Overview

overview

7

Static

static

3

2024-01-28...ia.exe

windows7-x64

7

2024-01-28...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    28-01-2024 20:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-28_bd0a5fb1e9524977f1933429a30b2707_mafia.exe

  • Size

    443KB

  • MD5

    bd0a5fb1e9524977f1933429a30b2707

  • SHA1

    69b5fbdbf8709d72cb6dc86b7a98dfd92798441e

  • SHA256

    ca75e6849c2894a3d8e587e11dedf1a9c491966e946e5dfa718f42cd2871bb92

  • SHA512

    af7b5e546df1dfeba549ca45c2b9c4af1e62bb64a23d3144fcb462137efda6d85c5f85267bd5fde617c30b007ce8a1efb96cb513c94c092192a56391a57d6f04

  • SSDEEP

    6144:Wucyz4obQmKkWb6ekie+ogU6BYk8SbN71KJB1jCstGYO2s93t2Vf84EAfFHGvlMa:Wq4w/ekieZgU6DR+BvA289GjEoFclMa

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-28_bd0a5fb1e9524977f1933429a30b2707_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-28_bd0a5fb1e9524977f1933429a30b2707_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2060
    • C:\Users\Admin\AppData\Local\Temp\4318.tmp
      "C:\Users\Admin\AppData\Local\Temp\4318.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-28_bd0a5fb1e9524977f1933429a30b2707_mafia.exe 0E4A4946128081E048CE12F30A5264D769B41E8493AAD2EE9B9E2C785BB8531B51D124C345BC113B8EBFF117BCCD9FDDE2443B271BEB2F918CB5F9A1D327D39E
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4318.tmp
    Filesize

    64KB

    MD5

    c17aab0a96f6b0d6436d6a09e5818e2b

    SHA1

    0a781d33fd0140295567e68185c4b90a1db62c46

    SHA256

    6dcdb85eb8075f95f71307036af3e948f8bbecf0a6681e599f368185da3a5eda

    SHA512

    486d597c166e969684bea733efe43afe8d0bc6c5ed3ccae8bea775c21e4aa97a675013b435087d8d0e55668dfbfe20dee6eba64c0a9ff233b4b21a69685fe202

    Download Submit

  • \Users\Admin\AppData\Local\Temp\4318.tmp
    Filesize

    256KB

    MD5

    3256cfc92ab1447ae760e6a91df035a1

    SHA1

    54d9ba76b8835550523c48a6ca26edc1b20e69dc

    SHA256

    6d19acc723f448948423c97faa7c4d80f468e0441ba0d7c2710fedb7b5771b3a

    SHA512

    b387123cba2a317e261dae02b78ec61c5671ef78c3db48ad01fb5f312f459c53786073404104d4fb0368d45f27220100443f4e538485dabe32903b375d89fbab

    Download Submit