Overview

overview

7

Static

static

3

2024-01-10...ia.exe

windows7-x64

7

2024-01-10...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    11-01-2024 05:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-10_c66d08d91a3a15f2299ae2d9bd18a8fb_mafia.exe

  • Size

    476KB

  • MD5

    c66d08d91a3a15f2299ae2d9bd18a8fb

  • SHA1

    482c9701aeb5bf3bfc12060a7e56c2e717a64020

  • SHA256

    c0c7a57976ca5239af646c857c326a6a64408f23175710f51909ca2c1848b38f

  • SHA512

    45a2da36dc75ef3c5a719db273560be7fed00a0c7d4400e737a6d26bca26bc7e98c4dd39cf06877f1a21b92443c85bf689f53b792efd9fcfe2dfa0eaae9b6361

  • SSDEEP

    12288:aO4rfItL8HRcXd/BwK+ru1wax5gAiHLU7K9wlsDpVFd:aO4rQtGRcT1wah+g+9wlsDpVFd

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\D69.tmp
    "C:\Users\Admin\AppData\Local\Temp\D69.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-10_c66d08d91a3a15f2299ae2d9bd18a8fb_mafia.exe 45EEAC1FFEBDEBA649E3BC496880962B36DE027B3A27CF1D2D912E84DA422BA6A73FDC16FF0E5DBCC2899EAB605883A5B5AA1A316C55C368825D7046AF7867F4
    1⤵
    • Deletes itself
    • Executes dropped EXE
    PID:2084
  • C:\Users\Admin\AppData\Local\Temp\2024-01-10_c66d08d91a3a15f2299ae2d9bd18a8fb_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-10_c66d08d91a3a15f2299ae2d9bd18a8fb_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\D69.tmp
    Filesize

    381KB

    MD5

    ae8fd1f22350449d562dd8e3b5bb9c20

    SHA1

    358deb7dbe0557857b0be201c53a9a42d11c7aa5

    SHA256

    c5db90ce8d2ae7d2f4ca79edef586c41cc61202f60abc0cb86ee4a406527cd44

    SHA512

    8cf5951e63616febc9a577c072ac28cc25087bb5c0f6a6711b6812e8bd707343ff0537a6ea3d93dfe5a4e76ff69c7f459237fde43f9cb084edd2c55ebca19a85

    Download Submit

  • \Users\Admin\AppData\Local\Temp\D69.tmp
    Filesize

    18KB

    MD5

    e40043dc3b9a0692d0ee14d76a426314

    SHA1

    ae44501c28e31ff3b6604308930e8d043d860a23

    SHA256

    7f2255c8782ab5439eac7c7eb520268be0a52e86dac765f52ee5b8cc4085ce29

    SHA512

    618045940a9190c71d252cb17b99a48e065aa2704c7139e3600cd500d797653b10ddfc4661a277fba525f66e7144a35ee38ce6c39eb8c228b40c5a4e10d2d9fc

    Download Submit