Overview

overview

7

Static

static

3

2024-03-28...ia.exe

windows7-x64

7

2024-03-28...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    28-03-2024 23:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-28_7630a707f477c6df54c359147a8b48c4_mafia.exe

  • Size

    448KB

  • MD5

    7630a707f477c6df54c359147a8b48c4

  • SHA1

    704fe50af68d59d7c0478ba25ad671bcdf39d5be

  • SHA256

    f71323c8d2d9963760dbbd4eb11019910945418f86ce9ce402330b880ae1b0cb

  • SHA512

    bfde5415e810b452134c24cf7363ddd9ccefe06ce2156968bb3e3dc504e96e51f432c6626c7828ac6dd2ef9bc1ea22dc4933bd5dc127840e2ea0508d403d6786

  • SSDEEP

    6144:3FrJxvldL4c5ONK1tgRbd1s79+i5+MtqYAhIznPhgIEBfCOKmfW1F6RRgzAJn4cq:lb4bBxdi79LKxhI7Pd4qdn6Rm8Ns

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-28_7630a707f477c6df54c359147a8b48c4_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-28_7630a707f477c6df54c359147a8b48c4_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2192
    • C:\Users\Admin\AppData\Local\Temp\11BC.tmp
      "C:\Users\Admin\AppData\Local\Temp\11BC.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-03-28_7630a707f477c6df54c359147a8b48c4_mafia.exe F94D3CF6349D10F9A77CA28DE5D751D3A034FD38AEEBBC9885BDAE1676B190F1D87A6FDDAA26D76E151AAD1782E601BB3842D3FCFCF36E658EB8342BD0B1C793
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\11BC.tmp
    Filesize

    448KB

    MD5

    dd2e93919d5e85e5bd7fb77894514747

    SHA1

    3ad0410f9e61f6471e927a4b173b826536709a86

    SHA256

    9033c8e7cd34580249ad981985c11d75dde521d4cbd8984ebfb0a1a2e3cdb4cf

    SHA512

    5c5607a15ec1ad4538557d295b75839965b46a19050e94aabc5b98039ff17814b9231b57125d8f84e6345001a583e4d601a57938bba224c7bd77e209ec3492e3

    Download Submit

  • memory/760-8-0x0000000000400000-0x0000000000479000-memory.dmp

    Filesize

    484KB

    Download

  • memory/760-9-0x0000000000400000-0x0000000000479000-memory.dmp

    Filesize

    484KB

    Download

  • memory/2192-0-0x0000000000400000-0x0000000000479000-memory.dmp

    Filesize

    484KB

    Download

  • memory/2192-6-0x0000000000400000-0x0000000000479000-memory.dmp

    Filesize

    484KB

    Download

  • memory/2192-5-0x00000000004F0000-0x0000000000569000-memory.dmp

    Filesize

    484KB

    Download