp
          Filesize

          249KB

          MD5

          c3a29e05bb41dd739abe71f140bc568b

          SHA1

          1ebd9a0cd0fedde4ea08cf5d3c760ae26109791b

          SHA256

          e511c54763d5e56aff21adde69b6b603d39d1c5537bb9bbdf00257ed7958bb6d

          SHA512

          86946aba16a382821bd00ddde7869e074f9eb81b5fefbad48ebcd1cc32623de76de38ed96715446e69c1ecebf56508883cb663a90d6ea2a03deab881b5f5a538

          Download Submit