3eefb4938750266de5c1a379624bddfa527b3109593c1bb26512d3f6afeabc4f

Analysis

max time kernel
145s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
10/01/2024, 05:59

Target

2024-01-09_ae9782441e73888e9d70dc1d490b8396_mafia.exe
Size

433KB
MD5

ae9782441e73888e9d70dc1d490b8396
SHA1

914550a72d359db6f4cfabd01e1d33bd811744ef
SHA256

3eefb4938750266de5c1a379624bddfa527b3109593c1bb26512d3f6afeabc4f
SHA512

66ebab1ce8df98b8ee93fc25a4c46f0ee17d386ca719fa6795145f3b7f9f9851e5c70e3f789ea07fd0e062592f375917eaf6231c3c0192a48273212df0ea6fa6
SSDEEP

12288:Ci4g+yU+0pAiv+8B7nXnksvzWsF4z6BrWT7n:Ci4gXn0pD+8lnlvzJCz6BrWTr

Score

7^/10

Deletes itself 1 IoCs

pid	Process
3816	4A09.tmp

Executes dropped EXE 1 IoCs

pid	Process
3816	4A09.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2488 wrote to memory of 3816	2488	2024-01-09_ae9782441e73888e9d70dc1d490b8396_mafia.exe	22
PID 2488 wrote to memory of 3816	2488	2024-01-09_ae9782441e73888e9d70dc1d490b8396_mafia.exe	22
PID 2488 wrote to memory of 3816	2488	2024-01-09_ae9782441e73888e9d70dc1d490b8396_mafia.exe	22

C:\Users\Admin\AppData\Local\Temp\2024-01-09_ae9782441e73888e9d70dc1d490b8396_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-09_ae9782441e73888e9d70dc1d490b8396_mafia.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2488
- C:\Users\Admin\AppData\Local\Temp\4A09.tmp
  "C:\Users\Admin\AppData\Local\Temp\4A09.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-09_ae9782441e73888e9d70dc1d490b8396_mafia.exe 518C83D198A9A8E67327393D23B6C250EF56194E894307FC27676CC944F2C2A7C9C43A056BFC61ED0963870CBAAC8D33859EB3CB4BCAD26F20AA11373756D11F
  2⤵
  - Deletes itself
  - Executes dropped EXE
  PID:3816