Overview

overview

7

Static

static

3

2024-04-05...ia.exe

windows7-x64

7

2024-04-05...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-04-2024 16:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-05_341f7a50b2460e939af91ac9f7a3aa20_mafia.exe

  • Size

    436KB

  • MD5

    341f7a50b2460e939af91ac9f7a3aa20

  • SHA1

    0a3368cd3dcbeb357f9242b463330bad30744179

  • SHA256

    3add790fe34e14ded4618a38ca9827adadac6cb0b6d158acd702a7d05094b359

  • SHA512

    9951759e1f53be54a0a814ef7fe4494c6640c70495a7b06ed68e26fd576749eb285d605480ab3f584fc0ebe5f83dd73203b139bcdb777cb28d7171c6cb2b6aec

  • SSDEEP

    6144:a9EyS4oaxTkjxcW1Htg88HP7IIGy3eoOCO2UftNie/cb1S23vecynUhFhLhE7:aO4GfBtL8HPjPnRePiScN7ynUH7E7

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-05_341f7a50b2460e939af91ac9f7a3aa20_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-05_341f7a50b2460e939af91ac9f7a3aa20_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3712
    • C:\Users\Admin\AppData\Local\Temp\65AF.tmp
      "C:\Users\Admin\AppData\Local\Temp\65AF.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-04-05_341f7a50b2460e939af91ac9f7a3aa20_mafia.exe 3ABAD5483410F3173C5C039129D291AD41C1F48FC5E1294D17FF12EB50A16ACCCEB23EAE76E7CC185339B953D628FE58D8980284EDB0BDA0C364995B3C695223
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\65AF.tmp
    Filesize

    436KB

    MD5

    bd55f1698c6ebbbbd5e5c9678bb4604b

    SHA1

    62939afde9f3d0cfd7faeaec97a96f1b242eda3e

    SHA256

    ff2bf0d7de605704a2d0420a1d20989ca0ddc9ceaf6f94ac384897b8c558100b

    SHA512

    884b6b0de084fad19e9f31868bc52994d8c5656fcffd32611315df311eabbb388e0f7970e39d131e335481eac708164020de854f4f8567d2ace8ea4ae51c1587

    Download Submit

  • memory/2368-4-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB

    Download

  • memory/2368-7-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB

    Download

  • memory/3712-0-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB

    Download

  • memory/3712-6-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB

    Download