Overview

overview

7

Static

static

3

2024-03-28...ia.exe

windows7-x64

7

2024-03-28...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    139s
  • max time network
    162s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-03-2024 22:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-28_63d651f99fe0af7f6d15f6506bd1279a_mafia.exe

  • Size

    412KB

  • MD5

    63d651f99fe0af7f6d15f6506bd1279a

  • SHA1

    02ab3021fc63754b6c6d331eab4968e6846381a0

  • SHA256

    4c8d4579fcbba1431a8178905f56ec72aae1bc1d76241c12caee2775dca19b78

  • SHA512

    da8fd0c5466a4a6405bf7ec634ad6f1831e963d26df64485bde66f8ec2aea459ec83660018ef696523341462aa02c25dc6a308bb2c49a2a244ab79ea8b110dac

  • SSDEEP

    6144:UooTAQjKG3wDGAeIc9kphIoDZnia0jJ6/iqVe+Cs8rmakqcdoP:U6PCrIc9kph50jJIVsstc

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-28_63d651f99fe0af7f6d15f6506bd1279a_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-28_63d651f99fe0af7f6d15f6506bd1279a_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4448
    • C:\Users\Admin\AppData\Local\Temp\896.tmp
      "C:\Users\Admin\AppData\Local\Temp\896.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-03-28_63d651f99fe0af7f6d15f6506bd1279a_mafia.exe C92EE52F710AFD5373D0470B5ABE738468F5BD89CAC51047FA636DF0DC56666AE4DEC644754EE35915E7BBCADB323FABAE2F8EE49C03FAD3619FA0E8CE48D40F
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3788
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1328 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:636

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\896.tmp
      Filesize

      412KB

      MD5

      fcd441d6b78dbea9542f3da9d8c60f2f

      SHA1

      ec55ecb24f7b71d84d932a01d8b46b1f01d8ace6

      SHA256

      0d0b2ee135ad99fef1e8e58bcaf9b54b7b71c4fcaaa91566ae1458d68b055225

      SHA512

      05e6d3e36c9675930720c34a6239677d375192622dd2ff593f6d79b0bd7a95eb4a2289b254c6f06d34a9ed87e68e9a6683c3034b7b754b74763cc9dd9ec999cf

      Download Submit