Overview

overview

7

Static

static

3

2024-03-28...ia.exe

windows7-x64

7

2024-03-28...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    28/03/2024, 23:28

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-28_6964d28d1afb337fe0f67c70fc1a9b4a_mafia.exe

  • Size

    422KB

  • MD5

    6964d28d1afb337fe0f67c70fc1a9b4a

  • SHA1

    938eb760273498c6a43c107c5742f6d8edb181d5

  • SHA256

    1d391dfc3740fad8a513ad295855c45d5e251e9fffc7b6da2c822968c695d48e

  • SHA512

    bff1e86768b0d2ea4e1cb3ad63a0e1003eee643c104bd256aa8b0b3dd90dd8945f2bd6014d8db6a0a21dd8689e3a4156901be91ea521ee2859837c7bc36d60e1

  • SSDEEP

    12288:q44B8ekieZgUB8kq7yaNAkfBo6SCeUzEzylO:q44B8ekieHB8/3MCeUzEeO

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-28_6964d28d1afb337fe0f67c70fc1a9b4a_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-28_6964d28d1afb337fe0f67c70fc1a9b4a_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:3044
    • C:\Users\Admin\AppData\Local\Temp\5BB.tmp
      "C:\Users\Admin\AppData\Local\Temp\5BB.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-28_6964d28d1afb337fe0f67c70fc1a9b4a_mafia.exe D0F6F15A52ED6ABF6B47EF48AAB5D5E1422C10E363536795F0F4607A35731C52F8D92B5070FCFAF5063F86C81F51BABC0AF6DC8AC6F332280FF2DDD0BFC7B3A5
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2932

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\5BB.tmp
          Filesize

          422KB

          MD5

          ba8d8b83244216f715a16d2217f25901

          SHA1

          0582807046594b504107609ac975cb8bfa3fe99c

          SHA256

          f91d89674c19e1092659691bcca32f9ae45884a6723ae9af2dba2686f7cf4c9c

          SHA512

          37dfea89026f3cea402382a172884ac2ecee246204ccf33248f2c035d0347a94ae7aa4b4386040ceeafacdd1a29d33bb7b06d503e57e00c6e78e469e6e61f3f5

          Download Submit

        • memory/2932-7-0x0000000000400000-0x0000000000473000-memory.dmp

          Filesize

          460KB

          Download

        • memory/2932-8-0x0000000000400000-0x0000000000473000-memory.dmp

          Filesize

          460KB

          Download

        • memory/3044-0-0x0000000000400000-0x0000000000473000-memory.dmp

          Filesize

          460KB

          Download

        • memory/3044-6-0x0000000000400000-0x0000000000473000-memory.dmp

          Filesize

          460KB

          Download