Overview

overview

7

Static

static

3

2024-03-27...ia.exe

windows7-x64

7

2024-03-27...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/03/2024, 22:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-27_0a6269d2fe1d164681dd2136ce51b32c_mafia.exe

  • Size

    436KB

  • MD5

    0a6269d2fe1d164681dd2136ce51b32c

  • SHA1

    2a6f80504a3b11ff288e34a06235783e732ba5aa

  • SHA256

    81b591e7f05f6561d1ab2a05e3e1f4833992cab40d5630eeb3d9e930b99e1eab

  • SHA512

    ca51403d0c1914674c820d7a8210d4c66a6c2f3c6ed8907408fddef83d1cfea9a04b76805894d2d254e232899dd302c1eef593d633215edc2bd236a050a8c53d

  • SSDEEP

    6144:a9EyS4oaxTkjxcW1Htg88HP7IxtrRmhh5Zi4TRuivRQCZioNYJTc8DGn6fIlmh/N:aO4GfBtL8HP0pyLJQCg4GTc/6fIlQ/N

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-27_0a6269d2fe1d164681dd2136ce51b32c_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-27_0a6269d2fe1d164681dd2136ce51b32c_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3644
    • C:\Users\Admin\AppData\Local\Temp\3F1C.tmp
      "C:\Users\Admin\AppData\Local\Temp\3F1C.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-27_0a6269d2fe1d164681dd2136ce51b32c_mafia.exe 11D2F7400C98DEA2741CF32A58569580BD9E46F7B5ADC35A5FD29DAA352E59B29C771048D69C57B11B42B0F1887BAB8948C0FA9E9119DDC33FF6185A60683195
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2348

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\3F1C.tmp
    Filesize

    436KB

    MD5

    c177e0b4f1bf372f76f5ac3609c98e3a

    SHA1

    9513d0432296440aa94572d9d8919c7fa5a50009

    SHA256

    3fce2e1608e9a3ef6e726210102e3459f9b6b52c3a1953a1970b43d82f034162

    SHA512

    e576c4bf4c1d5fe0565b79cdf8c94e3c213b5183a058e1deb3dd2b055855f397a9c7effd4dbfc6041641b6f38e56208df2fd24a23d500f0c194f575d75dc2877

    Download Submit

  • memory/2348-6-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB

    Download

  • memory/2348-7-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB

    Download

  • memory/3644-0-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB

    Download

  • memory/3644-5-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB

    Download