7d7b51f9e4ad6a2e7525a2b5ea7a081fc5a05091a38be2f9abc64ca65ab7f7b1

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 17:36

Target

2024-01-25_b4715b39b9bfc74068291b3ee47d481e_mafia.exe
Size

384KB
MD5

b4715b39b9bfc74068291b3ee47d481e
SHA1

37057fc67738c9c453b71065e93f6dbba14cc8a7
SHA256

7d7b51f9e4ad6a2e7525a2b5ea7a081fc5a05091a38be2f9abc64ca65ab7f7b1
SHA512

6d83d2bc5fc9c17d431f67a4028adea1d4d4a3698757cec5b913ed86b2fc873bb1e13c4699aabecd2ea88934ff61e39e0bff134489af79101de5ab29e6117116
SSDEEP

6144:drxfv4co9ZL3GBGgjODxbf7hHWlCPjFIc7SNZIX2zxxEisZ0gZ:Zm48gODxbzclemMwxiisZ0gZ

Score

7^/10

Deletes itself 1 IoCs

Processes:

5BB.tmp

pid	Process
1676	5BB.tmp

Executes dropped EXE 1 IoCs

Processes:

5BB.tmp

pid	Process
1676	5BB.tmp

Loads dropped DLL 1 IoCs

Processes:

2024-01-25_b4715b39b9bfc74068291b3ee47d481e_mafia.exe

pid	Process
2340	2024-01-25_b4715b39b9bfc74068291b3ee47d481e_mafia.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

2024-01-25_b4715b39b9bfc74068291b3ee47d481e_mafia.exe

description	pid	Process	procid_target
PID 2340 wrote to memory of 1676	2340	2024-01-25_b4715b39b9bfc74068291b3ee47d481e_mafia.exe	18
PID 2340 wrote to memory of 1676	2340	2024-01-25_b4715b39b9bfc74068291b3ee47d481e_mafia.exe	18
PID 2340 wrote to memory of 1676	2340	2024-01-25_b4715b39b9bfc74068291b3ee47d481e_mafia.exe	18
PID 2340 wrote to memory of 1676	2340	2024-01-25_b4715b39b9bfc74068291b3ee47d481e_mafia.exe	18

C:\Users\Admin\AppData\Local\Temp\5BB.tmp

Filesize
384KB

MD5
5744efe2b6b44961527d4e8625f847a3

SHA1
e26d79dbdeb2a9d554e0f84bf59b56fd9a9e7502

SHA256
5339e9b2747f6068ec73592e1fee8e80826e0d90b12176d42c0e4a74d929a131

SHA512
573cec3c473fb4fdb4de84e6b560eca275521e893f631bf48f46fb4d01db71b2a2c535b056f4929df2f0e73ff932af7c8b6cc8d7b8ef2187f39ebe6053330f86

Download Submit