8aa1094c5444c0a2f5c4aef417ae4e6bb4b015832f294ebbb1f1a46ae202689a

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
23/01/2024, 16:46

Target

2024-01-23_1ab5b951b6caf96586669d63ce1e110a_mafia.exe
Size

486KB
MD5

1ab5b951b6caf96586669d63ce1e110a
SHA1

e377533a1494c04a5985b7a66515cf8333e0f72c
SHA256

8aa1094c5444c0a2f5c4aef417ae4e6bb4b015832f294ebbb1f1a46ae202689a
SHA512

ad499c898d57fb921b4c2cee9044bf658c6ab915e6137ae320384ffd184ebe18310c32803f0bc31b328fcafa02be7a2b98d1be36806e70e01052093ffb0a4ba1
SSDEEP

12288:3O4rfItL8HP+GIyXMPtZrXjgBA7pMZV0BHKk7rKxUYXhW:3O4rQtGP+WXMTrTTm09Kk3KxUYXhW

Score

7^/10

Deletes itself 1 IoCs

pid	Process
1968	A026.tmp

Executes dropped EXE 1 IoCs

pid	Process
1968	A026.tmp

Loads dropped DLL 1 IoCs

pid	Process
2220	2024-01-23_1ab5b951b6caf96586669d63ce1e110a_mafia.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 1968	2220	2024-01-23_1ab5b951b6caf96586669d63ce1e110a_mafia.exe	28
PID 2220 wrote to memory of 1968	2220	2024-01-23_1ab5b951b6caf96586669d63ce1e110a_mafia.exe	28
PID 2220 wrote to memory of 1968	2220	2024-01-23_1ab5b951b6caf96586669d63ce1e110a_mafia.exe	28
PID 2220 wrote to memory of 1968	2220	2024-01-23_1ab5b951b6caf96586669d63ce1e110a_mafia.exe	28

\Users\Admin\AppData\Local\Temp\A026.tmp

Filesize
486KB

MD5
1673d05578a6b8920a056ecdd8069f1f

SHA1
2c109845475706396a13b49c9c402bab3a22c1e8

SHA256
2bd09fdf415851eb2edb6932d8c5ef9c0ca068d36c635382dfd349a9efbf1abc

SHA512
4f5815834a25dcd1b45483a7e7c616e7f9526d43aca28960fded374f163c6d03e42a4a92d8e1bf00662393daa858e60d2e6ccacb0536385e6911f6a2549b0484

Download Submit