00a52511a712ce1d70b22a9d994d3c37a5e18acdf019453f8539a3cf0b098551

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/01/2024, 12:28

Target

2024-01-25_4df14e7fa5a6dc3e677c6200fadff7de_mafia.exe
Size

443KB
MD5

4df14e7fa5a6dc3e677c6200fadff7de
SHA1

0f3e82a7e0ed4b03287397c8ad347c9259082fb9
SHA256

00a52511a712ce1d70b22a9d994d3c37a5e18acdf019453f8539a3cf0b098551
SHA512

b210f2562aa088b41cc1b6b61c78dcd82b4460fc1a73383f5659606dc7aa3247d1dac6e2ca72d54eb6553ecbdd292d7a86674223a4eb0e88bb8a20cf50bf0422
SSDEEP

12288:Wq4w/ekieZgU6kx5NkZL6iVDmSY/G4VlMa:Wq4w/ekieH62kZGi13YXP

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2300	84A.tmp

Executes dropped EXE 1 IoCs

pid	Process
2300	84A.tmp

Loads dropped DLL 1 IoCs

pid	Process
2544	2024-01-25_4df14e7fa5a6dc3e677c6200fadff7de_mafia.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2544 wrote to memory of 2300	2544	2024-01-25_4df14e7fa5a6dc3e677c6200fadff7de_mafia.exe	28
PID 2544 wrote to memory of 2300	2544	2024-01-25_4df14e7fa5a6dc3e677c6200fadff7de_mafia.exe	28
PID 2544 wrote to memory of 2300	2544	2024-01-25_4df14e7fa5a6dc3e677c6200fadff7de_mafia.exe	28
PID 2544 wrote to memory of 2300	2544	2024-01-25_4df14e7fa5a6dc3e677c6200fadff7de_mafia.exe	28

\Users\Admin\AppData\Local\Temp\84A.tmp

Filesize
443KB

MD5
07a45956601f749c651045151733766e

SHA1
d95fa195058b1584a408855ef8bdcbbb47c52a3c

SHA256
51f9de1d1cb90daffe39fec943265512a77a8e06a2d8398e3aaea693cae969f0

SHA512
4dc0838bdc4b5be56b5d08e727fa68863d5401eb9fd95e46345073291ad4c6ff5277c1c7553b5d2a9e540838c7f9c9600a5a3aa19ae53c1406b07b37f9720280

Download Submit