Overview

overview

7

Static

static

3

2024-04-08...ia.exe

windows7-x64

7

2024-04-08...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    09-04-2024 15:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-08_1c7e5df695d650a80853ce7d5ead15f0_mafia.exe

  • Size

    460KB

  • MD5

    1c7e5df695d650a80853ce7d5ead15f0

  • SHA1

    1f04c33b8bded7a8095e0bd12db338f3ed30738a

  • SHA256

    2b15179dbf9404a2effb18ce5e870e562dbf6b6ca65dc770b848d262537e4b9d

  • SHA512

    725fcf6cfc0a5cffd8c2a244e2e0bb936690ae5f4e00b186694ebfdd68114b58e897cf1cd1b7a24d3c57ff2cf4e2f59a32e430effc569e2833f617d042a86278

  • SSDEEP

    6144:0A4psmawWIrFUJe5X8bbU5gkn4+AN2aZ2jACylereGJurBHd07Q7ZK3sHZ:0oJe5X8b4FkYwlereGJurBHtH5

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 9 IoCs
    adwarespyware
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-08_1c7e5df695d650a80853ce7d5ead15f0_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-08_1c7e5df695d650a80853ce7d5ead15f0_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1600
    • C:\Users\Admin\AppData\Local\Temp\1268.tmp
      "C:\Users\Admin\AppData\Local\Temp\1268.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-04-08_1c7e5df695d650a80853ce7d5ead15f0_mafia.exe 29F143626DE55C148CE46E78074E43E7564BE117E9B78B55968B3764ED447D30FDBF86E33B2E96FB8538557C583C632D7B58CA45D006E909897E281595D8DAAC
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: RenamesItself
      • Suspicious use of WriteProcessMemory
      PID:1704
      • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
        "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\2024-04-08_1c7e5df695d650a80853ce7d5ead15f0_mafia.docx"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious use of SetWindowsHookEx
        PID:2924

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\2024-04-08_1c7e5df695d650a80853ce7d5ead15f0_mafia.docx
    Filesize

    21KB

    MD5

    7079891932a64f097abafd233055a1e9

    SHA1

    246d95feafe67689d49a5a4cadba18d3ac1914e5

    SHA256

    c97189b50e5e92be09966d4732b6d61a2e435b2935d60c09989e555ae442e7a1

    SHA512

    6e9ee6427d7cc2474dc634b088cf3f35d06dfb734d2b63fbbc794f4083b4b5754379daff4804bf5024b1b430aa5e50fa6d839d3473ceeed3043d373c85e9862a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\1268.tmp
    Filesize

    460KB

    MD5

    d6390e192a93935029c99ae12765d99a

    SHA1

    700175be778d64e0196e1f636556d3ee0f67963b

    SHA256

    fd83c5bdd6eb9460028fc8700ef3b8288133d44e9edbbcb7ba520797594df9a4

    SHA512

    14aad2a7ba7933fc7b0970f66f63456197f95e2f56f3257513dc8b5d90aa84d429874df5b82fe98045a51f3b1c3f5505ee5817a119478d2d927f22b4a5f256b3

    Download Submit

  • memory/2924-7-0x000000002FB91000-0x000000002FB92000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2924-8-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2924-9-0x000000007142D000-0x0000000071438000-memory.dmp

    Filesize

    44KB

    Download