Overview

overview

7

Static

static

3

2024-03-15...ia.exe

windows7-x64

7

2024-03-15...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/03/2024, 19:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-15_1af0fe4c245054e64e1b07a50b645c92_mafia.exe

  • Size

    486KB

  • MD5

    1af0fe4c245054e64e1b07a50b645c92

  • SHA1

    9804a9b0d4ba62c2866fd196711c3bb057686697

  • SHA256

    7a435c6b13f6a29403b5446709bb8b399b0fbb5290fcf61e1e44b8e275c200cd

  • SHA512

    7001b265b492054623fa58161e4319de7395b86b8f3130d9fdeed57f37aa22486523fb86cdb515008bfd48b1b11d5df49f8119ded4dc9df00ab55a3f0cc3c02e

  • SSDEEP

    12288:3O4rfItL8HP1OXrcQNn46/4uh6beNaccxETB7rKxUYXhW:3O4rQtGP1O7jNVh0eNaJxEt3KxUYXhW

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-15_1af0fe4c245054e64e1b07a50b645c92_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-15_1af0fe4c245054e64e1b07a50b645c92_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1528
    • C:\Users\Admin\AppData\Local\Temp\8C5.tmp
      "C:\Users\Admin\AppData\Local\Temp\8C5.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-15_1af0fe4c245054e64e1b07a50b645c92_mafia.exe ADE18D5C1CB1EE38390612D4C1A59AFA6B479E5E206B8D3AA18EC709BBF2B0B1FA1EE1A353D0391FC0402C4837AFB92FE99D32927318A3851D309F3DBC212175
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:912
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4048 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:1940

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\8C5.tmp
      Filesize

      486KB

      MD5

      af5c27f6c086ba6b6d08af4bb59073b4

      SHA1

      d53e8c121fc1c8317881dd2b98abc565570dda51

      SHA256

      f02f01d38a9eeb7b4ae6d7b58a0778cf6aa1584adc5de3319433cf68da34ad2c

      SHA512

      79d8ee06741aca79905337f8b0c6d22c127d2584bf9fa95a1bea1895afc87bcea98da329a6fa513d7db7c8965df78be5436908e91c3ce9f454f8cf2d78edcfc2

      Download Submit