Overview

overview

7

Static

static

3

2024-02-28...ia.exe

windows7-x64

7

2024-02-28...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/02/2024, 07:46

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-28_61344ef84974142eac26578e1745aa91_mafia.exe

  • Size

    412KB

  • MD5

    61344ef84974142eac26578e1745aa91

  • SHA1

    a7544ce35bcfea200da110b79ee4339bdd579428

  • SHA256

    b58ddd9f70072a8e7a5516f0f920fdd508b000ef3d9b5219478d3e5f9c996d0d

  • SHA512

    ee9e388abe11c33344053e4a416d74c39c5ef9f46e7efc1fa755747c3c4761abdfc6aa438d6a7354a4f7f5898cd4d9ed0e4a0503213480815f4b53840df2f5f6

  • SSDEEP

    6144:UooTAQjKG3wDGAeIc9kphIoDZn4osiQP8aqt9qXOyTZz2AVBK6T+tfdP:U6PCrIc9kph5DPq+y9zPNTmV

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-28_61344ef84974142eac26578e1745aa91_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-28_61344ef84974142eac26578e1745aa91_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3504
    • C:\Users\Admin\AppData\Local\Temp\1CBA.tmp
      "C:\Users\Admin\AppData\Local\Temp\1CBA.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-02-28_61344ef84974142eac26578e1745aa91_mafia.exe 6E03FFCB33800283C584F4178EBE2688F535E9E4E4336DB5B4173FA47FA4BD98CD3945D4B10F540B457AD6EA70936895082D96D7A7C12EFD3CC836056767903A
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1784
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3592 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:4268

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\1CBA.tmp
            Filesize

            412KB

            MD5

            9a8d4a60db588cb3b3952c6048cc6ec7

            SHA1

            65df55a6c158c88b0f840a1d783e9dc4f5a8fc5c

            SHA256

            d76bf42cda25809b4c1c41770a8f31a6c3f34c7a88ae3ce91c3379cb6bb645f9

            SHA512

            2996ac37f28c5326ebbf63ab4b5a808e3d0ab931ecce6ba41e09bc64f493a65e7e243c3428bb107654010ba62bce3ba92774152a971444e9deeecf38db5a3b9d

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\1CBA.tmp
            Filesize

            112KB

            MD5

            f7c134b0edd5c8d86907eef74e499c36

            SHA1

            66dc98fe88c73db4fcefd8d901068314644676f4

            SHA256

            5fb51035a8cd64a190267dd638a8b85a77c22ca85ca1e5831b96388e72c1d14d

            SHA512

            105ed0cef85db665e45a8de098c00e70497d6e117764c0d3638450090aa6a1f6d4bcebc375db5f72699b12eaec00443eed5b373b9b8a0d750077a32a5a738043

            Download Submit