Overview

overview

7

Static

static

3

2024-01-18...ia.exe

windows7-x64

7

2024-01-18...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    18-01-2024 22:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-18_13f8add5b68c9c4ca4b554245594a8af_mafia.exe

  • Size

    486KB

  • MD5

    13f8add5b68c9c4ca4b554245594a8af

  • SHA1

    579101af96c13d033de2e60c7c3ad96d4bf1c221

  • SHA256

    66240ee43f385075fbaebe4a3040b59209754c5c88d47a4e14aed26fb4dadf10

  • SHA512

    79ea7ddce9c56893d182c3d1df061f8a26c680da565ba2ec2c31d7a54c38b92170eb87ded1d5a837a0ad26abc5bd23d32ec4523d0b45408be9cadb5432d061bc

  • SSDEEP

    12288:3O4rfItL8HPPWPb1ryqd8izVta2AymwE7rKxUYXhW:3O4rQtGPPuHd3V82AyM3KxUYXhW

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1314.tmp
    "C:\Users\Admin\AppData\Local\Temp\1314.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-18_13f8add5b68c9c4ca4b554245594a8af_mafia.exe 333934D79C964C3BCC264EFA0ABA3DE1F626737D94019A7F946ADB17590FFC3905A53C79C72C1256F538F58F6AE96F4D0BB9C062ACE23AFA931B8E1E9250B475
    1⤵
    • Deletes itself
    • Executes dropped EXE
    PID:1248
  • C:\Users\Admin\AppData\Local\Temp\2024-01-18_13f8add5b68c9c4ca4b554245594a8af_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-18_13f8add5b68c9c4ca4b554245594a8af_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\1314.tmp
    Filesize

    1KB

    MD5

    55ffcfe00c9e88815d8867822c1bd0bf

    SHA1

    1071cd2ebde24dd25168321ac5463aba7fbcca7b

    SHA256

    cbd086a5a250d66170e3e7019333de1e273eb4c08598833388ed578ec2b82bd8

    SHA512

    54b9f4e1dabec2a7374bc3bfe6f25863367b5c4625866759618108847adb6def503bf8f035aae57dd4b169c8f282328badb6132fbe7dcc40c7235e66a3c96302

    Download Submit

  • \Users\Admin\AppData\Local\Temp\1314.tmp
    Filesize

    75KB

    MD5

    da9379fb02c74232a8644a8efbb7d151

    SHA1

    d48ae77f72f10a4c480a90c42f1c40ee890be384

    SHA256

    70a12ec2b609fb4386a67386bf8b8bbc96890141ea0f1b41c96414017266a1f5

    SHA512

    95d550ee2efa9d3abd7e1824e7b6b812207c6210fff6f6325b7bfab4b765f72c59d0c4f047d614d2c61976d240c079259ed378add3264745f7d57fc4dcc686f3

    Download Submit