Overview

overview

7

Static

static

3

2024-01-25...ia.exe

windows7-x64

7

2024-01-25...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    101s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-01-2024 14:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-25_e0f6be9ca07a4b8e1a868151399f9ae7_mafia.exe

  • Size

    433KB

  • MD5

    e0f6be9ca07a4b8e1a868151399f9ae7

  • SHA1

    85c535edb7347bb5b401696cc296e399fa890864

  • SHA256

    66bcf2c9008d8092ad823a78a280066a18af0546c768a92535b2dba5f82d4673

  • SHA512

    80f5666e8ba0129623662d754c5e42d667caef649f324c48c0c688429d52402241aba3def49a6eddfe390de409996ab77f6a7313cb5b58b20207f04b71bb43a1

  • SSDEEP

    12288:Ci4g+yU+0pAiv+kwFqk4gGUx6/mIQ1bDmN6pmZn:Ci4gXn0pD+5qkIoI8bDl0

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-25_e0f6be9ca07a4b8e1a868151399f9ae7_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-25_e0f6be9ca07a4b8e1a868151399f9ae7_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1552
    • C:\Users\Admin\AppData\Local\Temp\5023.tmp
      "C:\Users\Admin\AppData\Local\Temp\5023.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-25_e0f6be9ca07a4b8e1a868151399f9ae7_mafia.exe B927ACB08DCF1302E21627412EE56A9ACF0F9A10DB18C1AAD1C4A9BF508FA3412DEE3BF679E21A7973F340BEA7D4225F42CE439623EABF2A0A888A22528B4C53
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\5023.tmp
    Filesize

    106KB

    MD5

    6d6263275e571880e46d2b741fa236f3

    SHA1

    5185d7e4ad10503f025a1ce6ec8c58ea4cc782ca

    SHA256

    563c81f6ff5026f03cc865e63fd91e8c74ef5487c5b2bcdf585ff3a460a6c1a7

    SHA512

    e25596bb111e7132b161433dc7875a99e019cfe5f8892ea980f0c5edb98f11742eabf6e9e588685a18743a413a7464bc3640583345ab58001738258172f9e45e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\5023.tmp
    Filesize

    119KB

    MD5

    30c426b08af84f9899f061966d64b9a4

    SHA1

    340177fed689f7eed42fe0fb32904939ec7ccc5b

    SHA256

    34b225d5ca15263a58db77a493d5ee352c7ce39f3be27671401d461babecd489

    SHA512

    5db62b4f07d2e83c32b50c8bd248909702172b2be5339a4fa6db1241c64ac0200dd902a83d4feb96c294db4464ea2e5d4bf5b328529146c93203db4a93cb20a0

    Download Submit