Overview

overview

7

Static

static

3

2024-01-09...ia.exe

windows7-x64

7

2024-01-09...ia.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    10-01-2024 06:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-09_df720c5113494e85b74e8af7c8f8d28a_mafia.exe

  • Size

    384KB

  • MD5

    df720c5113494e85b74e8af7c8f8d28a

  • SHA1

    c9d0a8c3aa2c7457f041fa2dafc097e63fe55384

  • SHA256

    bd8d0ce86cf3bcbc851c34526583979cd9a6f7cb74cee0d98348b5fb56c1a4cf

  • SHA512

    4f1f395561667885ff3d7c2c204438dae88d19870ba0670fbe4e715a50a69df423f814b856c3759f3b31f9c46ac534adb4026996c7071cc7834e037463f8927c

  • SSDEEP

    6144:drxfv4co9ZL3GBGgjODxbf7hH5D4ZTImKQjIoy+fRbXETuiBou+c8Vo9Z:Zm48gODxbzbDEpKtOfaTuiqu+cWyZ

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-09_df720c5113494e85b74e8af7c8f8d28a_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-09_df720c5113494e85b74e8af7c8f8d28a_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:880
    • C:\Users\Admin\AppData\Local\Temp\144C.tmp
      "C:\Users\Admin\AppData\Local\Temp\144C.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-01-09_df720c5113494e85b74e8af7c8f8d28a_mafia.exe E085BBAA768D3A85F98683C7B736DA9E371ED28518D1FD2F2F21CC03D506969FBC57812DA60A712F1D0DA7EC124CC8FA6E708292B1606C8F5530A22549DCB5F5
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads