Overview

overview

7

Static

static

3

2024-03-09...ia.exe

windows7-x64

7

2024-03-09...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/03/2024, 17:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-09_118511624f49e1385c5f20d3220b5e29_mafia.exe

  • Size

    444KB

  • MD5

    118511624f49e1385c5f20d3220b5e29

  • SHA1

    68516c0498afd587ab4a8a7d555f9039f9338f0f

  • SHA256

    de6b51d6b6f1422587595753d352148813e43221171005c5e72002e4292f52f4

  • SHA512

    e3bb213c291130dde80d4ee19bfdd578597b93292c1e4f2eae1274aeb7f66d1ae54f858d53392c43735415a2dd6d4318ae10c5a6eac77cdc0be0b17f83556bad

  • SSDEEP

    12288:Nb4bZudi79Lt6hjs9iyavGKdWr9VskZ6JA:Nb4bcdkLEcYhEr9O4

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-09_118511624f49e1385c5f20d3220b5e29_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-09_118511624f49e1385c5f20d3220b5e29_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3056
    • C:\Users\Admin\AppData\Local\Temp\4D64.tmp
      "C:\Users\Admin\AppData\Local\Temp\4D64.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-09_118511624f49e1385c5f20d3220b5e29_mafia.exe 2433A3F1B159658EBDC514B37AE2DC3CF1CBD90A15C7985E6FCBFF9AFC2B4892A18694C1C08F301153C2560ED3EBB9D9D79198FD8D1897574DA7E34A88AC535A
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4D64.tmp
    Filesize

    156KB

    MD5

    124750a60e7dd66fa95a7fe6e3d432b4

    SHA1

    756a3bd7ab08b030053b7ee16805baf1750e74f9

    SHA256

    fc7db81b5dd909ce7a23713f36fdf016579e55aae1f543eac5309f548ea4b213

    SHA512

    686ad9cd20834f2e9fe1d03e2de707a5e0d89ba99a5dd100b0dcd0d1ea03d8b39f97b1508d3fa14c6337b17329d97baaeaa7f181327b5fedb15896d6f666bef7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\4D64.tmp
    Filesize

    48KB

    MD5

    6a8108c5c78d27e4ea64a6381f293f47

    SHA1

    785b40dae981e42696e6e620db97ab3daf26de1c

    SHA256

    ab146abb413f0cb566bf0b806df620ec96893cf99cbae24161508731d00a6941

    SHA512

    50ae24d1af14535d747645fcc911e32b195870f52be5af832e76542c6a2df8c69ed0a3052948f32ff6b1a2a6182f2e791bad4a5be97ae58b3851be546303475b

    Download Submit