Overview

overview

7

Static

static

3

2024-01-29...ia.exe

windows7-x64

7

2024-01-29...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29-01-2024 04:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-29_15c233e23d1d051f3b1aa38213967ee6_mafia.exe

  • Size

    433KB

  • MD5

    15c233e23d1d051f3b1aa38213967ee6

  • SHA1

    d5dcdb21941953c7b9fdb32cb7ca871db9ed6e06

  • SHA256

    01ac46693e1a444e64f73e1f1a831b743e66c65b4f782009e102e8ef8e680789

  • SHA512

    80d199a50949f0958385198cfba4f8103ec1e76e923dbb2ccf4feb767abd006d539fc31ee83ed24dd4661f33e24f27d896a4461e478cc88fa95f02468637e9f7

  • SSDEEP

    12288:Ci4g+yU+0pAiv+2ZtRLppUun40L1ZuGchcn:Ci4gXn0pD+cTLpKHW1ZuGgM

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-29_15c233e23d1d051f3b1aa38213967ee6_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-29_15c233e23d1d051f3b1aa38213967ee6_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:760
    • C:\Users\Admin\AppData\Local\Temp\82B7.tmp
      "C:\Users\Admin\AppData\Local\Temp\82B7.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-29_15c233e23d1d051f3b1aa38213967ee6_mafia.exe 470F93D8051451BE835073A556F59089AB8E0D71514DE59FB81096E148B3EA8AD2A49961731E3FD8D706DB8F68E08FCF2A416C38C8BE6CE83AEC6E99741C12AB
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\82B7.tmp
    Filesize

    128KB

    MD5

    4d768fe237241d9eeadabd4d1eba5ea2

    SHA1

    7b853cc464398bd187c539455ae812f858bd3995

    SHA256

    a959e1d40f89101359a5684c26e8cde82d4205673c4df99c78a6e7d24b1e4308

    SHA512

    712cb2dc8e789dee92ede5e385589eabf4a92a5fb68b9ad980cbdf7b9e47d23ee8d3a9f4fa2ef89f733301baf824f13318402c74cfbf8a57591cf9468800011e

    Download Submit

  • \Users\Admin\AppData\Local\Temp\82B7.tmp
    Filesize

    256KB

    MD5

    56a70d8b72eb50e17ceaf0999bdd0a18

    SHA1

    3f9873b867592082c6263667ccfb670709f79bd0

    SHA256

    c83cfa9e6925e69a3d30163ada3eda3496a101f94b8ba84ea9bb99d266662dee

    SHA512

    c8f10b43e44b85e9f4c3b9686b62f3b63ae82a9e79b1bc88d9139b1fa6bc913040dfb7c8a9719ee860aeaf35199bdc04bff6656011eb29e16d5cb8947606cea6

    Download Submit