Overview

overview

7

Static

static

3

2024-03-08...ia.exe

windows7-x64

7

2024-03-08...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08/03/2024, 06:08

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-08_a5db5cd7e40d862cf5c16bfc941c4714_mafia.exe

  • Size

    428KB

  • MD5

    a5db5cd7e40d862cf5c16bfc941c4714

  • SHA1

    4a49b7c569d1e30033f3fc40543aabf6558c0659

  • SHA256

    63a6b97ae89632ff16753d2361b4e23058bfcc440e45fb331295297d18dd8b4f

  • SHA512

    e726462f3c081c21fdbfa0967272f2a17b708c0f9cabb2b8334473aee0ed2a60c789828a544065736cdbb2b3d2430d4397293af0339097054c82ac88995c13e2

  • SSDEEP

    6144:gVdvczEb7GUOpYWhNVynE/mFWHAhHNPwDFycorEs3iPSdFooEPjUlHCjsqHR:gZLolhNVyEdgLQEFEsCqOUnqHR

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-08_a5db5cd7e40d862cf5c16bfc941c4714_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-08_a5db5cd7e40d862cf5c16bfc941c4714_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2212
    • C:\Users\Admin\AppData\Local\Temp\428C.tmp
      "C:\Users\Admin\AppData\Local\Temp\428C.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-03-08_a5db5cd7e40d862cf5c16bfc941c4714_mafia.exe 39CBC491C5CD61E7303FE0E609A376683C8DB22DE84D908527DB25E425177BE3EC07B534B6752A1F150DAF7CE832B909BFCE0860634178D5F71CEEE2B439C1AF
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2860

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\428C.tmp
          Filesize

          42KB

          MD5

          9195d30e27f376145e5586a62fbde472

          SHA1

          49479556daa4c969ad5b04f4d304c34fcca3406c

          SHA256

          8300ccaf6fd09dadfd421d8312041fc668b292bd9c44d0c0feb081ed4946fab7

          SHA512

          75b4b14134bf5057ea4663471a18ba8b31293166a0173e0a2a4bc1e364ef07bbd9418fe4aee511fd4335968bf1600d3fad1d70c54c5b98b0cdf164eb7bb56841

          Download Submit

        • \Users\Admin\AppData\Local\Temp\428C.tmp
          Filesize

          91KB

          MD5

          5fd4a633e5b094bc84984fa5b033268f

          SHA1

          0b6ddb1a402fa9f9f751985a9eb631d7e0383c76

          SHA256

          b62e4f6364bd26c143167850a2682460eb36db0263bbdcd600be749520e6c3d3

          SHA512

          3bbde394ce454d3ca2c6fdbb8bc52a7733883c8d00d5cd4bad1849efde988ef6bebe20710117dc8e85284724b88230e7ac6a80557eed2df830f0c488c1c04db9

          Download Submit