Overview

overview

10

Static

static

10

2024-07-01...ia.exe

windows7-x64

9

2024-07-01...ia.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    141s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/07/2024, 06:23

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-07-01_4581a5b52ba5aec2d7c8753e5fc17da3_mafia.exe

  • Size

    1.0MB

  • MD5

    4581a5b52ba5aec2d7c8753e5fc17da3

  • SHA1

    3db8a13bc716e7ce329f3edd22e13b7894fb45fe

  • SHA256

    ab592e7fb61d45fbe9b26d4b7ec05f60476d83a0ac9b01ba686be741235c5bda

  • SHA512

    e7f1dbe8865d58b7be5a44393f512d7b3823a0d4edd4dc8d6922e528a2f8cb06a756b357074fcce646be15597c472e617a4c7ca18c848dba661661ae4167624e

  • SSDEEP

    24576:jaXNJQVJvxC3ZKobLzB/3gQvExFpdhC55AKDqsc53vTglq:hJvCZN7B/gkUrMvLqscVgo

Score
9/10
upx

Malware Config

Signatures

  • UPX dump on OEP (original entry point) 9 IoCs
  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Loads dropped DLL 1 IoCs
  • UPX packed file 9 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-07-01_4581a5b52ba5aec2d7c8753e5fc17da3_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-07-01_4581a5b52ba5aec2d7c8753e5fc17da3_mafia.exe"
    1⤵
    • Checks BIOS information in registry
    • Loads dropped DLL
    • Checks processor information in registry
    • Modifies system certificate store
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3380

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\HTM4E10.tmp
          Filesize

          651KB

          MD5

          a3bc82ec91d572027540f7a796dd95fc

          SHA1

          f843bac69c6e1b623a4b7810e691834bd4017810

          SHA256

          cdf24004acda832634a2ca7c656672a5e9de0a6bdf753bd7bee76e87a24f8c07

          SHA512

          262fe7617daaa2b253e93e3cb80973de4789c76c7247fa8eb0880a6ee6a92c6e3d2e54bf973d38b6943d2277f7875e8327c27e0a6361a80efa74ba84b422c8eb

          Download Submit

        • memory/3380-5-0x0000000074860000-0x0000000074A3C000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/3380-6-0x0000000001840000-0x0000000001841000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3380-10-0x0000000074860000-0x0000000074A3C000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/3380-11-0x0000000074860000-0x0000000074A3C000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/3380-12-0x0000000074860000-0x0000000074A3C000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/3380-14-0x0000000074860000-0x0000000074A3C000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/3380-18-0x0000000074860000-0x0000000074A3C000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/3380-23-0x0000000074860000-0x0000000074A3C000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/3380-24-0x0000000074860000-0x0000000074A3C000-memory.dmp

          Filesize

          1.9MB

          Download