Overview

overview

7

Static

static

3

2024-04-16...ia.exe

windows7-x64

7

2024-04-16...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/04/2024, 13:48 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-16_5e180d5327fbafe9059fb3c791fe9a77_mafia.exe

  • Size

    413KB

  • MD5

    5e180d5327fbafe9059fb3c791fe9a77

  • SHA1

    5aea38ac8eb1bf15fb567480f8bca88d9c3f1e68

  • SHA256

    057ae3b998a657ea79e2462f0ad615cc2060634ee2c3e020cc00f07a3a69fc59

  • SHA512

    1d2b68587f31c12f80b19b649c4dc35c3e4d31a9ccd678ec725ed15b14b594db7d175e6e5c42911cae6e2f99c458e87bbcad6179b2f508f2166594f9ca065b24

  • SSDEEP

    6144:gVdvczEb7GUOpYWhNVynE/mFS4y4sckcGykVnXfXpQjI10RzKBdqHg:gZLolhNVyEwyqk5zVXPKk10RMqHg

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-16_5e180d5327fbafe9059fb3c791fe9a77_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-16_5e180d5327fbafe9059fb3c791fe9a77_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1424
    • C:\Users\Admin\AppData\Local\Temp\2BA.tmp
      "C:\Users\Admin\AppData\Local\Temp\2BA.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-04-16_5e180d5327fbafe9059fb3c791fe9a77_mafia.exe 9FCB80AF6A265E8CC65F56D05815A9A0FEDE0EAD1A1AD0B376D738AC33B5E4823B6E2E682AAFA54EC4FE366F5CBBE765306407A5B6181E3F3154B4605820523B
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3852
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1328 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:4336

    Network

    • flag-us
      DNS
      28.118.140.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      28.118.140.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      240.197.17.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      240.197.17.2.in-addr.arpa
      IN PTR
      Response
      240.197.17.2.in-addr.arpa
      IN PTR
      a2-17-197-240deploystaticakamaitechnologiescom
    • flag-us
      DNS
      64.159.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      64.159.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      241.150.49.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      241.150.49.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      241.150.49.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      241.150.49.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      104.219.191.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      104.219.191.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      103.169.127.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      103.169.127.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      206.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      206.23.85.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      24.139.73.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      24.139.73.23.in-addr.arpa
      IN PTR
      Response
      24.139.73.23.in-addr.arpa
      IN PTR
      a23-73-139-24deploystaticakamaitechnologiescom
    • flag-us
      DNS
      0.204.248.87.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      0.204.248.87.in-addr.arpa
      IN PTR
      Response
      0.204.248.87.in-addr.arpa
      IN PTR
      https-87-248-204-0lhrllnwnet
    • flag-us
      DNS
      43.229.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      43.229.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      14.173.189.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      14.173.189.20.in-addr.arpa
      IN PTR
      Response
    • 142.250.200.42:443
      46 B
       40 B
       1
      1
    • 13.107.246.64:443
      46 B
       40 B
       1
      1
    • 8.8.8.8:53
      28.118.140.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      28.118.140.52.in-addr.arpa

    • 8.8.8.8:53
      240.197.17.2.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      240.197.17.2.in-addr.arpa

    • 8.8.8.8:53
      64.159.190.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      64.159.190.20.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      241.150.49.20.in-addr.arpa
      dns
      144 B
       158 B
       2
      1

      DNS Request

      241.150.49.20.in-addr.arpa

      DNS Request

      241.150.49.20.in-addr.arpa

    • 8.8.8.8:53
      104.219.191.52.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      104.219.191.52.in-addr.arpa

    • 8.8.8.8:53
      103.169.127.40.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      103.169.127.40.in-addr.arpa

    • 8.8.8.8:53
      206.23.85.13.in-addr.arpa
      dns
      71 B
       145 B
       1
      1

      DNS Request

      206.23.85.13.in-addr.arpa

    • 8.8.8.8:53
      24.139.73.23.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      24.139.73.23.in-addr.arpa

    • 8.8.8.8:53
      0.204.248.87.in-addr.arpa
      dns
      71 B
       116 B
       1
      1

      DNS Request

      0.204.248.87.in-addr.arpa

    • 8.8.8.8:53
      43.229.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      43.229.111.52.in-addr.arpa

    • 8.8.8.8:53
      14.173.189.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      14.173.189.20.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\2BA.tmp
      Filesize

      413KB

      MD5

      3ea48f13ccf0ac87b7b1ffe2c7d93a3e

      SHA1

      9bf897784e3e874add21e1327dd7814e658eccee

      SHA256

      ec6ae53fb18613b8f1b7c19a4abb6324e05c7d77a1ba4345ed23d7475e2ebb3e

      SHA512

      fbab1caa1d357755266bb04577783cd1c57c39cc753bf527ce6ba1dbd22f4ae27f8f86071dc6ec5eaf579d3b3bf0ecff2f9b06cd75dc5e90a166ba8f84a47743

      Download Submit

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.