Overview

overview

7

Static

static

3

2024-02-03...ia.exe

windows7-x64

7

2024-02-03...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    03/02/2024, 05:45

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-03_e969a3db6e89076ef13d3819ce9d9f59_mafia.exe

  • Size

    412KB

  • MD5

    e969a3db6e89076ef13d3819ce9d9f59

  • SHA1

    f243c600a43581530c23af1ff746e284c849fdf4

  • SHA256

    4f4aa791045f7255c0949a892766612abb5848cc709b3dd29dbcc7c2839d3a98

  • SHA512

    2f0dac6e292ff79a25b3e2f5636e7b862e849ea2b6f3a3e7d58e22ee13e00dd96221786172125f2b8e4dd3f48a496aabcec9be59b7290b34b9b77818a2cf709a

  • SSDEEP

    12288:U6PCrIc9kph5H+Hr4i50cZcA3EVTHw98:U6QIcOh5aUcZ0T

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-03_e969a3db6e89076ef13d3819ce9d9f59_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-03_e969a3db6e89076ef13d3819ce9d9f59_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2536
    • C:\Users\Admin\AppData\Local\Temp\648.tmp
      "C:\Users\Admin\AppData\Local\Temp\648.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-02-03_e969a3db6e89076ef13d3819ce9d9f59_mafia.exe 2004C83A1CA6F57A19ACC7147DA9371EF1775CFF0972125B0F205BEE9A765ED357866189266F835925836A28779E471B25E71E9011C3AF144A8B1D994BAD452E
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2220

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\648.tmp
          Filesize

          192KB

          MD5

          215871bd17d3c6843f97d59d4fe26203

          SHA1

          d446eb864dc39f8190eb259d1b6c03e1e35ada88

          SHA256

          8cbc04dd93d79c4d562af04fe1a659616e036796d744db1fe30ac0287d04e25e

          SHA512

          f28cefd5afbd9b14ff5fd87f121b72e8ba3113d08ad2553ace033d0a911dab511ffe4f2762922683adb9a8060831e396492ed8e619ce2cf9873500e840eb1106

          Download Submit

        • \Users\Admin\AppData\Local\Temp\648.tmp
          Filesize

          384KB

          MD5

          59c10db06f10ce5d5216b321bba04580

          SHA1

          841d07813633fc931a4572333363af70c4138fca

          SHA256

          389682737c24c31822dbc4daadf15dc1e964d60cce268d12e52bca55e3916c95

          SHA512

          7ed59977ab949bd0b2eb18ccf7ba17c727fca192305449493fd395aed7dce8f6671d46b51eb47cbbd0ebccffa3c881542d5e8bc44d922fa5e3f67f1ea11d885f

          Download Submit