Overview

overview

7

Static

static

3

2024-04-22...ia.exe

windows7-x64

7

2024-04-22...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22-04-2024 01:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-22_597d0bd1f5572b9d7aa4a9f9d1155ea5_mafia.exe

  • Size

    448KB

  • MD5

    597d0bd1f5572b9d7aa4a9f9d1155ea5

  • SHA1

    d944bed594cc85ee11ecbac451c104f8f5d954ce

  • SHA256

    14be7cb56672f0209e68799982c894631b7963ec53f0741b8d8de265ca02da09

  • SHA512

    f2f6eb578c22790b0d6c2b1c0b0143c19d7d8b5acf661bdb8016152898a073cf94ad1c975500cae5aaf7da28cae833df5be85f1dd8cd081e97c68a620ecb6966

  • SSDEEP

    12288:lb4bBxdi79LeM2BkHZml75FH2PyVY5SMcf+:lb4b7dkLTKaq5sPcGSMp

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-22_597d0bd1f5572b9d7aa4a9f9d1155ea5_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-22_597d0bd1f5572b9d7aa4a9f9d1155ea5_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2288
    • C:\Users\Admin\AppData\Local\Temp\14D8.tmp
      "C:\Users\Admin\AppData\Local\Temp\14D8.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-04-22_597d0bd1f5572b9d7aa4a9f9d1155ea5_mafia.exe D92C9DF04B91F164D95695A8300A015CB81C0DCA0DC1DABF0D06A385ABB05F311F97F07B14BA4562FCEB58EDDA402E527DB9B069E586F513A517DE666DB243A3
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\14D8.tmp
    Filesize

    448KB

    MD5

    a22f42ddeca88000d6f8d914753d2a9b

    SHA1

    6f05be49c1d1000ca00a358ccaac4910cb8cdc78

    SHA256

    9fe5e5f59a5f858f192cc217efe94d8ae31c0c19c3326c0cfce235fa42271fa9

    SHA512

    ed27e7585811c957029a0fa2fc034b8cd99c289699640b071b377f39a9fd5cfd795609e14951cb48cfaff7e5cf48201f345a836eacc818686164bd2c9e1ec1c6

    Download Submit

  • memory/1652-7-0x0000000000400000-0x0000000000479000-memory.dmp

    Filesize

    484KB

    Download

  • memory/1652-8-0x0000000000400000-0x0000000000479000-memory.dmp

    Filesize

    484KB

    Download

  • memory/2288-0-0x0000000000400000-0x0000000000479000-memory.dmp

    Filesize

    484KB

    Download

  • memory/2288-5-0x0000000000400000-0x0000000000479000-memory.dmp

    Filesize

    484KB

    Download