b44bd2193f4abb87d3ed04a56f1da78a51257b5063e7298b8b58325154d9f28e

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 17:27

Target

2024-01-25_49391cacd3db9af1e71be0b61d9171fb_mafia.exe
Size

486KB
MD5

49391cacd3db9af1e71be0b61d9171fb
SHA1

a3c2346451f5326a96192e5fcde5a55d5a7f785e
SHA256

b44bd2193f4abb87d3ed04a56f1da78a51257b5063e7298b8b58325154d9f28e
SHA512

6fe0d1218a3bb7c167cfcfac19523b747362ef8f47cd4dabdcdbc0450b5b50185affe4a8ac251d97783535cba390d27d2b46b6294cf9e7a65c4c19b7b58b40e3
SSDEEP

12288:3O4rfItL8HPdn/4KTwgH6WpSn7aDQjmw7rKxUYXhW:3O4rQtGPdARgHS1D3KxUYXhW

Score

7^/10

Deletes itself 1 IoCs

pid	Process
1904	B56.tmp

Executes dropped EXE 1 IoCs

pid	Process
1904	B56.tmp

Loads dropped DLL 1 IoCs

pid	Process
2080	2024-01-25_49391cacd3db9af1e71be0b61d9171fb_mafia.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 1904	2080	2024-01-25_49391cacd3db9af1e71be0b61d9171fb_mafia.exe	19
PID 2080 wrote to memory of 1904	2080	2024-01-25_49391cacd3db9af1e71be0b61d9171fb_mafia.exe	19
PID 2080 wrote to memory of 1904	2080	2024-01-25_49391cacd3db9af1e71be0b61d9171fb_mafia.exe	19
PID 2080 wrote to memory of 1904	2080	2024-01-25_49391cacd3db9af1e71be0b61d9171fb_mafia.exe	19

C:\Users\Admin\AppData\Local\Temp\B56.tmp

Filesize
486KB

MD5
e8943e11d7a40b6d69c40484bf99faec

SHA1
b3cd71ac5b61104fa8960240c0db621fea4a7323

SHA256
a82c382aeeaabc09db9f5245bb9423faf61b0c34f53c18894872232723be3edf

SHA512
531d5e96e42c11c203ef321db4dad0ac3d888d0555e5b269a06b6ecdee2d5f3c6bf2bb5ce731352ae7df3e48f514bc5f05821cc5afb7b3f43c57a5dce1840212

Download Submit