Overview

overview

7

Static

static

3

2024-02-18...ia.exe

windows7-x64

7

2024-02-18...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/02/2024, 17:45

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-18_62bc7a4fd67b7e58e204c40d75e096c0_mafia.exe

  • Size

    468KB

  • MD5

    62bc7a4fd67b7e58e204c40d75e096c0

  • SHA1

    96b9a4c907461bc3d5b04acdac4eea79d855670f

  • SHA256

    03a9c173ba28b055d0f5ab225a70f8632aee54dd87a64c998dc6ddb5677e442d

  • SHA512

    3b44084d4bba03b0181354fac8c9e32dd84a13b8f432a86ad0730c29639177c3f2cc0d576cfcf0e79d114f652f448cd0b59421fe3216384889126bc43a5692ba

  • SSDEEP

    12288:qO4rfItL8HG99hR41i4/wzZKIHPEqigIqii7bWmeEVGL:qO4rQtGGvhWi4YZKIvWuumeEVGL

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-18_62bc7a4fd67b7e58e204c40d75e096c0_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-18_62bc7a4fd67b7e58e204c40d75e096c0_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4724
    • C:\Users\Admin\AppData\Local\Temp\D62C.tmp
      "C:\Users\Admin\AppData\Local\Temp\D62C.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-18_62bc7a4fd67b7e58e204c40d75e096c0_mafia.exe 3B018C4AD8C1C5B19C31AFFC03E76C9FD87C7C3F1012A11220590A5C16401440CECCBE2DF4B939B60D3F8D70A48359E5463FFF76D5D1DF451DCB0BDC23853554
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3928

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\D62C.tmp
          Filesize

          57KB

          MD5

          86793f514c471694cc14e934c6fd25d4

          SHA1

          e877739b53993823877ebe982caa63e4fe961be1

          SHA256

          6f802e8b2be5ca2e8855b215b9d8318783476116c688603a84b25f1368e9b2f1

          SHA512

          79d8ab1f7c6db1bc0e536399b8065b15bda33b2e15a9e48e432d9828636024cefeb55fdd651e20a518b973d348d738aca3ac5484f0ae5a20703ffd01d43223e1

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\D62C.tmp
          Filesize

          90KB

          MD5

          4f1b42543e2c51a97d302627925ad01f

          SHA1

          35038f687b98f70f24f6e1eeca3417195bf8ab9f

          SHA256

          18068aa5e23e033c934e2293d0b02741c930cd5b2407a87deeb9bd9ce48a186f

          SHA512

          dacb9913d25a72e0bd7a3c6fda5b76fb0501febfbf6d368499bca9fd0b7e4ca6b7d26a798a8a2fa50f9f5d16ca65ef3d6ff8a9d96ef442ef8d62fbc54c0bbf0d

          Download Submit