Overview

overview

7

Static

static

3

2024-08-20...ia.exe

windows7-x64

7

2024-08-20...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    134s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-08-2024 08:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-08-20_81cb9fabb35c070ce5ff4cc0eeaace4e_mafia.exe

  • Size

    413KB

  • MD5

    81cb9fabb35c070ce5ff4cc0eeaace4e

  • SHA1

    35112a43c8265055b5bc6f7a7a4ee6bd1e098726

  • SHA256

    7c4c8065a3d7985a206aeaa0e42e134673c99a0b58ea108a9463d3c07f0c64c9

  • SHA512

    c72551738a01ee0652854fc130b5782efab2b01d643585903783ca49757e42c6bbaf89a00063eb248bb0b74463a862e1c652a6dff8b6047ff06f56d5ee56bc64

  • SSDEEP

    6144:gVdvczEb7GUOpYWhNVynE/mFQfXNAjklGmMpzL02gMs6uK6JVzJZ4qHg:gZLolhNVyE1fXNAjZzLmnK0d2qHg

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-08-20_81cb9fabb35c070ce5ff4cc0eeaace4e_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-08-20_81cb9fabb35c070ce5ff4cc0eeaace4e_mafia.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2512
    • C:\Users\Admin\AppData\Local\Temp\AAB2.tmp
      "C:\Users\Admin\AppData\Local\Temp\AAB2.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-08-20_81cb9fabb35c070ce5ff4cc0eeaace4e_mafia.exe 83DCC39B466EE0928918446A59C875D081729455FC477E605F29C9E88434EFE25303F81568E442996DC6BF30573DA19B58CE93C1B9330EF2189DDF9DB1BDE21A
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • System Network Configuration Discovery: Internet Connection Discovery
      PID:960
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4120,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=4464 /prefetch:8
    1⤵
      PID:1668

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\AAB2.tmp
      Filesize

      413KB

      MD5

      c40ec1f659ef4cea2f68927f9f94b23f

      SHA1

      4321876bb79d83608d17cf20aeef8d8a937da4cd

      SHA256

      fad6efa1c930d07f88190b1b7caeb23183789f5d27c4ea77e735b0bdd036aec0

      SHA512

      995a398a755594c5488ecd4fe7ea9ae7bdfa116ad7680907c23bca60b818ac65a5c6c0c2880c463e05f468ca36e219fa93b64a3ebb8f3b09f6fcce2f51d6bb11

      Download Submit