Overview

overview

7

Static

static

3

2024-03-07...ia.exe

windows7-x64

7

2024-03-07...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    07/03/2024, 00:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-07_2ea73117f69c15c1b2e4644b746f6e24_mafia.exe

  • Size

    444KB

  • MD5

    2ea73117f69c15c1b2e4644b746f6e24

  • SHA1

    ee4914244c357f4e3d9f2ed6f95632332183ed3f

  • SHA256

    51ae1e3326f3c9bf7dba0b59c39c464f8a810e375b82931647be3518e693aade

  • SHA512

    53c8ee68e1b954eca85a55d57a951dd0c1d9e6781db761985a6736f0e775990035b8b4a3dc391ae5081781f5bf5289db55d25fc78fb4c52bd7ecbe874acef11c

  • SSDEEP

    6144:fFrJxvldL4c5ONK1xgWbd1s79+iStbpzl0fOzpL8HZ4lfsSYM8Zdq/9QzjEuumS:Nb4bZudi79LeR0mOcb/9iAuiA

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-07_2ea73117f69c15c1b2e4644b746f6e24_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-07_2ea73117f69c15c1b2e4644b746f6e24_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1136
    • C:\Users\Admin\AppData\Local\Temp\8FB2.tmp
      "C:\Users\Admin\AppData\Local\Temp\8FB2.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-07_2ea73117f69c15c1b2e4644b746f6e24_mafia.exe B5087D7E42078094B70DBE8176033DEB1A93233EBC6F313B9E8DC155A04878F8B2750D5D3CF1DB0EA1D413CECC7E3E6C8EFDCC10E697ADA3741382AFC046EC5E
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\8FB2.tmp
    Filesize

    140KB

    MD5

    e5682f46164f13d997ad38fc889bc2af

    SHA1

    61af760fd9d3cbbd1d8be022f6fd6421415361e4

    SHA256

    b9950350b24dbac37302daa83998569efb1659efa46994c7a5dc38819441cc96

    SHA512

    558ff0c1081b9f237535266e36615532fe01baa954ccc3b5090ff07131fcd54c07438998c67534f6dbc52528d736b5bb6abf8c9da27820ff1e72006ce915384f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\8FB2.tmp
    Filesize

    324KB

    MD5

    f09fad0dd17af8b6456aeb6e02836d15

    SHA1

    7ce391b0633d4477e22c1c4551c675305764392c

    SHA256

    67ca6b9c4617ba5b67330cbc7c640788087cf2b7b8bd424b56e889ffc11009ab

    SHA512

    860a0c84ff3e3e94518183b8aeb54d7f03d5f2c48414c7a27bb69f1d87cb9e0687531677a3142fc58c7c3444e3f9b2724e6ebb1d6ee8137842353edfa7f88e4d

    Download Submit