Overview

overview

7

Static

static

3

2024-02-17...ia.exe

windows7-x64

7

2024-02-17...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/02/2024, 17:43 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-17_bd97dff96636e4a80726e836f950a648_mafia.exe

  • Size

    476KB

  • MD5

    bd97dff96636e4a80726e836f950a648

  • SHA1

    610a622e6d9db653a82899daaddbf0efd0812a03

  • SHA256

    8878f759d9c8e2cc2463d0ac42664cc6bf61869899d8e695bdca92e121183292

  • SHA512

    f17556a2f3022c3bcfd070d91bf67d27ffec459cf6eeb05392bd692f7d2065ce70eea1240da52bab76e2bcd92a01f572210106ed037e430c52ceec487c96e66b

  • SSDEEP

    12288:aO4rfItL8HR+0QEPjQCCG2K60quFwi0koIV4Q+7K9wlsDpVFd:aO4rQtGRrDPj3g7CkkoxQ++9wlsDpVFd

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-17_bd97dff96636e4a80726e836f950a648_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-17_bd97dff96636e4a80726e836f950a648_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1244
    • C:\Users\Admin\AppData\Local\Temp\A9EC.tmp
      "C:\Users\Admin\AppData\Local\Temp\A9EC.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-17_bd97dff96636e4a80726e836f950a648_mafia.exe B222CDDB47DEB59FF0A17D64C1262EF0D67BEFFEFC064197CA0EAEAC86D364998D6528AAC5F70ACC9FAA3E892C52DC4D27E730FDCF11EAD6AD4FCF40F843A937
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1636

Network

  • flag-us
    DNS
    183.142.211.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.142.211.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    202.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    202.178.17.96.in-addr.arpa
    IN PTR
    Response
    202.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-202deploystaticakamaitechnologiescom
  • flag-us
    DNS
    22.160.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    22.160.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    241.150.49.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.150.49.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    86.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    86.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.31.95.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.31.95.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    217.135.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.135.221.88.in-addr.arpa
    IN PTR
    Response
    217.135.221.88.in-addr.arpa
    IN PTR
    a88-221-135-217deploystaticakamaitechnologiescom
  • flag-us
    DNS
    209.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    209.178.17.96.in-addr.arpa
    IN PTR
    Response
    209.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-209deploystaticakamaitechnologiescom
  • flag-us
    DNS
    19.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    178.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    178.178.17.96.in-addr.arpa
    IN PTR
    Response
    178.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-178deploystaticakamaitechnologiescom
  • flag-us
    DNS
    171.117.168.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    171.117.168.52.in-addr.arpa
    IN PTR
    Response
No results found
  • 8.8.8.8:53
    183.142.211.20.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    183.142.211.20.in-addr.arpa

  • 8.8.8.8:53
    202.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    202.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    22.160.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    22.160.190.20.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    241.150.49.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    241.150.49.20.in-addr.arpa

  • 8.8.8.8:53
    86.23.85.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    86.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    18.31.95.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    18.31.95.13.in-addr.arpa

  • 8.8.8.8:53
    217.135.221.88.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    217.135.221.88.in-addr.arpa

  • 8.8.8.8:53
    209.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    209.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    19.229.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    19.229.111.52.in-addr.arpa

  • 8.8.8.8:53
    178.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    178.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    171.117.168.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    171.117.168.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\A9EC.tmp
    Filesize

    476KB

    MD5

    00b55b1491a89c2022e3cfc59a635877

    SHA1

    7ac69b4d9101a2d75f919083f7153fe04e178751

    SHA256

    af50de44ffff92787b6f1c6d6358408301b722d63adf75a615ec16753098cfeb

    SHA512

    e8e55dfe73a6ba975f1d928da6b17f129aa5e87c6d70ff400dde5caf1837bbaec11314a414bd8431711fd0771f6fe83781bcc52f53281eadaaa329035e3b00e6

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.