Overview

overview

7

Static

static

3

2024-04-08...ia.exe

windows7-x64

7

2024-04-08...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09/04/2024, 15:13

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-08_10f8df4a5f69672f49202f02d5906057_mafia.exe

  • Size

    448KB

  • MD5

    10f8df4a5f69672f49202f02d5906057

  • SHA1

    c950c738057677a9b63c10b015071eace373df2d

  • SHA256

    09b4ae32719537900dd9b797918e218cc750b2ed64dbe162bbaa796b3a0bd855

  • SHA512

    0d16854a43cd362555d10c4ea517b987d833d80f5fdc4d3699ba7689a485aa30818d894a5c2140d3e997512d3ed18ed61350e3a816ec85fd7b3fd82f3c094d06

  • SSDEEP

    6144:3FrJxvldL4c5ONK1tgRbd1s79+iSteUujk6gGVE4V5kMbGvGaCaT2JPq77g1YdVA:lb4bBxdi79LeGV151biqw778Ik4hX6A4

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-08_10f8df4a5f69672f49202f02d5906057_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-08_10f8df4a5f69672f49202f02d5906057_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2844
    • C:\Users\Admin\AppData\Local\Temp\5A9E.tmp
      "C:\Users\Admin\AppData\Local\Temp\5A9E.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-04-08_10f8df4a5f69672f49202f02d5906057_mafia.exe 7A3DB0E38470E678C1FEA1B5B13B6BF27EA4F4FCB61B5272C2DB328869A11665D5FE7D7CD8193F82C0D3E71428A8A2EAA4B6255B64E81C5D302D8F3D9D35C84D
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2916

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\5A9E.tmp
          Filesize

          448KB

          MD5

          0b201a1bb2d02665127f35e2956aacf5

          SHA1

          178e486aae989daf41409c6c5c0e3a934d62d1f9

          SHA256

          b259c21561d61c16381ec4277cd42ed9c5a5f8b87e9588c9168b6f46f0ba069c

          SHA512

          f210d57696ebb06ddf11881dec3c7adfb217449769d2b6ed7990f8a3b2adc49bcecd2e5b346260b75bcf5f40cc84a3750a618300b17defd2a747bcda75d5c0af

          Download Submit

        • memory/2844-0-0x0000000000C40000-0x0000000000CB9000-memory.dmp

          Filesize

          484KB

          Download

        • memory/2844-5-0x0000000000C40000-0x0000000000CB9000-memory.dmp

          Filesize

          484KB

          Download

        • memory/2916-7-0x0000000000E30000-0x0000000000EA9000-memory.dmp

          Filesize

          484KB

          Download

        • memory/2916-8-0x0000000000E30000-0x0000000000EA9000-memory.dmp

          Filesize

          484KB

          Download