Overview

overview

7

Static

static

3

2024-03-27...ia.exe

windows7-x64

7

2024-03-27...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/03/2024, 14:28

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-27_39e73d7699137e048f03f7733eeb4920_mafia.exe

  • Size

    428KB

  • MD5

    39e73d7699137e048f03f7733eeb4920

  • SHA1

    2f22fedbbb9eefef7a4424b116fc6de38f6bd30a

  • SHA256

    396a7bb6c502d9aa58bdfe285dd64668b69c27e0b9b70daa0e15914d22021656

  • SHA512

    b3f2a456da71552e1526cf304e94021f05a00fc3118c9c5a6dd3e7f72a680df7e4d31bf0fc7e97116a8a5f554ffaf7b0368c269b44f952a6bd3e8c1709a338db

  • SSDEEP

    12288:Z594+AcL4tBekiuKzErOGs601tXI8ich3DzTDE29tSuQhGbl:BL4tBekiuVrOGs64piizz585Gb

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-27_39e73d7699137e048f03f7733eeb4920_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-27_39e73d7699137e048f03f7733eeb4920_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2324
    • C:\Users\Admin\AppData\Local\Temp\D0BD.tmp
      "C:\Users\Admin\AppData\Local\Temp\D0BD.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-27_39e73d7699137e048f03f7733eeb4920_mafia.exe F69F5ED19341181FFBD4696F4835D126E00BCAE6FAFFE694DF69EB79BEFEDCBFD89ACF1D7C62B4A4276268D24C51AD6E1BC99C14BAD5B9E496C72574D8E19787
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:4084
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4100 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:656

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\D0BD.tmp
            Filesize

            65KB

            MD5

            1b2f2e50b11e5f2b925765a688c4e79e

            SHA1

            47d042f222a249553ee3ef91acd7be5d8d511a2c

            SHA256

            6a9c7ebaa1870a048ee14c785147b7c68ccdfcef9e8f8ee6de1764d6ba86cedc

            SHA512

            1424d9077db20bae97d26b25b79cc5fda718bca1ef984851f30952d103d1d32c15e3bb154e2bbc0a7d8e5abe8760a32cedf39c2200e50e3a6bf1e56f25c2a35f

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\D0BD.tmp
            Filesize

            428KB

            MD5

            20af4f4f1a565871ee2b49bd32adf66c

            SHA1

            ea9b0ab7dca377f301d60f53d98e837b5a1b54cc

            SHA256

            176fe0f7b248c7752f6e2c24198d4bda2a2078604d2c3ab14aac6550f97aadf6

            SHA512

            a26880ab633609b8840032c0f8ed19d3651d1732f77acd3a52dee919d0b139a2594dd31bd7c4422420a02f2da419010dfe9fcf54989fa4e72a369d611e896b8c

            Download Submit