Overview

overview

7

Static

static

3

2024-01-23...ia.exe

windows7-x64

7

2024-01-23...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    23/01/2024, 19:45

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-23_4c5e5aa78ac9bb1576c3d7fc70125f1e_mafia.exe

  • Size

    428KB

  • MD5

    4c5e5aa78ac9bb1576c3d7fc70125f1e

  • SHA1

    7dd1e63741499bbce568b7dcd247ce9730cb6ed6

  • SHA256

    2c24584783e1bb19d4e7a3bc35a0ef28e5ed633d0c683ee0c996fec321afe1a9

  • SHA512

    c1968786bb162d0d180588d266b8855056687b6e634909054a6dc6687cc25fba4d6176e778f0c16f0b37d0dfbdf32629c76de022c8f8626c55de5af26c4fd53d

  • SSDEEP

    12288:Z594+AcL4tBekiuKzErDNhv9WxbswZAr33Slxlgkl:BL4tBekiuVrv9Whsf3uLgk

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-23_4c5e5aa78ac9bb1576c3d7fc70125f1e_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-23_4c5e5aa78ac9bb1576c3d7fc70125f1e_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2408
    • C:\Users\Admin\AppData\Local\Temp\4588.tmp
      "C:\Users\Admin\AppData\Local\Temp\4588.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-23_4c5e5aa78ac9bb1576c3d7fc70125f1e_mafia.exe 2A09537970E0222E89B0AC766878C1355E08FEF42368E1F1E9E13B97A097BCE564EAE166E39806417362E726F181B3EFD0D155A7BBE0FEBEA95708A17084274C
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1948

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\4588.tmp
          Filesize

          365KB

          MD5

          a25eba8be4ea3578749e2ef9b7a05de5

          SHA1

          d5c9e3ad6a392499a212675f4c46d670e0c2e873

          SHA256

          2f9adcdab2eb29e8ec6e4c1630b9879dba5351bed70549fadfef50148bbbfa5a

          SHA512

          6861c1994cba4a9fa9719f3f8289a9516b66fba362b417034316527e3694b086f279a1bfaba628c6b9c5bcb8d4ddc790d55ad8655daa71d2b8585edb5bf56e72

          Download Submit

        • \Users\Admin\AppData\Local\Temp\4588.tmp
          Filesize

          428KB

          MD5

          7bcb74e5fa3add2de3722791e43325e7

          SHA1

          270bd19b19c8580b4a7a5d8ca4748be1aa81f146

          SHA256

          ca638a0a218f1a95ac508bea6daf50eeb5d40285be3a01731bcd78abf2c11db0

          SHA512

          40925173d279467021cbfce47336c023addb0f48b0318c9a138b09f699ba53d5c1abc4a2f1cb9a6087651a5047a5ea15ee49070127a6f162ac88943cc767d257

          Download Submit