Overview

overview

7

Static

static

3

2024-01-09...ia.exe

windows7-x64

7

2024-01-09...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    96s
  • max time network
    166s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/01/2024, 05:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-09_1175884eedbe00a051169480e655e2b4_mafia.exe

  • Size

    444KB

  • MD5

    1175884eedbe00a051169480e655e2b4

  • SHA1

    c9ac37de0c50e0d255c4aeec5999c100824d73b6

  • SHA256

    300d468e249d43b0000f96f26c74294de94ef1287eb1edfc620bd5318b46d449

  • SHA512

    ed2838e564c2b71888ff238a7234397c1829b2e9a31232bd9cf4eb3be6e96464ae45724a84597698d8d1e007baaf34519c138f44fadfeba0f7d7231751944d51

  • SSDEEP

    12288:Nb4bZudi79L6z1mizph/9CBuvKeNwV6uGA:Nb4bcdkL2ciz94eeh

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-09_1175884eedbe00a051169480e655e2b4_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-09_1175884eedbe00a051169480e655e2b4_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2244
    • C:\Users\Admin\AppData\Local\Temp\9FDA.tmp
      "C:\Users\Admin\AppData\Local\Temp\9FDA.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-09_1175884eedbe00a051169480e655e2b4_mafia.exe 4DC890F21C5B38B7C6475A1E4CB35FE5FA4C74FE3A6A7E637D4221CDFA8A0E7ED2697517B8A0B782948F6999A7AADED544F685FF1A60319558778FF2CDCEB4D1
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\9FDA.tmp
    Filesize

    172KB

    MD5

    76939c1afc6d1e709c4af25039978aba

    SHA1

    9382eec9385a216a899c66b00f07b6956dcd66bd

    SHA256

    47e6ef829a890b40ad14969ea12dee179a889aa3613bc90185609b27498afd52

    SHA512

    47c8a5377a3ee6ba668475d7f1d6a72bef0a23b8a7c29f6d8bb0d739e5c7a80744e93d029e92cc9059813b8b5c91b2ab606406b62c928867cbbdf45cd9101378

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\9FDA.tmp
    Filesize

    444KB

    MD5

    6335f4c7c66bcf14688180dd28ca0cf9

    SHA1

    12c3bc639cbf0f1a42e1298b613ec126ee1031c4

    SHA256

    9af6926a8d29b9296a4ab750304d32b1dbadaf20244cb79b5dd8f77571853b5a

    SHA512

    4e02d1901e650f40259384b4f96e745ddb5be23d71d5c10b802d82039a8fa118a394df3671f21038d203755f4782dffb789151818d59a1ae1ef17d20cfa8e672

    Download Submit