Overview

overview

7

Static

static

3

2024-01-19...ia.exe

windows7-x64

7

2024-01-19...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    19/01/2024, 15:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-19_e69e8a8b45e24d7370c492940b8311e4_mafia.exe

  • Size

    444KB

  • MD5

    e69e8a8b45e24d7370c492940b8311e4

  • SHA1

    cfbc1dd5d6e859cb6db19f7af2735a5aed483e11

  • SHA256

    2851cbb7e478021ff250e562c6ce8b7e30e93825c91b9f753caabf9343292c8b

  • SHA512

    d7e64e7ff405a3a14d4812768282ab6e025f0eb8c73b45b17da5b41ef5d79009f3196d159f8c696c733519d3239fcc89b377901f5bc844c87a16133f6d11a603

  • SSDEEP

    12288:Nb4bZudi79LcBD7erwKxVvieD1ULs39vS4CIFgA:Nb4bcdkLi7YNvv1f39v1F

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-19_e69e8a8b45e24d7370c492940b8311e4_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-19_e69e8a8b45e24d7370c492940b8311e4_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1712
    • C:\Users\Admin\AppData\Local\Temp\F0E.tmp
      "C:\Users\Admin\AppData\Local\Temp\F0E.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-19_e69e8a8b45e24d7370c492940b8311e4_mafia.exe F9B5B372562CD4B6E4CC6FB0D19A4BDEF2F2C015C55AA944EFFA52A5458CC88296B70BC245682DD866121DA79920CA2B7D79CBF8ADB347F97A9085BCC67EAA5E
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\F0E.tmp
    Filesize

    114KB

    MD5

    47e13783fed82dd0ecc6ca39daf4cd09

    SHA1

    9cde5b85c369ac5f3c6cbf8bdda861443a9d9f9f

    SHA256

    05a7e4e5a9fdc5ee62d41a78aaaa733b638f3a2f1e1c8ca18da46f94fc110403

    SHA512

    93919904147c45ed4f70118371f840e0b730261181b7d3255b17b7dd0891498a60a3eff1ec0be55d0a6fe8db7ae699d72518cf16b5560cdf5788d62ce8e5a5fe

    Download Submit

  • \Users\Admin\AppData\Local\Temp\F0E.tmp
    Filesize

    220KB

    MD5

    15c491a36fbe0d678c75771d4ba07eb3

    SHA1

    4175498eb7aea378022036aa9200fcaaf905691a

    SHA256

    5d86085941ef4892dff3981d4168292da447b9f865a9d73576f1abb0d3e81dd5

    SHA512

    a52bae2eb2b99711cc70333dddc5ced6f35699c92314eac679e40cd5253290d015f66fc4318cd3712eccc639cd1be59ca242266fecaa52893af10b20b40effcb

    Download Submit