Overview

overview

7

Static

static

3

2024-01-18...ia.exe

windows7-x64

7

2024-01-18...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-01-2024 13:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-18_acfdfbfcdc7de55ba90662854b2dbaff_mafia.exe

  • Size

    384KB

  • MD5

    acfdfbfcdc7de55ba90662854b2dbaff

  • SHA1

    82f83cf1dcd2cc5dd4c1bdeb9f0d36274671d816

  • SHA256

    e262ec71c7051a1cbff5fcddfd6ff3b25524583b8c116ebe39303d491865e39b

  • SHA512

    5d6f3356cff6f62e2fffbc33a2d8295e90005474373e52ae8c0d470a3cc819ce4539c77320499ad6525fdefd0580ea463fd3e81850c83efca451b31f9a371732

  • SSDEEP

    6144:drxfv4co9ZL3GBGgjODxbf7hH0Q7LHifxxr1O+9HQfW4nVcSnvQW+QwZ:Zm48gODxbzriplQgj4nVhvP+QwZ

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-18_acfdfbfcdc7de55ba90662854b2dbaff_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-18_acfdfbfcdc7de55ba90662854b2dbaff_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4952
    • C:\Users\Admin\AppData\Local\Temp\5091.tmp
      "C:\Users\Admin\AppData\Local\Temp\5091.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-01-18_acfdfbfcdc7de55ba90662854b2dbaff_mafia.exe C8415CA177273889A674FB98AD9F29F15D5695B9EE2685C3DCEEC37373CB03733686CD13487EB4EE341A085DF7B1F8E0D66FA3510CB926CBD932E6C0993EF032
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:5664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\5091.tmp
    Filesize

    384KB

    MD5

    5f878dbdd167e35fdad23a416809a893

    SHA1

    c9656129ac4c2ca2b4b752dcf6dd79bbbe6be935

    SHA256

    28e05e7692e1527e1c72d4014f3d6b473226151f60e9017608b523b20af598af

    SHA512

    acc48b783938efeed6d5e82bafdf64bb5382e60d2f1de3f015a74f3dad2ac950fdc3bf0135b379dad0fe01af2f8c8f8965d3872e21e7219a9b9e29688c79af73

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\5091.tmp
    Filesize

    224KB

    MD5

    d488c6bd8f2a8650eea82312afd8d495

    SHA1

    c486d7dc38464f0383c72a4cb7a896352c760673

    SHA256

    0b749dbe27ca8488251e1041439768fbe6024082defd4915ad6126d68454990f

    SHA512

    6233342b1b6767efc8801fef57ebca67dc8d8b7d7cedfa36aca67448787935587f84cc6c056dec8a7869baac67441c47753820e64734327ff95ce08f54438cb0

    Download Submit