Overview

overview

7

Static

static

3

2024-10-12...ia.exe

windows7-x64

7

2024-10-12...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    12/10/2024, 04:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-10-12_7aba74a83ddec3c79fef0c3c6f29bf17_mafia.exe

  • Size

    428KB

  • MD5

    7aba74a83ddec3c79fef0c3c6f29bf17

  • SHA1

    73f189c89e7b543402291d200eb88fc97e9669b6

  • SHA256

    ffdefc02c00995f2d890167ca54c2e4f9f392ff3a1cef5d9b3f553007f00c5cc

  • SHA512

    84e719e04bd4469663b06f01d09ebfa5e188d5243b39b063713df20678750ba918d355cc2bcffc18973b0807e2919dd58f9e1d2d6c3399766ccb61e5cf76718a

  • SSDEEP

    6144:gVdvczEb7GUOpYWhNVynE/mFTupbKQvEOoX5R/pY+4BOW4EsHQVVUkKbE6qHR:gZLolhNVyE3pb7tsRRYlAQorbjqHR

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-10-12_7aba74a83ddec3c79fef0c3c6f29bf17_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-10-12_7aba74a83ddec3c79fef0c3c6f29bf17_mafia.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2092
    • C:\Users\Admin\AppData\Local\Temp\46D0.tmp
      "C:\Users\Admin\AppData\Local\Temp\46D0.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-10-12_7aba74a83ddec3c79fef0c3c6f29bf17_mafia.exe 701E12AF822A39E2347C73AE2A92154BBE1A434DC8F4B2BFCA86822BF462B6A6C90FE8A0D35B88E44EC7B9C460C7C17B3D919DECB7500AF14B65243B95A0B145
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • System Network Configuration Discovery: Internet Connection Discovery
      PID:2676

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\46D0.tmp
    Filesize

    428KB

    MD5

    b275576a13b5f8e1727c5c1a25b11431

    SHA1

    e0687d09a2c4b221a5de6932a5916220a1c003e9

    SHA256

    ddcef909e2291eeaed2cac733ec43e1e3015cf164f575677bb49e351d51362f7

    SHA512

    cccbc6d270a18e2061e482df65ca3a90745656081a9fce5e10f83e84be39ace94766255835efbcdddcafd8728f2a0e4eeb95637c90ab6ca0d0a636873535ffd7

    Download Submit