Overview

overview

7

Static

static

3

2024-04-09...ia.exe

windows7-x64

7

2024-04-09...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09-04-2024 16:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-09_8bb524f9438d47e7fd9f45bbd0e87f02_mafia.exe

  • Size

    448KB

  • MD5

    8bb524f9438d47e7fd9f45bbd0e87f02

  • SHA1

    81d9ff6de11954ccebb73060a21507b147cd2040

  • SHA256

    5ee31ca05e9df8aaa5a69abf8ca9ac3f8fe3c1165fc5c874aef5b8b0e63fcf81

  • SHA512

    fd41347b39828ade5903a51757f4cfcdcf1dab0d8852196c67e60ff1603eb96adf1aab820372bd5b1a60b0d2279b672a1e18d3aa89b51ee7ba2f7b681eb3ccec

  • SSDEEP

    12288:lb4bBxdi79LLROno0jknyLMUhNmFMzpJMp+A4:lb4b7dkLLROnJuyLMUOFIkpI

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-09_8bb524f9438d47e7fd9f45bbd0e87f02_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-09_8bb524f9438d47e7fd9f45bbd0e87f02_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1760
    • C:\Users\Admin\AppData\Local\Temp\7D6A.tmp
      "C:\Users\Admin\AppData\Local\Temp\7D6A.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-04-09_8bb524f9438d47e7fd9f45bbd0e87f02_mafia.exe E04CDD7D599B192A66A3B96292D03DDD00FCD56C7B0F0FA0DA10FB9761A16618CB7437DBD99269FF9501886C1630E742309FA5F76363677AF222A014390850CA
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\7D6A.tmp
    Filesize

    448KB

    MD5

    0ff3704b33c557338923abd517030bf7

    SHA1

    8b1fdc221ccfbf595939d56ff5247114d5515fb1

    SHA256

    9710955c12afb97be147bbc8e0b9f0afd279fc7e4e872988068ed2ccc9a3f1bd

    SHA512

    0303d4d911d8c0d10e28f77a835ff93553e8131a3af057237a2817eb5117e8b895224807ae2b93127e7cac8dfe85c6bf69d31f8b6fa97ea1f9cd0e38781612c2

    Download Submit

  • memory/1668-8-0x0000000001030000-0x00000000010A9000-memory.dmp

    Filesize

    484KB

    Download

  • memory/1668-9-0x0000000001030000-0x00000000010A9000-memory.dmp

    Filesize

    484KB

    Download

  • memory/1760-0-0x0000000000A80000-0x0000000000AF9000-memory.dmp

    Filesize

    484KB

    Download

  • memory/1760-5-0x0000000000A80000-0x0000000000AF9000-memory.dmp

    Filesize

    484KB

    Download

  • memory/1760-6-0x00000000004A0000-0x0000000000519000-memory.dmp

    Filesize

    484KB

    Download