Overview

overview

7

Static

static

3

2024-03-09...ia.exe

windows7-x64

7

2024-03-09...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    173s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-03-2024 23:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-09_636b415101765a58d97b405c3045a694_mafia.exe

  • Size

    414KB

  • MD5

    636b415101765a58d97b405c3045a694

  • SHA1

    86f169a3e4cc6833fbbc57dd931f0d648edee2f9

  • SHA256

    80406c59f879f9bd2c9bbe9bd07fb863862804d686dd70af4cedcbc06611eb69

  • SHA512

    bbe89d47f0be092f837a390235b68086a3ee948a3f1c5d920cd0ec762345763bbb20e2ce8f0f64972cb0217e68bc87903eafeda220e6d63991a7f489727d5b57

  • SSDEEP

    12288:Wq4w/ekieZgU6/agLUP/usVXiTdL9u7UkyjIpl:Wq4w/ekieH6ig4PCZLY7Ukyje

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-09_636b415101765a58d97b405c3045a694_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-09_636b415101765a58d97b405c3045a694_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:696
    • C:\Users\Admin\AppData\Local\Temp\6099.tmp
      "C:\Users\Admin\AppData\Local\Temp\6099.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-09_636b415101765a58d97b405c3045a694_mafia.exe 164F10ECAEA583AF10BF1F3ECC0A8C7758ECE93E80D6862D34368B366A073BC389D29A34BED92998F5BC9597AAE8E2BAC1E774C83A441EBAB8BD3A9191E18562
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1332
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4140 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:2820

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\6099.tmp
      Filesize

      414KB

      MD5

      715c45f8ad7c73e775e336a8e6434e0f

      SHA1

      009a24a4f6a932b27d953a1801219620876e67f4

      SHA256

      86ce7671cc2ee0144916c96b5717cb38ebea510d9b146c991be778dec5bc66ca

      SHA512

      6a8ead5f09093054c3c7392dfda2603b0bb20725dc4dc8b43c1e3044ceb49678448753fcf338050cd6511377ed4631cfcd24035518e19fa07b2197c524885889

      Download Submit