Overview

overview

7

Static

static

3

2024-04-21...ia.exe

windows7-x64

7

2024-04-21...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-04-2024 05:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-21_aceb00042aef1466dfcf9f98e9abd044_mafia.exe

  • Size

    441KB

  • MD5

    aceb00042aef1466dfcf9f98e9abd044

  • SHA1

    70025f41f7e02bc25d1f09e1b79e152301fa16cb

  • SHA256

    7ca8a5f1e6a7f5c4659b96f8af845abeb8c0d80e7beb57aad09961ca3aba0286

  • SHA512

    f1f906e74ec08907e194b4c44043401c5662b964489a177612c9b84dbbf0dccbb25ebf89c70caa992fe4802d23e79388823219ec38970bf92bc9bd8ac8c97bf3

  • SSDEEP

    12288:6i4ET7+0pAiv+ZmEeTzYc8PwfqgvUIX8ERc:6i4ETK0pD+Zm9TzowpAR

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-21_aceb00042aef1466dfcf9f98e9abd044_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-21_aceb00042aef1466dfcf9f98e9abd044_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4848
    • C:\Users\Admin\AppData\Local\Temp\2C50.tmp
      "C:\Users\Admin\AppData\Local\Temp\2C50.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-04-21_aceb00042aef1466dfcf9f98e9abd044_mafia.exe 52677E51E97E77F227AB5952224CD29BCBA909D07AEB2EE583BBB37CC6E625D197F76BAB2DB8376FB1F777BF089F8FEABEA7B52B7F4D2F76B6006AE9ACEFBD88
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:4280

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\2C50.tmp
    Filesize

    441KB

    MD5

    758f9ad59c9899d5970b4ceb8213134e

    SHA1

    8f7bec21e1360b6f28aca8124f709e456e6ba7cc

    SHA256

    2be69bc273a721fd9081a2160ac11fbe7962bd9db9176ebcaeee1bddadaba6fe

    SHA512

    4eedb2d6f55d1d35582f73266f33df81a691139d35dfe3fea3830712cbf9693766ca8e8865dab8708d336f5f9e30c944cc1132afa0c3ef6f3ff503023f138e3e

    Download Submit

  • memory/4280-5-0x0000000000F10000-0x0000000000F87000-memory.dmp

    Filesize

    476KB

    Download

  • memory/4280-7-0x0000000000F10000-0x0000000000F87000-memory.dmp

    Filesize

    476KB

    Download

  • memory/4848-0-0x0000000000920000-0x0000000000997000-memory.dmp

    Filesize

    476KB

    Download

  • memory/4848-6-0x0000000000920000-0x0000000000997000-memory.dmp

    Filesize

    476KB

    Download