Overview

overview

7

Static

static

3

2024-01-11...ia.exe

windows7-x64

7

2024-01-11...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    12-01-2024 06:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-11_db948133d3f0a82141713164a8014bf3_mafia.exe

  • Size

    443KB

  • MD5

    db948133d3f0a82141713164a8014bf3

  • SHA1

    580aac3a69cf93ccdb51d2f3d2156945917363c5

  • SHA256

    84ce821dfd166b2e901a844350cc8ebc7a1011642ed2dc559142b2ecadae159b

  • SHA512

    86b7aeb0e1f34d4a3d2cda1a5766c590047cba07c2b721f36197b3f67863f5d39a6c88b1672fcdc051ce06db0eec3047eb791cc5957e294d8082521a0f0ed88f

  • SSDEEP

    12288:Wq4w/ekieZgU6YHvbKDeDTR2Be/8iUHbGlMa:Wq4w/ekieH6YHEecBeVUHbGP

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-11_db948133d3f0a82141713164a8014bf3_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-11_db948133d3f0a82141713164a8014bf3_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1152
    • C:\Users\Admin\AppData\Local\Temp\7E44.tmp
      "C:\Users\Admin\AppData\Local\Temp\7E44.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-11_db948133d3f0a82141713164a8014bf3_mafia.exe A24FD07C846A27A0EC96766201C57847D73AF919B8B785BCA7759A212E2C3BA47553BA6FC6C80854F30BC4D4A4C6ECB6BE95DDC9A48530A7D11C8A0E4BF5677D
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7E44.tmp
    Filesize

    322KB

    MD5

    50ea9c978d36cda6f72fba57b5ac81dc

    SHA1

    1cb973ef2ddd21bd6e269723ed4c126410cea7dc

    SHA256

    b84c8f06f129324d893985f297973f235ac2e18963cc9dbc6e8b17ffea13d580

    SHA512

    f9c6ac0b531de7a21b9ab823f7205c42424c92e8cb7589a3af7eac61c4afae5dcda258c4c1fbdd4c0987b2d104f25cdadfe90e65fb863b6bcd9b7c973158f856

    Download Submit

  • \Users\Admin\AppData\Local\Temp\7E44.tmp
    Filesize

    290KB

    MD5

    220d9159257ab7ab3d78a3392af5e7fd

    SHA1

    7b9713f741579ea94122affbe8ab4d38bbc8f647

    SHA256

    b8a2b592094ec7322c2225ca0af40907517a9149dabe49b6e7d9f9841f50faae

    SHA512

    ae568b723bf68399316bd5163b1e08822f683db42397a5ac9e7bfdcb530e876ce8759da5e9e4e080d475bfff57970ede3340f7d51294b5c409ffdb91763f139f

    Download Submit