Overview

overview

7

Static

static

3

2024-01-23...ia.exe

windows7-x64

7

2024-01-23...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    23/01/2024, 19:02

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-23_de77c940766b6654de1dc9cda9163232_mafia.exe

  • Size

    476KB

  • MD5

    de77c940766b6654de1dc9cda9163232

  • SHA1

    a23bb6cbf2f035ea6747cd75c8e194449eb65ff6

  • SHA256

    76f6ceb3d6bb3ce7246c742b120967b1d56cefe5d8c1cb18860f57101e60f3bb

  • SHA512

    8151d98c2bd56e9b97afea16c74800f85b0d28a7ed875aa75723acec7ef9d96ab38072ecc603a5830eadddb25e603df006aaf8263103282760d8d04d2f37d2c2

  • SSDEEP

    12288:aO4rfItL8HRzwCuBBWGMD0LEYZcp8v7K9wlsDpVFd:aO4rQtGRzfcYMEYZ3+9wlsDpVFd

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-23_de77c940766b6654de1dc9cda9163232_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-23_de77c940766b6654de1dc9cda9163232_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2324
    • C:\Users\Admin\AppData\Local\Temp\14B9.tmp
      "C:\Users\Admin\AppData\Local\Temp\14B9.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-23_de77c940766b6654de1dc9cda9163232_mafia.exe 81CD07CFDD80E3762FD43B9D15BC66B04E293E5543902625ED806872E55A62F2FE2AFBEBB3E722AFA16A2F57979D853D81AFEF350350561AB1DF450FBFE5C4B3
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2424

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\14B9.tmp
          Filesize

          85KB

          MD5

          4d008b8845b02aed64784258f26cfc7b

          SHA1

          ea18fbda1cb5709c5513b4343fe8205e5d424cd2

          SHA256

          74589a7d0e33888c5aea712b1b188b7932959c566bc5d3f98cc88148370783cf

          SHA512

          b6b11ddc22a9f4495aa45664fa67674b6ac9ce11135a36ecd7cc315f4e9567b783e0ec1a4a49410a27518c4f1e515e3289bb35dc9a0b4f3fa3bf638a29818a97

          Download Submit

        • \Users\Admin\AppData\Local\Temp\14B9.tmp
          Filesize

          29KB

          MD5

          f1dcfa92fd4a31aa7bc9741c05629e91

          SHA1

          4c7ae18ca5467bcc92ebdf7dd5941360c62a05eb

          SHA256

          e0151f54ecc14349b6808446c316e0d3eaf3a34a5f004a842816409141265d8b

          SHA512

          7c6c0e4ea2cbd4a19446ab2be64c1ae24e97b05698477887ad04b3fd6d12dd98f713c732304986d05d814f5c1ac52439a201627af414bc707fbdcc7ef9b099bb

          Download Submit