Overview

overview

7

Static

static

3

2024-01-08...ia.exe

windows7-x64

7

2024-01-08...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    09/01/2024, 06:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-08_c9e6529acbc2281f0bf1642901c76e6d_mafia.exe

  • Size

    476KB

  • MD5

    c9e6529acbc2281f0bf1642901c76e6d

  • SHA1

    4aee1ff8687c0298415232cb8d6ea1a9d410dab5

  • SHA256

    f8030c142a60595e9dc02fc45b00517284b94fe18c31e8d02d568948ed1a5aea

  • SHA512

    aa21baaf5d4db789a1dd41fe996171357b1572c35136890ffdcb7b6efd395fd485656c144f26d6178f5b13e91b90fdd82a7e92766fd3734332b0701ec5c569cd

  • SSDEEP

    12288:aO4rfItL8HRHUlL/QTiMMNZU9Nz2VWmiHVn5o6h2Y7K9wlsDpVFd:aO4rQtGR8LSBQCXz2Umv6gY+9wlsDpVT

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-08_c9e6529acbc2281f0bf1642901c76e6d_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-08_c9e6529acbc2281f0bf1642901c76e6d_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2548
    • C:\Users\Admin\AppData\Local\Temp\15E1.tmp
      "C:\Users\Admin\AppData\Local\Temp\15E1.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-08_c9e6529acbc2281f0bf1642901c76e6d_mafia.exe 66B76EBD728390A3A26AA878C142B6A3B7E136295AA6209BED36E8F84145BDC8711841A5921B8C166C449041D00D3079B488BBC6EA48F7A4226777E1A00A3C81
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\15E1.tmp
    Filesize

    5KB

    MD5

    b3e025cbfac77a56b6a8fc4b14c1cac0

    SHA1

    4b3c9f359cf9b2fa193a0915b605e2d52ab8fce9

    SHA256

    d3b3acda50d9885a4fe4f64c3c77d23ab3801b01b5ae4c33c07616af5b0e2388

    SHA512

    72a1e2d8a77b82c0673b6325fee314ad23f5462e400ca8eae0c67bc2d5396cda623b1b7d7cd87eef37d2d6597b8b26a5f4dd4811290742429c09d0ded06dc615

    Download Submit

  • \Users\Admin\AppData\Local\Temp\15E1.tmp
    Filesize

    49KB

    MD5

    b2d4f0bea66d844667e19f378b6bde50

    SHA1

    1128a9c0ee6835fc02612c9b2613ce53d2e210e4

    SHA256

    2aa83c19beb360cbccf199cdfd1d570b7800c3fffccf7b095bb5dbfc3271cde9

    SHA512

    bd4aff3696955a75023cef3c3d130e5736649507ed13b7625cbea56851c42919f95c3f9cea5f3f8d1590c42843f9a02e033601a17f59bd4ec0e1a3fbe7782689

    Download Submit