Overview

overview

7

Static

static

3

2024-03-27...ia.exe

windows7-x64

7

2024-03-27...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    27/03/2024, 23:35

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-27_ff03ebe347843966044e5a9876033387_mafia.exe

  • Size

    436KB

  • MD5

    ff03ebe347843966044e5a9876033387

  • SHA1

    d555ea98dec3efe4d93b778ef766381c643cf7f9

  • SHA256

    dd18a7ecf879041e614492267a6a5b9ad1f2ddc8d642c128763f3dc24efd99a5

  • SHA512

    5b3ed0f49f24ce876a80f3b96c371103b2fb2a165ae6467d3589ad981ad85edea95bd06205343395cc735bf0c657e8a68bee0b4783dde95d9f822a4f7ddfa5c6

  • SSDEEP

    12288:aO4GfBtL8HPQQYkNuibEG0uVQ/ZKa+j0x5Z:aO4GZtGP9PNlAruK/ZKae2j

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-27_ff03ebe347843966044e5a9876033387_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-27_ff03ebe347843966044e5a9876033387_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2792
    • C:\Users\Admin\AppData\Local\Temp\258A.tmp
      "C:\Users\Admin\AppData\Local\Temp\258A.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-27_ff03ebe347843966044e5a9876033387_mafia.exe 32C9629D01E90E9924459ABB6D389BC309F90798AE0A7D35CCDB6DBAA44885322C7664214A707BAEB6096DADA567A5F3A2AE96D119CB93F97703A62CBA6DC5E8
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2584

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\258A.tmp
          Filesize

          413KB

          MD5

          dca987010a6b7a4067630e97d0d95c08

          SHA1

          d6986a277165d5b103bb9b3fbb595594a35d7f82

          SHA256

          b27c61a4fcebe49b821213f6be2783d0757b28fc278dd0fd21e6e4e0a5d84e64

          SHA512

          30106cb6c1dbe76a01b073e42bc4dbb51bdf10be9057749db05b9655114de2bd1c669f7e732e4ce3e4b0c20b2ad58e1bb25350976b0b172a6b1e9b87b6544c33

          Download Submit

        • \Users\Admin\AppData\Local\Temp\258A.tmp
          Filesize

          436KB

          MD5

          fe9253c38e36f3661c5d87357f66b2a8

          SHA1

          237c1923c4f88cc657326d8ce4ef2f9656cb8879

          SHA256

          467d15f2e568e82a3b4fd5ef59f3be10655d3917fa915f7f0ff9acdd6804aaa6

          SHA512

          0b26c634c3b9d11c33523bd4f51fc5767e397636662c8a86274757e7535ef8ff92b15845256f663f9775c7d40bdc44a9c1877d78bc752aed6658fc34c0a591f4

          Download Submit

        • memory/2584-7-0x0000000000400000-0x0000000000476000-memory.dmp

          Filesize

          472KB

          Download

        • memory/2584-8-0x0000000000400000-0x0000000000476000-memory.dmp

          Filesize

          472KB

          Download

        • memory/2792-0-0x0000000000400000-0x0000000000476000-memory.dmp

          Filesize

          472KB

          Download

        • memory/2792-6-0x0000000000400000-0x0000000000476000-memory.dmp

          Filesize

          472KB

          Download