Overview

overview

7

Static

static

3

2024-01-28...ia.exe

windows7-x64

7

2024-01-28...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    94s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/01/2024, 12:45 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-28_9cdeb439e4af837fe7684abcefdbe503_mafia.exe

  • Size

    411KB

  • MD5

    9cdeb439e4af837fe7684abcefdbe503

  • SHA1

    7f9d1fb53cfd144c44d35072ad1fd6b0d051f60c

  • SHA256

    cfc9f502565b91ae81a4fff76f470b52069d7b7d0106e72c3cebaad5954d1b4f

  • SHA512

    0f71a91e3a7170b48b92467a11cb701651b9a5f89eafbb20a8fd5da2ef793407e5ee94473f8d153508eaf35a258db586c38a57599366c30d45dfcbe009dcaaa9

  • SSDEEP

    6144:gVdvczEb7GUOpYWhNVynE/mFaZHFEC4V5q1pi+2Cfs9t8D6PEouVPZWTFcZqHI:gZLolhNVyEZ/di6fs08OZWJcZqHI

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-28_9cdeb439e4af837fe7684abcefdbe503_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-28_9cdeb439e4af837fe7684abcefdbe503_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3380
    • C:\Users\Admin\AppData\Local\Temp\AB63.tmp
      "C:\Users\Admin\AppData\Local\Temp\AB63.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-01-28_9cdeb439e4af837fe7684abcefdbe503_mafia.exe 1A12FCC89C09D4FD1B3A6C1DD5F629E475EDE5402DF75789EF6F8F54C53907A291F84691EBEE79A569CDA0CA2A814E1BE249C6A3C6583670E826E81D1D15FF66
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3136

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    154.239.44.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    154.239.44.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    0.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    232.168.11.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    232.168.11.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    183.59.114.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.59.114.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    171.39.242.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    171.39.242.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.134.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.134.221.88.in-addr.arpa
    IN PTR
    Response
    18.134.221.88.in-addr.arpa
    IN PTR
    a88-221-134-18deploystaticakamaitechnologiescom
  • flag-us
    DNS
    209.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    209.178.17.96.in-addr.arpa
    IN PTR
    Response
    209.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-209deploystaticakamaitechnologiescom
  • flag-us
    DNS
    180.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    180.178.17.96.in-addr.arpa
    IN PTR
    Response
    180.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-180deploystaticakamaitechnologiescom
No results found
  • 8.8.8.8:53
    154.239.44.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    154.239.44.20.in-addr.arpa

  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    0.159.190.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    0.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    232.168.11.51.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    232.168.11.51.in-addr.arpa

  • 8.8.8.8:53
    183.59.114.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    183.59.114.20.in-addr.arpa

  • 8.8.8.8:53
    171.39.242.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    171.39.242.20.in-addr.arpa

  • 8.8.8.8:53
    18.134.221.88.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    18.134.221.88.in-addr.arpa

  • 8.8.8.8:53
    209.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    209.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    180.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    180.178.17.96.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\AB63.tmp
    Filesize

    411KB

    MD5

    9b8085fe7dd64283c6553cca58f0fbd6

    SHA1

    065e1cffbc382e8b83821f03e77d6ec09f0e0b4d

    SHA256

    bf82ecb68352a307e856b554cb023698ac67586cabfc11a62ef930dcd554dab3

    SHA512

    01befe8d88afb263d6fcb57800d59be399b7cdcda7b7f4e7d8fdd92352df84456d361ac599cf1dc5c3197eeb7f9d1f670fc554a16ab790128fb67c27efc557c2

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.