Overview

overview

7

Static

static

1

2024-06-28...ia.exe

windows7-x64

7

2024-06-28...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    28/06/2024, 05:27

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-28_b1053b5f0e6446b6a15eea112effeb3d_mafia.exe

  • Size

    2.7MB

  • MD5

    b1053b5f0e6446b6a15eea112effeb3d

  • SHA1

    45323a5cbb62b3bffdc2eb17dfb9680db443c13d

  • SHA256

    9a519499f7c91c17edfc156888992d009d92ca1396837729029bee5e0ac5fa76

  • SHA512

    d997864bd830cc9320b735eaf50943f9d59410bd9d60ebd20050c19b5f26f32cc619a8e61b6daa09d7480449c80b3e9d8d17fc7ed86481dfb5948da408c4750b

  • SSDEEP

    49152:5sjn1sK+JcjRLO6+Yj/gaK4sqNAHmSpRSE/l83u:5sjn1s7JcpO6+Yj/JNjqRS8

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-28_b1053b5f0e6446b6a15eea112effeb3d_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-28_b1053b5f0e6446b6a15eea112effeb3d_mafia.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:1632

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\del.dll
          Filesize

          1.0MB

          MD5

          418cea23d419b469d2391f7608b372ab

          SHA1

          0096d9cf8ec7ca8888cfee3d82c3a19bb531a0bd

          SHA256

          a53a368c55b7fe0ca301ed2e657342c8365832a80708ea5a742dfbc15a9dcf82

          SHA512

          3b325bdbc413487cf21a2f09ae6c0a6092dc719ed6447833ffafea07a468d49b8075f6ae0c6e0508d4697d4c83fe7d804a34f1c019efb619f3f5902a2510370a

          Download Submit

        • memory/1632-5-0x00000000001D0000-0x00000000001D1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1632-8-0x00000000001D0000-0x00000000001D1000-memory.dmp

          Filesize

          4KB

          Download