Overview

overview

7

Static

static

3

2024-04-10...ia.exe

windows7-x64

7

2024-04-10...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10/04/2024, 19:38

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-10_cf3a3c4159c0eed2a6f2066f8bdbbba5_mafia.exe

  • Size

    448KB

  • MD5

    cf3a3c4159c0eed2a6f2066f8bdbbba5

  • SHA1

    2bbe8c3865b386d59c7cf0ca931ace48c120a7a7

  • SHA256

    d9f9de8351c5975390d2bd394c7e11942d381dceace9a54fdb87cd46f2539d56

  • SHA512

    68e86bc619b32547e4a0038bf8eb6b3486a37f88d894138f55f13dfa3b8a4c143cfa9ec86a4e6ace9cb6433df79f65e63e9df833482c1a6ebd468690940a4001

  • SSDEEP

    12288:lb4bBxdi79LVxFRf22MxQglBO+4/kljGOo:lb4b7dkLVxH+jQtGdGOo

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-10_cf3a3c4159c0eed2a6f2066f8bdbbba5_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-10_cf3a3c4159c0eed2a6f2066f8bdbbba5_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2148
    • C:\Users\Admin\AppData\Local\Temp\6AD4.tmp
      "C:\Users\Admin\AppData\Local\Temp\6AD4.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-04-10_cf3a3c4159c0eed2a6f2066f8bdbbba5_mafia.exe 29D2589F65701598390744F381E7440119961CE875434998781DD5077AA97D0FB0FAFC73EFAC6580B101FE88F6313C4683A572188E4FD87352E2FFFC27DE30A9
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\6AD4.tmp
    Filesize

    448KB

    MD5

    a48cce88141d71a05d7fd6c8f522a18d

    SHA1

    177306a1bed8340deaee66e295286922f78aad2b

    SHA256

    98cc42ba8e77759a653a61fc0bbedfb56aad274ab00118e2ac7cf517f998720d

    SHA512

    3d6c4a3dae847c4274f5d3d31a360725d30780abdbb61eeb9a07607be5a81535d65df3781c195c9215744728098537c9333512c786796e018108cd6a52f23967

    Download Submit

  • memory/1824-7-0x0000000000400000-0x0000000000479000-memory.dmp

    Filesize

    484KB

    Download

  • memory/1824-9-0x0000000000400000-0x0000000000479000-memory.dmp

    Filesize

    484KB

    Download

  • memory/2148-1-0x0000000000400000-0x0000000000479000-memory.dmp

    Filesize

    484KB

    Download

  • memory/2148-5-0x0000000000400000-0x0000000000479000-memory.dmp

    Filesize

    484KB

    Download

  • memory/2148-8-0x0000000000350000-0x00000000003C9000-memory.dmp

    Filesize

    484KB

    Download