Overview

overview

7

Static

static

3

2024-01-11...ia.exe

windows7-x64

7

2024-01-11...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    168s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-01-2024 06:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-11_db948133d3f0a82141713164a8014bf3_mafia.exe

  • Size

    443KB

  • MD5

    db948133d3f0a82141713164a8014bf3

  • SHA1

    580aac3a69cf93ccdb51d2f3d2156945917363c5

  • SHA256

    84ce821dfd166b2e901a844350cc8ebc7a1011642ed2dc559142b2ecadae159b

  • SHA512

    86b7aeb0e1f34d4a3d2cda1a5766c590047cba07c2b721f36197b3f67863f5d39a6c88b1672fcdc051ce06db0eec3047eb791cc5957e294d8082521a0f0ed88f

  • SSDEEP

    12288:Wq4w/ekieZgU6YHvbKDeDTR2Be/8iUHbGlMa:Wq4w/ekieH6YHEecBeVUHbGP

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-11_db948133d3f0a82141713164a8014bf3_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-11_db948133d3f0a82141713164a8014bf3_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5096
    • C:\Users\Admin\AppData\Local\Temp\9CBD.tmp
      "C:\Users\Admin\AppData\Local\Temp\9CBD.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-11_db948133d3f0a82141713164a8014bf3_mafia.exe 759D7B82250F7AA44792F0FC43812C5A0534C13815147E273AC368451B10321CC91BADE3FC832E91978F7D90CC6EB37D33326DA9B9645F4C44F5836790D1C788
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:5008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\9CBD.tmp
    Filesize

    85KB

    MD5

    668aa043f8b9d57f9c51172c23ce2d50

    SHA1

    85c8b1612807ca230543c3e155f5410476263fee

    SHA256

    746a33a0c6db4d35f43f8586dbd15d16ebc79160f13839d63aa261eb39a5fc75

    SHA512

    6fbf7fff9deded775bd3963599e3a34c821ec706918df3194538e73152d3e4f0a7f3d2089cf34630b137d1fe1a999b6f5ab22de166009f94a6345df95d19a07f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\9CBD.tmp
    Filesize

    35KB

    MD5

    e787aeba6e62a50ec2d8f707442b4a4c

    SHA1

    8f16db7a2860abd437a5475b31ebbd2095134b39

    SHA256

    0b76ea2e81cf02c62657e35bf6b511b802009ffebf93018d74b02b3a4b9eb291

    SHA512

    3973734c7f74a3debf345d9674f1f141f52f3a0a62a842834b5292f501ac80dcfa4cc8fb56af2391f2ff880bb17992ea1bbc7af8f18958db061d5f36010b7ae1

    Download Submit