0fe2c4db428923f8183dd8b4ce4db6fd70ec795fb7d6e0486afd6006f778d8ce

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
23/01/2024, 21:24

Target

2024-01-23_581a3140b9216aab76af404675f510a1_mafia.exe
Size

468KB
MD5

581a3140b9216aab76af404675f510a1
SHA1

bd561a5e895aa23340fd0ec4ae8325f5bfc00736
SHA256

0fe2c4db428923f8183dd8b4ce4db6fd70ec795fb7d6e0486afd6006f778d8ce
SHA512

94c16b4dee5aa7a4a8268fecc580ba7617a96adb2cefda0ab87c44f9634cb63ed5ff5dab66be2a5de5623b59c480170b56712420c5e08bc15a7d9260962b9eb6
SSDEEP

12288:qO4rfItL8HG9hEpB6v12IQCzXSp4IkDgiumA7bWmeEVGL:qO4rQtGG9h669dQqXubiumAumeEVGL

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2400	47E9.tmp

Executes dropped EXE 1 IoCs

pid	Process
2400	47E9.tmp

Loads dropped DLL 1 IoCs

pid	Process
2120	2024-01-23_581a3140b9216aab76af404675f510a1_mafia.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 2400	2120	2024-01-23_581a3140b9216aab76af404675f510a1_mafia.exe	28
PID 2120 wrote to memory of 2400	2120	2024-01-23_581a3140b9216aab76af404675f510a1_mafia.exe	28
PID 2120 wrote to memory of 2400	2120	2024-01-23_581a3140b9216aab76af404675f510a1_mafia.exe	28
PID 2120 wrote to memory of 2400	2120	2024-01-23_581a3140b9216aab76af404675f510a1_mafia.exe	28

C:\Users\Admin\AppData\Local\Temp\47E9.tmp

Filesize
468KB

MD5
23a897efd99a3746e88edb83455e783e

SHA1
d992b67a8eb7870da1e69b07b574d265834c43ae

SHA256
518734cdbaa228a1a3ddf9f1a7461a47d4fa50073cd57e793c6f78889f9d7f5f

SHA512
7240aa1bf12c9af765f49625e6bc1aeb55eebbfc5e043bd516f69174cdca5c21a68b5c6ad75d5426d272cc0314d1c1be1c734495700729d1613d3d74d2aa37e7

Download Submit