Overview

overview

7

Static

static

3

2024-02-28...ia.exe

windows7-x64

7

2024-02-28...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    114s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/02/2024, 09:36

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-28_67d1ae004fae2a93774037f7bd759949_mafia.exe

  • Size

    486KB

  • MD5

    67d1ae004fae2a93774037f7bd759949

  • SHA1

    9f9735a6dc9a84f033e3a5100d5286bf9ce16a20

  • SHA256

    25ae2f0e3366ef2e4022f6c6e3d2995f66c711e39df74d5138f0f34709f3c276

  • SHA512

    3b7e7f5251990192ffcca4a1dab51490107788ff12c0182894221f5526064278c75ba68ed92252469a78c738ab30dbf67b4ff43ec0de270a619dc95ec7e72e23

  • SSDEEP

    12288:3O4rfItL8HPwxkairukg/OFiLU56Gcx7rKxUYXhW:3O4rQtGPw4PAAaK69x3KxUYXhW

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-28_67d1ae004fae2a93774037f7bd759949_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-28_67d1ae004fae2a93774037f7bd759949_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:372
    • C:\Users\Admin\AppData\Local\Temp\467F.tmp
      "C:\Users\Admin\AppData\Local\Temp\467F.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-02-28_67d1ae004fae2a93774037f7bd759949_mafia.exe F10ECB95AC0FECA61D7AC5A52F0B8CF06362C6CC7DC3CECC9C4E69A445157127C93A55000E0725EF74069394F8D0D896078431A8A7A2BBFB3E06E37C8391D788
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2240

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\467F.tmp
          Filesize

          486KB

          MD5

          4b9f5a7603e6194e7598673ed57caf0b

          SHA1

          d840d6fc89d39eed97edd236e66543b2413f3e99

          SHA256

          48bade13e32caf7d7cb8be6c41beb8e8a932aae5718151e1b18f7bc8edfda921

          SHA512

          0317b5c38deb9026ec5f2bae9d8dc0dd190ac69aa9d5857b044dee74e7c4ad48f689a47f9e2bb8a9200f9cf5c0bdba8e9ca3a2a659d1d5127ec44a0687750ac2

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\467F.tmp
          Filesize

          448KB

          MD5

          3ba2c0a85e0520a30cdc46d4cbad75ac

          SHA1

          c703d5023402124734338298e0e03357df76da41

          SHA256

          dfe4d66dd2bb4ff9f7dbd9cf0b060e9e09feb40e3ad9e649faa33ccaf83242b0

          SHA512

          e0598aa266553841c7b32e61b513303d320eabb8a7ef3acd6ac0cf68be1fb3526f1c4628ad7a7807837a751dd82d9e093d4b25ec273f08f09019032f503c2408

          Download Submit