Overview

overview

7

Static

static

3

2024-02-14...ia.exe

windows7-x64

7

2024-02-14...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    14/02/2024, 04:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-14_8b80bb9c532c81b5fa1b7a0f91664fd0_mafia.exe

  • Size

    486KB

  • MD5

    8b80bb9c532c81b5fa1b7a0f91664fd0

  • SHA1

    478ab23156b47717b4d26135e563ead79e4a7dbe

  • SHA256

    0d5165f8a41cc7d885cdf123eb451056bbfe26de338e8784a1d4fd7c7ae7090d

  • SHA512

    d81a883e4418b09749e44cccdaa2bbac1eef90d21d4d8d44ee6b4e5d95555bc606a99e6d1c2a85da4576919b2f77ae4dd08b5708712ffe69d27f091e9d528492

  • SSDEEP

    12288:3O4rfItL8HPoCsqZIVCLl19OOVWB7rKxUYXhW:3O4rQtGPZsfmVWB3KxUYXhW

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-14_8b80bb9c532c81b5fa1b7a0f91664fd0_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-14_8b80bb9c532c81b5fa1b7a0f91664fd0_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:3004
    • C:\Users\Admin\AppData\Local\Temp\64FA.tmp
      "C:\Users\Admin\AppData\Local\Temp\64FA.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-14_8b80bb9c532c81b5fa1b7a0f91664fd0_mafia.exe D0CB312B8EE267E5AB8647A1601AEB17BD541E04A189FD27D94608BD1558F71D868E83F302A54EF7BC0ABFE305F15D097AB2332E8411EB9919C8E88B3857F70C
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2188

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\64FA.tmp
    Filesize

    64KB

    MD5

    e6705a4809cde4771179db6153693d20

    SHA1

    be3c34cdf626937adf3b53208739167293c6377e

    SHA256

    20ab9e8e89fb2339b7a42d14db5a7a35650b68f16698532972da86898adc815d

    SHA512

    dc83dfa59157419d2b981c0cbf77e4252b0f4ad35d31259b86e0c43df3957f9bdd4c269f38597ff1e63e334c0ac333acd90e4cbf05a35692c0d6cfdb7919fd01

    Download Submit

  • \Users\Admin\AppData\Local\Temp\64FA.tmp
    Filesize

    128KB

    MD5

    ad6b31b36ba6ff6d5502a7007614873e

    SHA1

    309ac76466332d7dcc5423e3cc145d0edb47a05b

    SHA256

    d5f7b815241a653855840a97fc2a7afedd90e801949f0b8a7e60628e2732cc86

    SHA512

    1c5e00c54ca3e8931846783c9eeff69cb16d0c12d1b94a23ac2169090dc17b1451b2863f25a8f58c5bf53fe46b898bf1910acda0f9fc00ea3c3c668c4767c67c

    Download Submit