Overview

overview

7

Static

static

3

2024-02-12...ia.exe

windows7-x64

7

2024-02-12...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    12-02-2024 20:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-12_720e5b56510cedc4aedde330352fa878_mafia.exe

  • Size

    412KB

  • MD5

    720e5b56510cedc4aedde330352fa878

  • SHA1

    7a3de0ac0d024bf5e3e9e45f8f783082db514964

  • SHA256

    69615f44a22bc2e2345ca6fb4d1c31695c3f7ff5ea28d9d88848b5039e887a86

  • SHA512

    6db4fb58ab412d206ca426c22234dfbf33f7fe3d13956e049ca10910197c390384cc95169b24718d1e0ce6ee6f46e325e53d3268acc995789074f147e491c02e

  • SSDEEP

    12288:U6PCrIc9kph5W8RtRIQDvbNb162f2s7QK:U6QIcOh5vRtRIQDvbNh2s7Q

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-12_720e5b56510cedc4aedde330352fa878_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-12_720e5b56510cedc4aedde330352fa878_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1720
    • C:\Users\Admin\AppData\Local\Temp\9FF7.tmp
      "C:\Users\Admin\AppData\Local\Temp\9FF7.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-02-12_720e5b56510cedc4aedde330352fa878_mafia.exe D4329B0BAB090CBA5D54950EB7ED797F8388C31781FB78297EBCC1DBCCDBA13439BADA346F388FFA4A4C6641396F0D533AE80A5FC4DC1CF195E69B98D8192784
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\9FF7.tmp
    Filesize

    381KB

    MD5

    a1bfb1a2d62c21e46c81d15e99291249

    SHA1

    2bc9945378e35cbe8bf74b40caa05c62f1b382c4

    SHA256

    d46338d0dd4299e8924a4b0e8d9fe36979014610ae09cb816a01cb603c574d77

    SHA512

    2376f8ac47a51f4d2bab9f5e149defd8c1e3b4fcae0e899fda6add32b0f11e1cf3ea8ba1a7dc482d50a5d3d2a27a340253660168ddd7b9b9ec687a828ce73c65

    Download Submit

  • \Users\Admin\AppData\Local\Temp\9FF7.tmp
    Filesize

    412KB

    MD5

    f578e5396d4efbe01ce9467a22ca9975

    SHA1

    3ebb611939b492304915ed6ed083fe66e36094af

    SHA256

    e0dfbbdafefbf928ffa922bc590edfa6d893c26d1cc34bc497587615b9422526

    SHA512

    5efecc43eaabe3ae41971761b137c57ee49e76c776a92584fb83d19c8975162a50562cb55a331d8ddcdd926391473ede866d41d036a64951e0ee42a85b6f01be

    Download Submit