Overview

overview

7

Static

static

3

2024-04-24...ia.exe

windows7-x64

7

2024-04-24...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/04/2024, 12:42

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-24_ec205999493831d4adffda9d9ab3037b_mafia.exe

  • Size

    413KB

  • MD5

    ec205999493831d4adffda9d9ab3037b

  • SHA1

    1ee3749a1ca8e1cf5b8a4b8a43914bbf51d3f5a4

  • SHA256

    ffabdbb720ff96291fe9b249bd373135b134e0dc8e6fe2bad6796e6f16b271ce

  • SHA512

    f08d3faf47c83cb743c530d78e263b7413750a980914fb7c61d245a6a0764139276b2a61e3223957b62cf053e1a57ebc4e35c96a2b3e51bc02890e1380911699

  • SSDEEP

    6144:gVdvczEb7GUOpYWhNVynE/mFjrVuaJo+6xuZtRKnxyRb0TQ4A3UeqHg:gZLolhNVyE0rjx6xuZvKcRbU0qHg

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-24_ec205999493831d4adffda9d9ab3037b_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-24_ec205999493831d4adffda9d9ab3037b_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3220
    • C:\Users\Admin\AppData\Local\Temp\F07A.tmp
      "C:\Users\Admin\AppData\Local\Temp\F07A.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-04-24_ec205999493831d4adffda9d9ab3037b_mafia.exe BBC78B9B225C367BE3F68DC4964501620C24D0B7729F10E349A236BFFB976D66CEE94B2F81B4F76A4B6E5C21ED0DFD2A3A5E76EBBD5D0FA669DE535E030C9174
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2416
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4072 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3628

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\F07A.tmp
            Filesize

            413KB

            MD5

            a3b812506eb35d0f1b231de09e87cc81

            SHA1

            1eca13f3b51bc081a58098c6b7cd437e5ec66cb5

            SHA256

            6056a3f2bf17c0c9ff2463575027912464286b3cdb65121e6f8fbe063625d624

            SHA512

            8a24be7e483d66b6f7714bf5bea6e585cad070b1e57a82960f8c4fe540b300674fc0bb5b875ea4c2a3af63deb5f1700a04a1d33b4fc39b50afbe56b5243bbc05

            Download Submit