Overview

overview

7

Static

static

3

2024-01-09...ia.exe

windows7-x64

7

2024-01-09...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/01/2024, 05:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-09_89487fe01d7c976cd9ae4b80e2dee867_mafia.exe

  • Size

    476KB

  • MD5

    89487fe01d7c976cd9ae4b80e2dee867

  • SHA1

    8490cee978e0015b2edccca3c8a5031e01ac7e8e

  • SHA256

    a7f3b3ab7f7c16f7e5b915b1e8ba46482c05f646afeece3d677b53bb5262ce71

  • SHA512

    b0a1a1fd43ca3ce82e3d5de1b2fa8e4daf1ecbb481d1d5a6b37ab1cb3783fc0a37c5e72d908aa0960cd7c74bb3a48be3099b5433008c3dd53c5ab9f3de781aa7

  • SSDEEP

    12288:aO4rfItL8HRuY8/COQHNnG4ZTZ+Srrxd7K9wlsDpVFd:aO4rQtGRTjHNnG4Z+Snj+9wlsDpVFd

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-09_89487fe01d7c976cd9ae4b80e2dee867_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-09_89487fe01d7c976cd9ae4b80e2dee867_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4696
    • C:\Users\Admin\AppData\Local\Temp\4268.tmp
      "C:\Users\Admin\AppData\Local\Temp\4268.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-09_89487fe01d7c976cd9ae4b80e2dee867_mafia.exe 5EF6FA41DE3767CFEED3643A79A1E3C36C42116A94E4F4BCDD83DBC0A076E79EE972F34D0B9721AE5E21DBA6684A671A3E4EC5053CF124F3CDCA0FA9666D0947
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1860

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4268.tmp
    Filesize

    476KB

    MD5

    c507ec4fdedf7399573865fdf016c836

    SHA1

    ec2fafb5f1cc325f885f1068cdfe4977c7f908bc

    SHA256

    227dcc1a11b2766d8c739b3a258d56682dd6e86b0d8c50876de3b2db5e0590d9

    SHA512

    924fde56d1a8cc232f2ae7be4f092f95366633da9fb9e3e27a7e8ab313a1f59b956f01d75b8dd120f37f8ab07233163a900ebb06885e2cce71b1cfa4e9b51f80

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\4268.tmp
    Filesize

    92KB

    MD5

    722243f3e06e593e0e278ebffac8fc29

    SHA1

    29a18ccda4fbb2d574ec78624b9c1a379c03fdf7

    SHA256

    26a8397120820b798877b66835e3de663c27048d72923a05a6128db2276b394d

    SHA512

    257888e7a2e25c36d8ea889fd4e4f1d39f77e9602d27e6b36f77103659f46c178f20c2b7a5ccba3207e0ea72d6397b4582baa89de9532a320bf30662b22c7a91

    Download Submit