Overview

overview

7

Static

static

3

2024-03-27...ia.exe

windows7-x64

7

2024-03-27...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    27/03/2024, 15:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-27_d7538a2f2920fc66ced3fe69ad8faae8_mafia.exe

  • Size

    436KB

  • MD5

    d7538a2f2920fc66ced3fe69ad8faae8

  • SHA1

    a9ec4229394d411219374535be3cf3f4373720c2

  • SHA256

    25d2aa7f61c58a81095724a18d85ae4a718b2cfb5b976c444796bbaa03c85fa8

  • SHA512

    322f9448c1e12a2afb84e7b5c22c6868e6a3bc5e87555e835ab5bd2eb0e417258816117fc4cb50ea693299582c1c63bf449727470298d948ea158a77567f11b2

  • SSDEEP

    12288:aO4GfBtL8HPQ9Uw3BQMwTukzCb01sA7sV:aO4GZtGPXweRaPb01V7c

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-27_d7538a2f2920fc66ced3fe69ad8faae8_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-27_d7538a2f2920fc66ced3fe69ad8faae8_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2768
    • C:\Users\Admin\AppData\Local\Temp\1BCA.tmp
      "C:\Users\Admin\AppData\Local\Temp\1BCA.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-27_d7538a2f2920fc66ced3fe69ad8faae8_mafia.exe 042E1E9809BBB6526B59415FC3E210AD2F703A14EF6659FB658666CD3CEA2B223B2C9E843123DB79253D5C984C56E0A2DBB2995A7666A8080B6F2219193D4636
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\1BCA.tmp
    Filesize

    436KB

    MD5

    b763e828c37a72ad54c6b4a36679d3c9

    SHA1

    52cf14eaa5e331a1803be25e35e02a359fad3b8a

    SHA256

    1d0983a9212fe4d83ec258950e3eb6bb9058fc5ac6d540003634fecba22fcded

    SHA512

    38735e2da37705c32b846dc729e6d23af3fba700bee4dfb5248ba80befaec1a20eeafb740d3950618ff11ce36d598f39b0d0df44f086867a9518c912d4c5208c

    Download Submit

  • memory/2088-7-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB

    Download

  • memory/2088-8-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB

    Download

  • memory/2768-0-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB

    Download

  • memory/2768-5-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB

    Download