Overview

overview

7

Static

static

3

2024-04-27...ia.exe

windows7-x64

7

2024-04-27...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    27/04/2024, 18:22

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-27_a014140d4f5555e155f05e539268b141_mafia.exe

  • Size

    441KB

  • MD5

    a014140d4f5555e155f05e539268b141

  • SHA1

    225e26e69cf584b3cb11abce5b9c841e660afa05

  • SHA256

    d73c0a7e7350bb2a9f5fe02882ba5983df76b9ddbe5d5b0bb82cd01f967e1a13

  • SHA512

    26933dd41cf3701a3d5dd7aa0b73e121590dafa80a63b339e6ddcc7d28b2c7761cc8f3beed79214f3f277a5cb2f6c1b66fb6208affc5448ed1b4d4e600221de0

  • SSDEEP

    6144:6ajdz4s4mDHq9OXpOd0p6Jiv+vtvrNLgeeV6mXkqAd+qSesWYdz2xTRYJ9PIwmc:6i4ET7+0pAiv+0HXkPx1Kd9mc

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-27_a014140d4f5555e155f05e539268b141_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-27_a014140d4f5555e155f05e539268b141_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2248
    • C:\Users\Admin\AppData\Local\Temp\6F3.tmp
      "C:\Users\Admin\AppData\Local\Temp\6F3.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-04-27_a014140d4f5555e155f05e539268b141_mafia.exe 6CD965A9DDDA2FD59B6C7B3EAD23C5342234C4AA2D698A92995A6F9B85FDBDB23CA708375665FF9BE1989E469E3206415882E04B3A0635E7A6B90C5BF6DFDC6E
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2660

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\6F3.tmp
          Filesize

          441KB

          MD5

          d42ed10832b0fe61bcb39d4a577608df

          SHA1

          e3d42292e0bf2e3930d74c4aa127f8b00dd4881f

          SHA256

          90ec4dcff7d6a21aa26abb90f0fc3b6b4897b067d30be41332f3590e4b2d203c

          SHA512

          5a77d9124f58d475e8529cb45553c5def9c381792c160d91341ad0801e76b9e1d3f905b993f0df193014e8fd1ed1a72b00a66d84b6905006e05cad6c67288152

          Download Submit

        • memory/2248-0-0x0000000000BE0000-0x0000000000C57000-memory.dmp

          Filesize

          476KB

          Download

        • memory/2248-4-0x0000000000AA0000-0x0000000000B17000-memory.dmp

          Filesize

          476KB

          Download

        • memory/2248-6-0x0000000000BE0000-0x0000000000C57000-memory.dmp

          Filesize

          476KB

          Download

        • memory/2660-8-0x0000000000E60000-0x0000000000ED7000-memory.dmp

          Filesize

          476KB

          Download

        • memory/2660-9-0x0000000000E60000-0x0000000000ED7000-memory.dmp

          Filesize

          476KB

          Download