Overview

overview

7

Static

static

3

2024-05-27...ia.exe

windows7-x64

7

2024-05-27...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27/05/2024, 00:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-27_86fc81c02fca59f6ec4a776559c44120_mafia.exe

  • Size

    447KB

  • MD5

    86fc81c02fca59f6ec4a776559c44120

  • SHA1

    8d4a9bae1cb62b93708a35f5325d7afb5dd08f6a

  • SHA256

    9124b063040bddffce50a5b767fd45254a7ab24cba65bff7da2e73a9f2f30407

  • SHA512

    4d3bdff5fb54caab35e0fb78c7bd2eaf15ec64bb769d3493c0fa53632e339a038fdeaab4d6b0c656b339d71356234b17c375890f959f9c23d4921ac66ab97f68

  • SSDEEP

    12288:w/rYpa1hoj5jsRObPBvlpqznW8VKN3ubY1:wzYpacj5gRObP93qzChubS

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Office loads VBA resources, possible macro or embedded object present
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-27_86fc81c02fca59f6ec4a776559c44120_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-27_86fc81c02fca59f6ec4a776559c44120_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2220
    • C:\Users\Admin\AppData\Local\Temp\2221.tmp
      "C:\Users\Admin\AppData\Local\Temp\2221.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-05-27_86fc81c02fca59f6ec4a776559c44120_mafia.exe BC0B0D6F56B7E45935B55C923CB4A756E806D655FA494012788CD2E20C564B2E1AAE647469EEE8BE16FE4512B1CFD6E839E87E4FAE186EC56DC08B1CE1C003B2
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: RenamesItself
      • Suspicious use of WriteProcessMemory
      PID:1724
      • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
        "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\2024-05-27_86fc81c02fca59f6ec4a776559c44120_mafia.doc"
        3⤵
        • Drops file in Windows directory
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2744
        • C:\Windows\splwow64.exe
          C:\Windows\splwow64.exe 12288
          4⤵
            PID:2636

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\2024-05-27_86fc81c02fca59f6ec4a776559c44120_mafia.doc
      Filesize

      16KB

      MD5

      154788a16dea87853dfcbd117f849b55

      SHA1

      7d36995eb72700adf612129d558b5ace385d672f

      SHA256

      0bc7a2c149ae6ddb143281c277785f10fda4ff6a75c6c73b862108ee22aafa75

      SHA512

      5ad5a1a841c5b39f161a9b8bd929a16d21777289e07c10e8cf867e03a78471a5695e806b541569101c41a8bd01b551cb7f06d1ce01b99f2d72bd9994b6cca79e

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\2221.tmp
      Filesize

      447KB

      MD5

      833bb9747bee169405a7f553424ef7a9

      SHA1

      be8ab0e49cc94ecee9f80ed3a7cbc2f82f0dc96a

      SHA256

      94ec9fdb097b503f0def17c9a07b6e5d9098af255de8bc89405beabe0193f5ae

      SHA512

      4ed9c08fd5fa422a9be8b7759323d67b091afcdfe67f4fa5e33d729fca43428d9382236fb7e0362a043cba6eb70eeeaa7fa2e5598fc6ca74209dd1ac7db4569e

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
      Filesize

      20KB

      MD5

      91026518a0d7c938240afefb78de2ed7

      SHA1

      c5ad065b2a46a2940cab4a89b20deccf4b68a17f

      SHA256

      2c9ab67fa68355d70c81858a127a5bea412bbea0615f52d511bd9256c1594821

      SHA512

      69fe084a0ac7d3e9db356da1bc28528abd2880823114c711968b1f4575cdf138f8fad855e785e083206cd8728819affbbd538f5cb03440b87a4feb99cecde006

      Download Submit

    • memory/2744-7-0x000000002FE31000-0x000000002FE32000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2744-8-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2744-9-0x0000000070EFD000-0x0000000070F08000-memory.dmp

      Filesize

      44KB

      Download

    • memory/2744-19-0x0000000070EFD000-0x0000000070F08000-memory.dmp

      Filesize

      44KB

      Download

    • memory/2744-34-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download