Overview

overview

7

Static

static

1

2024-05-14...ia.exe

windows7-x64

3

2024-05-14...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    92s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-05-2024 11:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-14_0c271d77805e847b54c586d691f59130_mafia.exe

  • Size

    4.8MB

  • MD5

    0c271d77805e847b54c586d691f59130

  • SHA1

    ba17413a67cef8d05584da2e4b763a8daf6e34b1

  • SHA256

    a1fdb1cd4eb27032a94a479025d8505be2d0130b5fa8b18fe7f027829d120a99

  • SHA512

    38631609f402cb197cacaa187167ee73ef4723b6bc89f2df7949b9b621ee4c8ea31c581e48527f258dd360c74be885b383f3fec00fb023685db1e6d5af4621da

  • SSDEEP

    98304:35J+E0SCxIk7zumFWAs/fyIgdElb3EIaFFpPVKh9uN8L4c7eBoLbL5w7APXLAYTi:JYE0SCI4rbECIwBbiL4c7NL8X

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-14_0c271d77805e847b54c586d691f59130_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-14_0c271d77805e847b54c586d691f59130_mafia.exe"
    1⤵
    • Checks computer location settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3236
    • C:\Windows\SysWOW64\PING.EXE
      "C:\Windows\System32\PING.EXE" www.baidu.com -n 2
      2⤵
      • Runs ping.exe
      PID:5096

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\mac5870.tmp
    Filesize

    335B

    MD5

    f0ec4dd4f88fcb2c3174b2f0d3f73d89

    SHA1

    69f18c94c71b6ddc3b5e71c3eae4eb3ab8b9de7b

    SHA256

    de8c437bd2e829a1bca66f4d26ec60138cbfa35dd6a0e04058acb84ffd1b8cb3

    SHA512

    da3651bda4516dc0c7c9eacbeaceb3e8dfff5e7bb680a566f04c2a2f32ddc414bc4fc9e69d70f499f4f79fa4138880234001320c8d698f0e4447fc41b170ec98

    Download Submit