Overview

overview

7

Static

static

3

2024-01-18...ia.exe

windows7-x64

7

2024-01-18...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    18/01/2024, 23:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-18_e9d055f5b79a1efca253cc86221f7db4_mafia.exe

  • Size

    433KB

  • MD5

    e9d055f5b79a1efca253cc86221f7db4

  • SHA1

    35cc6809738a8f9ba62593ec371e4354dc909e6f

  • SHA256

    f48cbc41d68a415f34f7970e1959429d39edc8ec8b6e9335869b95b4046a877c

  • SHA512

    85cb87c97bdae88bc9cc4110e450227d2cee4ccfb33564b365587454189267dc9db92edcf606714ac48937da286e7b1fb0dc480f0d6696795f0863d40fbd75f4

  • SSDEEP

    12288:Ci4g+yU+0pAiv+OqyeDDMhrkJQJc+MlQ7An:Ci4gXn0pD+ryeskscZR

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-18_e9d055f5b79a1efca253cc86221f7db4_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-18_e9d055f5b79a1efca253cc86221f7db4_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2968
    • C:\Users\Admin\AppData\Local\Temp\6B5.tmp
      "C:\Users\Admin\AppData\Local\Temp\6B5.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-18_e9d055f5b79a1efca253cc86221f7db4_mafia.exe 9BFBCDFD2FEA4E5848E55B62B77841099E8884F0EC6D3AAB99147B5A32B51D9C6946E410E72252BF9567197A11DB788DCC967B0AE6727EC501C392F8DE275A38
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\6B5.tmp
    Filesize

    131KB

    MD5

    8ae4a170d942499d5711d13913abba7a

    SHA1

    302fddfdafdf6f7f7729d7ebb905eea6b7e316de

    SHA256

    689ef2156b5bf75248257cb083e260f432c4668bed0def3e964456908da1a599

    SHA512

    a7aa1bb6272c8882b9d3e7334db6df655f32d3e508b3b716dd07a9fcadaa4be3d62a65e5cbefb992bd8f8dcb3cafdd40237d12d17e380edccf1677c3e261205c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\6B5.tmp
    Filesize

    72KB

    MD5

    2fc747666a0b265db982130f040bf8a2

    SHA1

    fd154deba3177f2c6bdaca867258998bfb694788

    SHA256

    d9ef6fa40c1eaac5d98e2a27c855ac7fa05581e6bc17b12be16d07b0418ed850

    SHA512

    e4075535ead64a5d62f6789afe8fd05071448f855734d0de6b8ec563fe5d6aa87e1712bd0ff51b808fff5b646a33ff3783f6df34130a0b896d865e328cd93080

    Download Submit