Overview

overview

7

Static

static

3

2024-03-16...ia.exe

windows7-x64

7

2024-03-16...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16/03/2024, 04:04

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-16_0277ef76bde66cbe9e82c17f7fc65b0b_mafia.exe

  • Size

    428KB

  • MD5

    0277ef76bde66cbe9e82c17f7fc65b0b

  • SHA1

    4768f51fec7f338ada4dbb8bafc57a8a0d7c5ffd

  • SHA256

    0e5c45f70f93df07494d1e6ad56a1b587c18c1f6e136fc7678305f1d8ecd9e90

  • SHA512

    57a99488850ec06dfd70ea54ca2ee674ab0e6232172d2d8f8da3ce16f20dca27301cd2979673c113a6cfb5eb4cdfaecb2a2f2bb0e9d2c4129f47402c52539fc3

  • SSDEEP

    6144:gVdvczEb7GUOpYWhNVynE/mFeVefItXMETvfKroHIvo3B8Mw+af/E/XPyqHR:gZLolhNVyEjAIeUvAQR8Mw+JXyqHR

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-16_0277ef76bde66cbe9e82c17f7fc65b0b_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-16_0277ef76bde66cbe9e82c17f7fc65b0b_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2044
    • C:\Users\Admin\AppData\Local\Temp\2F5A.tmp
      "C:\Users\Admin\AppData\Local\Temp\2F5A.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-03-16_0277ef76bde66cbe9e82c17f7fc65b0b_mafia.exe F90A5D1665513DBEFCDD0FE3ED85E155C3E46F9BEB0E34F52374D9103611B58CC3CF3377AB5038331E18E4D85D5A02148A722458DF6941C7FBCE0AD3437C1310
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2128

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\2F5A.tmp
          Filesize

          280KB

          MD5

          0f104df86a99f48a97cb8448a503de5c

          SHA1

          d1b045bc0f404f695ae625ca4fa6e747c1ad3e40

          SHA256

          bc682582c2b53ef9cf1ca5237912068832e81b98a750178081602c1bf83c5819

          SHA512

          7bb8e13e6aff690f902bab3efd8eaa017b10413d0b930752caaa76618e577a4653e912b8f1b956ae61a2fe2d219d110459a4757514d6959b51bd276c6f900728

          Download Submit

        • \Users\Admin\AppData\Local\Temp\2F5A.tmp
          Filesize

          428KB

          MD5

          9969e11183192f531d67f774fa0adc29

          SHA1

          279bd8f30f48f98b2c88c9d7c7f40cc286a641b8

          SHA256

          d7515eb170f4776fad2499fc9b8d63fa3ac2fd8d0421dfcbe0fae103a573855e

          SHA512

          31a963faf767671ca5031c44ef79c9e6da3f58e00f35f1268aebf0389813487fb7561dc7b87965333cec0d0c4e2f31daa348e3d012d50c4e8f0a07639ea355f8

          Download Submit