15233b8e0e79b70a090a34cc88ae697a7abb342971ee821181a3123490eb585a

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/01/2024, 15:24

Target

2024-01-24_645bfe7bf9ffcdf96045a30ffceb7049_mafia.exe
Size

444KB
MD5

645bfe7bf9ffcdf96045a30ffceb7049
SHA1

5b0fc30c9d14f60a4fb1fc194978bb28e1458aa5
SHA256

15233b8e0e79b70a090a34cc88ae697a7abb342971ee821181a3123490eb585a
SHA512

35bcce723f6659080da9c4854a7ec0958da88605cdf5bd88827bd6ae44505d25a1d09504e810192125519ba9825838c9acb55a8082a4544d8699fde6123df646
SSDEEP

12288:Nb4bZudi79L5qW7ntauFBz5a5gAU2wA4IFmeA:Nb4bcdkLpJLz05gpLIU

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2376	670D.tmp

Executes dropped EXE 1 IoCs

pid	Process
2376	670D.tmp

Loads dropped DLL 1 IoCs

pid	Process
3028	2024-01-24_645bfe7bf9ffcdf96045a30ffceb7049_mafia.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 2376	3028	2024-01-24_645bfe7bf9ffcdf96045a30ffceb7049_mafia.exe	28
PID 3028 wrote to memory of 2376	3028	2024-01-24_645bfe7bf9ffcdf96045a30ffceb7049_mafia.exe	28
PID 3028 wrote to memory of 2376	3028	2024-01-24_645bfe7bf9ffcdf96045a30ffceb7049_mafia.exe	28
PID 3028 wrote to memory of 2376	3028	2024-01-24_645bfe7bf9ffcdf96045a30ffceb7049_mafia.exe	28

\Users\Admin\AppData\Local\Temp\670D.tmp

Filesize
444KB

MD5
a9c9dc6f43892e91ad9e9486be689ba3

SHA1
e1fa06074335a0bde36b8b233e888b2ed45351e5

SHA256
4208080593b17bf21d258c8210f05f676d3d272aa9be953278f37c775ef5b2f6

SHA512
9d8c13ed691ffdf85e5461bcdec6de84e91840da50a38e82f88c0aa03dfcd9ee47a119dfe4d57a9afc20effe5ed9d4495ac7d3bd73f8e24df29e7940817a7159

Download Submit