Overview

overview

7

Static

static

3

2024-01-11...ia.exe

windows7-x64

7

2024-01-11...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    160s
  • max time network
    170s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/01/2024, 06:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-11_d5995a329ced734b29e3f87c62120c41_mafia.exe

  • Size

    444KB

  • MD5

    d5995a329ced734b29e3f87c62120c41

  • SHA1

    02805daec4b55c78779d8fa27cb4401e9627b74c

  • SHA256

    878000934a8d686d6da04287c6d7631c5f38dbfc839efcab27de595845bc4138

  • SHA512

    3aa5541b20c07da774d78768d782ef2a8d4abbbdb3cb105d13334e86a77c93939687b3ca3a972499fa43ed3a1b38b5490f8afee2b2376cb61cde8147dfd5dbf1

  • SSDEEP

    12288:Nb4bZudi79L21aDjWd5JOb1rXFHBAGvRA:Nb4bcdkLhWO1pHWq

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-11_d5995a329ced734b29e3f87c62120c41_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-11_d5995a329ced734b29e3f87c62120c41_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4812
    • C:\Users\Admin\AppData\Local\Temp\B20A.tmp
      "C:\Users\Admin\AppData\Local\Temp\B20A.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-11_d5995a329ced734b29e3f87c62120c41_mafia.exe 9D334809FB8688E4BAAE21CE5673B5A6AAEA6CC0F751192C20B5F3AAE31FC7BEA08BABCC5011CC80A51E282B46C83A0CADDB7F03EED549F55F81B4669538C97F
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2604

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\B20A.tmp
    Filesize

    204KB

    MD5

    ba66059bc449813da8734f4e43b4e215

    SHA1

    1d06d6a8bb680dcaa6a04987e79c8d7a2bc10d71

    SHA256

    bd1937af4f910cf2b706db10200be80fa9c093b6a45e6174d0ef88266180b04b

    SHA512

    14573bc8d581aaff8b501d8a359671ae71c76582a32fa510e8f799192502a4bb34e303b5cf529f62ca6779b02268293b38705353edf77a0b8b8bf25232234aa6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\B20A.tmp
    Filesize

    209KB

    MD5

    e1967799abbcc9368ef3695edb3617ef

    SHA1

    5af3427a4e9e62e876f30695e2b89b48d6fa937f

    SHA256

    27628ee1b64a4964e0951c514cfc552d955b283a86d166ac70ac613b565a54af

    SHA512

    9599905d7bdfd59a4a49ded3b2ef6ebbbeed6048f6214624721ce3aaf952858aca8570fb78c77e478a48a0a36c0adf43bf7cec73a8ffe1ea51f9702fb312dc54

    Download Submit