Overview

overview

7

Static

static

3

2024-01-08...ia.exe

windows7-x64

7

2024-01-08...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    09/01/2024, 06:47

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-08_c2ad4a86d19bd4442a8824f07c595b8f_mafia.exe

  • Size

    468KB

  • MD5

    c2ad4a86d19bd4442a8824f07c595b8f

  • SHA1

    3d13acfcd657064f19228359db9358407c74b0ea

  • SHA256

    5d5a0613cef6d14823d3214004374bd8d003f97b07da05fc185145f3007cd158

  • SHA512

    8ecd2895a2ebf89dcb1c2b1c8ef648799c17efc2dbd7aff287551efa4e1dba4f2cad387982afca6ec095945b9ce8ab0889fff3c2ca70312c18784956f6936c30

  • SSDEEP

    12288:qO4rfItL8HG0F06whjGU+RMSq3o1kdh5gv7bWmeEVGL:qO4rQtGGWxoCaH4+6umeEVGL

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-08_c2ad4a86d19bd4442a8824f07c595b8f_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-08_c2ad4a86d19bd4442a8824f07c595b8f_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2164
    • C:\Users\Admin\AppData\Local\Temp\6825.tmp
      "C:\Users\Admin\AppData\Local\Temp\6825.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-08_c2ad4a86d19bd4442a8824f07c595b8f_mafia.exe B95626A3414864A83E7337647AB2AD8EEBAFEA03FAB157C35E31E1FC2930E06E864BF0EAB98B240687D7514F09FC2E943F186F157E29C8D8EDB2837D64571AF2
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1344

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\6825.tmp
          Filesize

          53KB

          MD5

          87254a8d775e51841a721b3c8ce5f363

          SHA1

          a33e3c6fa263aab689dfe59a22bca9bb84dde2d8

          SHA256

          99bc3d5f71730865cdbf2697e053b52f4e21f39151802947e82310e5ff217c10

          SHA512

          d4b494972fc8deaa4f92657fd5d1749b65b7965044f555eaa1d04a954c64ff2e3df3354bf1e0f911152c5a07b925267e2f05e0ef5b3428ee18f94481a009ee23

          Download Submit

        • \Users\Admin\AppData\Local\Temp\6825.tmp
          Filesize

          3KB

          MD5

          c8c4ae8c48eaff67a88e3343f021cb6f

          SHA1

          03365d191676e4290225e9240a634aee4975b51c

          SHA256

          018c92eb3ed11fc78f3b14fb1b78e8355ce986250b7d741089f2afe77a62477e

          SHA512

          bb7c8b3e4a008e17284d2bf1e87c14a98be20159f4fcd746a9a36fd5c8dbf4ea931c4b291de4ecd02be4606bac3bd45800aba4a16081c9ad28ab98c68232e56d

          Download Submit