Overview

overview

7

Static

static

1

2024-05-23...ia.exe

windows7-x64

1

2024-05-23...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-05-2024 05:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-23_88ae57b87b9553ad09012e234d02ceac_mafia.exe

  • Size

    1.3MB

  • MD5

    88ae57b87b9553ad09012e234d02ceac

  • SHA1

    6dafdaea23649d4f6e8d9a5ce07b59a531cd101d

  • SHA256

    27522bdeff6c73208c4068a84acac7cce6fa352ffa0b2969acaea6271a9fe57c

  • SHA512

    944083c2ba00773714655be55782a10a7124ec63ad583d9ee162fe63b70c1b1f2d5d65017d37346f94119be2b7044612583cb9396a1ac6b3945ee98e94c450f4

  • SSDEEP

    12288:nMdFv0dk0brhyp7R56xeQrxuHeUBioRvbrj0sL2YoMjZJM8M8M8MG:nM0rhuLQNuHeSl3p3jzM8M8M8MG

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-23_88ae57b87b9553ad09012e234d02ceac_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-23_88ae57b87b9553ad09012e234d02ceac_mafia.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4732
    • C:\Program Files\Java\jre-1.8\bin\javaws.exe
      "C:\Program Files\Java\jre-1.8\bin\javaws.exe" -SSVBaselineUpdate
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:880
      • C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe
        "C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre-1.8" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxsaWJcZGVwbG95LmphcgAtRGphdmEuc2VjdXJpdHkucG9saWN5PWZpbGU6QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZS0xLjhcbGliXHNlY3VyaXR5XGphdmF3cy5wb2xpY3kALUR0cnVzdFByb3h5PXRydWUALVh2ZXJpZnk6cmVtb3RlAC1Eam5scHguaG9tZT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxqYXZhd3MuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxkZXBsb3kuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxwbHVnaW4uamFyAC1Eam5scHguanZtPUM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGJpblxqYXZhdy5leGU= -ma LVNTVkJhc2VsaW5lVXBkYXRlAC1ub3RXZWJKYXZh
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2360
        • C:\Windows\system32\icacls.exe
          "C:\Windows\system32\icacls.exe" C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "\"everyone\":(OI)(CI)M"
          4⤵
          • Modifies file permissions
          PID:1216

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties
    Filesize

    713B

    MD5

    9703e1fb93c569e2f82df277b782535b

    SHA1

    9310f5199f39a2eb70ae87962bac796eeadbaadb

    SHA256

    d77b8ddb496d4b0bd07bdd909ca8271897520a96bb5fef8398b84f18a4f5315e

    SHA512

    372dbce21646f6a1d314b020476031f1229ffc34af04ed9cdb807e0277af790ec60782d2e4409067c865a2afb2afb257bde8801609ec2a07c16a8e45b20392bc

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\security\securitypack.jar
    Filesize

    12KB

    MD5

    4f9f42a2c5524bf0ce187c5dcb517b89

    SHA1

    b54ff1e485ee0605753e23f254e288f9a79cc59d

    SHA256

    e271e41f800f3f25e0f9fe212f2e31e6a57b74d28b89fd3425deb42a6a1b411a

    SHA512

    45eb73dae61b6cb855a33966b6c3f1f064a15714761e3075eda105f72adf3780b05dbfbcca75fb47734ca47bb6abe4a1db075d30b1db748ffca11d9928d6cdbc

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\jusched.log
    Filesize

    296KB

    MD5

    229a8ab53944737f3fa4dad1b52089de

    SHA1

    13e6077d9fa5344f6a3900adcbbcfdf9cd8a7bd1

    SHA256

    915383ce7ac9d1a3eef3bb95a3258cabd898aba8dcd719cd3b9d53a510f8b384

    SHA512

    0f482228f89730400084fa09ee8508f8c979c3d961aab02f3e393f066198e0231dab332b436ee1b235aff3cd1cb813b63d5d9cd32802828082c3d3832540dc25

    Download Submit
  • memory/2360-9-0x000001D09D610000-0x000001D09D880000-memory.dmp
    Filesize

    2.4MB

    Download
  • memory/2360-27-0x000001D09D5F0000-0x000001D09D5F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2360-49-0x000001D09D5F0000-0x000001D09D5F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2360-82-0x000001D09D5F0000-0x000001D09D5F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2360-126-0x000001D09D5F0000-0x000001D09D5F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2360-127-0x000001D09D610000-0x000001D09D880000-memory.dmp
    Filesize

    2.4MB

    Download