Overview

overview

7

Static

static

3

2024-01-26...ia.exe

windows7-x64

7

2024-01-26...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/01/2024, 00:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-26_492c4180b25270cf44b61b12ff4b14ba_mafia.exe

  • Size

    486KB

  • MD5

    492c4180b25270cf44b61b12ff4b14ba

  • SHA1

    2d27ddea1a4c3959f1dc29b11f27066609c181cb

  • SHA256

    322b53373877099e864090413b654243df11deeb7a113d06947fc7b8424ced6d

  • SHA512

    91d95f0f59f9e1f38e70d37361bb889183d56949e6b25dae7a64478058561ec6fd47b954ec3a197f517d33bf313c481e81b2023f231b44142d3c0842da4399db

  • SSDEEP

    12288:3O4rfItL8HPZVptUM1Hb+VbRLrTLurENd+7rKxUYXhW:3O4rQtGPZVptUM1KFLrPurmd+3KxUYX0

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-26_492c4180b25270cf44b61b12ff4b14ba_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-26_492c4180b25270cf44b61b12ff4b14ba_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3988
    • C:\Users\Admin\AppData\Local\Temp\48FF.tmp
      "C:\Users\Admin\AppData\Local\Temp\48FF.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-26_492c4180b25270cf44b61b12ff4b14ba_mafia.exe A5B54D0690D95A37215C5C48165FC92727EDB5258E0151383CA13968812502D120CD7500627B16A63E8FACE9E2400D6C01147067F784DAFBCD55F11D510200A2
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2416

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\48FF.tmp
    Filesize

    295KB

    MD5

    5c49296303b0ec67fe772f9232159c5a

    SHA1

    a413e23c7e6e0bf32501459f6029ec0a3c6953ee

    SHA256

    a4ebf9ce9090c7da4b779e66c4f195de2737c0ef0e44f1d761e2e4ae90cfa871

    SHA512

    9c81fb61a63ca41fbd6dcc302129051337c1c41bcb3aa0de57770bacf97c3b8b9b40485fd1c535bd6807224fec8d2487f56165a84120cd4f4110f1667cd19d18

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\48FF.tmp
    Filesize

    423KB

    MD5

    b06b710694e50117ae703a6804d8cb56

    SHA1

    d8df7755b6103b37071b21faefe3dcdee14dd9b3

    SHA256

    c13794b8766c161b4783c3027bf662a64cf56e37ba1cebcc6e5fb7c9ad1e0d2e

    SHA512

    f05b36b99444b6a14a4b138eb6b37a73fc91c24762deb5c3e07be6789958ecd1ac530a6cf06c5c7b6ddc09db9a8acc2e7ad97e78392c16071fa6d1cfae108279

    Download Submit