Overview

overview

7

Static

static

3

2024-01-08...ia.exe

windows7-x64

7

2024-01-08...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    09/01/2024, 06:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-08_cc4ef84828c80ea6874c6a6af8bfc640_mafia.exe

  • Size

    411KB

  • MD5

    cc4ef84828c80ea6874c6a6af8bfc640

  • SHA1

    11a7499424ab4ff57db1ee8bf0372d42f0c57e6a

  • SHA256

    fff5c4f2452cba51f08fd5371f3fe982e565c8b1a3311a0d2710f9b2002e815c

  • SHA512

    5771e94147cab5296320a2ddf9f7f390d9ef82f72d82802d445cdfbddaacf5b57eb664dfc44c582b7fa0ca2f189a0f62ec71ab674df1830eff138a9ac38b9260

  • SSDEEP

    6144:gVdvczEb7GUOpYWhNVynE/mFRdv7XCEuOcHYb82nqRQeX+f5Fw5rXOQqHI:gZLolhNVyEMXhuhG80BeXqFSr5qHI

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-08_cc4ef84828c80ea6874c6a6af8bfc640_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-08_cc4ef84828c80ea6874c6a6af8bfc640_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2760
    • C:\Users\Admin\AppData\Local\Temp\A238.tmp
      "C:\Users\Admin\AppData\Local\Temp\A238.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-01-08_cc4ef84828c80ea6874c6a6af8bfc640_mafia.exe E066D25DB2B66F351417095B66B620912E8C0A0D1C33DFAD5BC0BA9462AB96A721EF5711800BFDD0DC8F9B3E628672E61C352D20F9F0A0CD4054D01361571D4A
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2376

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\A238.tmp
    Filesize

    76KB

    MD5

    cbe888a211a8893b5773384c565995f2

    SHA1

    039284146042c7f6df707456e4c838b887e6898d

    SHA256

    bed4a60ce46864d380dbb4b7f30b24a6313a64bb22d6e3f14cf6e9a6ee873d34

    SHA512

    c0ec20c2dbca9848916512f951396038578eec000e1ad5e9e00b476b288fefd7f36083179cf58e4358c79f4001d7e57ef776597154cf541df671c7ffd7ff7ccb

    Download Submit

  • \Users\Admin\AppData\Local\Temp\A238.tmp
    Filesize

    50KB

    MD5

    572b620144a4c27277bb8d9f9cb1309b

    SHA1

    93a4022ce121c88b7515999db812601c0f2a96e2

    SHA256

    e9b7538032a8613f961d21fbe2b5c6646c084ce33e789ce842c4ee077c754fcc

    SHA512

    f7c75bc0576ebfc2165ad0b13849c757c2210afd411bf3616f5031a683c296e583f4d0ff3640ea3a57b4b46aa9a6162753954c00d2b84050bcd7529f70cab50a

    Download Submit