Overview

overview

7

Static

static

3

2024-02-17...ia.exe

windows7-x64

7

2024-02-17...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    17/02/2024, 15:25

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-17_29ab14f680f4a6a6f46ec11b4d632d0d_mafia.exe

  • Size

    384KB

  • MD5

    29ab14f680f4a6a6f46ec11b4d632d0d

  • SHA1

    cc72d5c4cf135f4834c53f6a6a2cf5f5ebcd5ef4

  • SHA256

    5eac441e26c74afdc71f98cc701a71b60f31c95c520cf6b97342451c16cc1a9d

  • SHA512

    fdb36bf45598e10dc9fc37d1506c3ec40ad82fedc3ddb126c98f71a6d2f683954f887c3133b73b4b9e10fa69b70aea32762498b0062a1db9098e74d641de2fad

  • SSDEEP

    6144:drxfv4co9ZL3GBGgjODxbf7hHyWVuHSvONFnK8OUYKt90nblDkcPPttSrpZ:Zm48gODxbzgWVuZtnlC+OPopZ

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-17_29ab14f680f4a6a6f46ec11b4d632d0d_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-17_29ab14f680f4a6a6f46ec11b4d632d0d_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1680
    • C:\Users\Admin\AppData\Local\Temp\D0B.tmp
      "C:\Users\Admin\AppData\Local\Temp\D0B.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-02-17_29ab14f680f4a6a6f46ec11b4d632d0d_mafia.exe 3D39EDEB97F613AA78079E8638F964E0B4F513FB2A74528401C5CC792B62AAADF63FE8D7B913D23CFC5CC1A6920D546D9C6013B7B0AE4D0FF7698A5E654EA396
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2368

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\D0B.tmp
          Filesize

          145KB

          MD5

          54a4c506bc723a26e59198417a959ba1

          SHA1

          4c718c6a3496fe0dfd4ac54b2bbd867a468bfc8b

          SHA256

          50b3ae1f31cd2b87ddc3a2b68edf713d64d2d6c6dff29efe80e0ad24509a1036

          SHA512

          083f0092b2439e7cd60d5d4d351c022b26a281780eaeefbed322682001882d8802b3468750b473cfd5cd8920f48cfdb94bdd1dc234bf2365a1ed0735a0d424c4

          Download Submit

        • \Users\Admin\AppData\Local\Temp\D0B.tmp
          Filesize

          174KB

          MD5

          803f97368f7c9e0f1438a560983ee83e

          SHA1

          4be90325ef33ac9a1bd4137b3ebdd470448ad564

          SHA256

          ce09d24c17e116055ccec95db235089749bf9ce0ea47168566ab8b406bd1c62a

          SHA512

          a5c7c2cb2be47cdcd7d44739b01c8c96689ac741c4360b017dda9c75c81f3a9df62057a81e8e6ceabb88ab4dbe69f4046cb6ee2643f6f5a4df0c4bfeda46077e

          Download Submit