Overview

overview

7

Static

static

3

2024-02-03...ia.exe

windows7-x64

7

2024-02-03...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    03/02/2024, 08:32

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-03_74b4e295e65275e5b1ca56e58994d057_mafia.exe

  • Size

    473KB

  • MD5

    74b4e295e65275e5b1ca56e58994d057

  • SHA1

    587e6e100867bed5052f7fe337d902bf995eb503

  • SHA256

    4b4768db44d3f50f7d7554a529811c56e2bf899179a50bd1388b61dceab1b9e0

  • SHA512

    b99315a5093fa44b1d7011eedb1865fa0fc727e98db49125ab4c8d20a198d7e86f72fb434a36f0bc433e01285a22a93a052deeb09984b492f221caa4901ebd41

  • SSDEEP

    12288:Nb4bZudi79LZJABjs9brUciQz8oc6/cA0a:Nb4bcdkLLMjarpAocen

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\FD9.tmp
    "C:\Users\Admin\AppData\Local\Temp\FD9.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-03_74b4e295e65275e5b1ca56e58994d057_mafia.exe 16A3554A314213FB822F6B574E13FC32C904985BED8D35FFD496508F6A715D5BB1834805FD5CC3A219CE39B7342255EC9D1B016737E3E01EFC117C5D844C8186
    1⤵
    • Deletes itself
    • Executes dropped EXE
    PID:1792
  • C:\Users\Admin\AppData\Local\Temp\2024-02-03_74b4e295e65275e5b1ca56e58994d057_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-03_74b4e295e65275e5b1ca56e58994d057_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2672

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\FD9.tmp
          Filesize

          418KB

          MD5

          b5df03816de1debaf9538239f7f364c1

          SHA1

          238a48f729b3c49a2adc7128a934f1984ce7b656

          SHA256

          b2802cf9647462b0f86eedca72dd1f0ba5a15eb51e7d6d1d8ad1ef604376b59e

          SHA512

          952889bd7c385ac343c0bb36eaa474f09360644beee605e4cd87c126cc8e1569df981d1ed64147195091ffed30419b06e1ba565d51293ce23755348ded9a4426

          Download Submit

        • \Users\Admin\AppData\Local\Temp\FD9.tmp
          Filesize

          420KB

          MD5

          3148900027773fda3d696afc123927f6

          SHA1

          2eec8680e896f971a048058431d5d82583eefd31

          SHA256

          198ceef8ae17bd7aabb2d8f0ab14c823342540eb9b99b8e8b9c65f0ece0c7715

          SHA512

          23abad01151c868eea395eaeff950e844b55fa7ac8dbccb91e60b8ff32e754f3affac1591c0905bc9d8c4b667b6e81fd267e54f70cf3dd0ffbbd0638d550f8db

          Download Submit