Overview

overview

7

Static

static

3

2024-04-08...ia.exe

windows7-x64

7

2024-04-08...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/04/2024, 15:13

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-08_10f8df4a5f69672f49202f02d5906057_mafia.exe

  • Size

    448KB

  • MD5

    10f8df4a5f69672f49202f02d5906057

  • SHA1

    c950c738057677a9b63c10b015071eace373df2d

  • SHA256

    09b4ae32719537900dd9b797918e218cc750b2ed64dbe162bbaa796b3a0bd855

  • SHA512

    0d16854a43cd362555d10c4ea517b987d833d80f5fdc4d3699ba7689a485aa30818d894a5c2140d3e997512d3ed18ed61350e3a816ec85fd7b3fd82f3c094d06

  • SSDEEP

    6144:3FrJxvldL4c5ONK1tgRbd1s79+iSteUujk6gGVE4V5kMbGvGaCaT2JPq77g1YdVA:lb4bBxdi79LeGV151biqw778Ik4hX6A4

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-08_10f8df4a5f69672f49202f02d5906057_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-08_10f8df4a5f69672f49202f02d5906057_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4556
    • C:\Users\Admin\AppData\Local\Temp\3F7A.tmp
      "C:\Users\Admin\AppData\Local\Temp\3F7A.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-04-08_10f8df4a5f69672f49202f02d5906057_mafia.exe C2E23E3B106072D221BBCFD4DB34E73D7696F9307129E23F33644814101F9D004704726F8F106CE049B14D517C7E854ED3FC9E31896E5E1924A08E53950D600F
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3492

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\3F7A.tmp
          Filesize

          448KB

          MD5

          33d5706f34195352c58cc4e8493f9671

          SHA1

          ef40cb4ad0ac1ce95ad32481b5a12d82f151f868

          SHA256

          fbe64b8d71e2b1d093766144b710ce1f9d79bfd26123f8480debd96982610ace

          SHA512

          0cdbd7499994da4e3e9bfd0535173914b52e9971896cd18c507b14be65de1cc93205de8601a8a45c087e4f9992d16330c76ff1cecaf53dddf975ef6e3e80a877

          Download Submit

        • memory/3492-6-0x0000000000B30000-0x0000000000BA9000-memory.dmp

          Filesize

          484KB

          Download

        • memory/3492-7-0x0000000000B30000-0x0000000000BA9000-memory.dmp

          Filesize

          484KB

          Download

        • memory/4556-0-0x0000000000D60000-0x0000000000DD9000-memory.dmp

          Filesize

          484KB

          Download

        • memory/4556-4-0x0000000000D60000-0x0000000000DD9000-memory.dmp

          Filesize

          484KB

          Download