Overview

overview

7

Static

static

3

2024-01-09...ia.exe

windows7-x64

7

2024-01-09...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    10-01-2024 06:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-09_b1f4574b75309055d6bfcd8d0a806839_mafia.exe

  • Size

    411KB

  • MD5

    b1f4574b75309055d6bfcd8d0a806839

  • SHA1

    3d2fb3896d9ff8c0b7f8ecc190d55724530fe858

  • SHA256

    91d74e589a1f6c3c60810889de44542537219c69897e5cc67c2bf5425470fcf3

  • SHA512

    18b8c17fc05d0013ae73511d85795f08aab6bd8606138394b35d56d514d035be610b5467868da2667631b3982d8168092f72f93d83b1b6780027eb3471600d91

  • SSDEEP

    6144:gVdvczEb7GUOpYWhNVynE/mFw8wM7XrQXBsvOjecaP23eWEqHI:gZLolhNVyEz67XrQWOjecaPqeWEqHI

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-09_b1f4574b75309055d6bfcd8d0a806839_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-09_b1f4574b75309055d6bfcd8d0a806839_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2352
    • C:\Users\Admin\AppData\Local\Temp\732.tmp
      "C:\Users\Admin\AppData\Local\Temp\732.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-01-09_b1f4574b75309055d6bfcd8d0a806839_mafia.exe 00672AC7D43C43459AD3339475D514BED4DA3689AFFC40101A31ACCF3D76F0ACFEB48BB2C5BBC06A086C614646E0E35BEF474BFE04FA77431972039BEAAE6383
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\732.tmp
    Filesize

    68KB

    MD5

    54ac94083e745f255de05de7066d35a5

    SHA1

    e2765cb79a1674319f73c470ec63fa145de79c05

    SHA256

    023f62e371d9272b05a2fb9ba94f3979989f6f7e96ebf18258e2d4598c790d74

    SHA512

    a2b3f726a42e8389c98fb7e6520034a66d1b7d838df79fca5fa16cb9db342c30a7fe6ae4a6208facf3fd1e91288e8ef3bd97bd8d82b6b03ec8b6b297aa1f0c80

    Download Submit

  • \Users\Admin\AppData\Local\Temp\732.tmp
    Filesize

    44KB

    MD5

    5b55d9fdb7d6a3f4780f45695cf94e36

    SHA1

    76524a912cdea70ff310d766c2878fe0c171a700

    SHA256

    d1b2bb8ac3a4bc28919191a620b5ea9800f67604b8c2312dfe28fa7360a8d9f1

    SHA512

    bce14b9d3489f21dc116b5e75d22da199f858fa669ed3c0fa9cf836d51e58384912adf561db1450656f37a9e1b0bcb968b74c0e324b95ea334ffae65caa31219

    Download Submit