Overview

overview

7

Static

static

3

2024-01-27...ia.exe

windows7-x64

7

2024-01-27...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    27-01-2024 12:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-27_d838b78964e4515e4f11b67dea3f45cb_mafia.exe

  • Size

    444KB

  • MD5

    d838b78964e4515e4f11b67dea3f45cb

  • SHA1

    d2506ab82ce29b0b4bfb794672d3121e1fcb0752

  • SHA256

    baab1cf03747bf09aeebf7694171760f74d72532301171c931543225e848af46

  • SHA512

    74fd4aec5469e199f52943f9faa11f146d865b5a65681d9c64c4da79ac854d2fe0c5214ebdebed107e0a38f53fb4f766720d710d7f07186e9799a2031dff7182

  • SSDEEP

    6144:fFrJxvldL4c5ONK1xgWbd1s79+iStaKayJ+i9xvwqWlUYUxh7wcKrq4lwXSA:Nb4bZudi79L9KaOv9mVmwc21LA

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-27_d838b78964e4515e4f11b67dea3f45cb_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-27_d838b78964e4515e4f11b67dea3f45cb_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:832
    • C:\Users\Admin\AppData\Local\Temp\4A59.tmp
      "C:\Users\Admin\AppData\Local\Temp\4A59.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-27_d838b78964e4515e4f11b67dea3f45cb_mafia.exe 72497DE72E59A7F2862577BAFE14EE76B73582D7C5E8AA70EE14C9CCBB57677A43FE3A1F9C4745864D1C48A8BF847B185EACD2FA66128F1ED2F37B66C21A190A
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2432

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4A59.tmp
    Filesize

    1KB

    MD5

    e9b7975788304001da53d0749c686815

    SHA1

    fe462bfeeca605b01cc49b3311f5636b2eee6941

    SHA256

    a6021a98f842ebc4d8ca4053e71316372db975389fb8b45c5345b4e92e781385

    SHA512

    ae97c65e495ce89837b6a2dc658902ee581ebc37865cf4aa8764c3c38ecb47e78b1e199beb8058a5feca9f0d1b8cfaa9bdb927a7ee03a6bed38b3aba90d531a6

    Download Submit

  • \Users\Admin\AppData\Local\Temp\4A59.tmp
    Filesize

    33KB

    MD5

    1241c84c0663eae4a785968fcdcafdb0

    SHA1

    ecb3e97bc1a9cd4dfb1a0157b9e51dcab29c104d

    SHA256

    a20c64a1f05a69e29e850c59e3a52ef5507556c49e89777a68744d5738884eab

    SHA512

    ddbdfc2a3c2c2522f741d0e7e62afba746f8020dab0957b8d60a73a272e78707d80d0541176f7830fc8576b1b0e72ffc184b7d6298cd296e8b65188b12009776

    Download Submit