3b700349cbc4d267b6772b0d3c7ce232d68013a0868842c40e093a7c94b68b40

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 17:43

Target

2024-01-25_21310de8491318d13f60ab90a082e518_mafia.exe
Size

412KB
MD5

21310de8491318d13f60ab90a082e518
SHA1

8ac84cdefbfdb6d248b1ffee2d79386d64cc0ed2
SHA256

3b700349cbc4d267b6772b0d3c7ce232d68013a0868842c40e093a7c94b68b40
SHA512

5c07e8556d78d944cb873e33800df3581dc14fca1c4631239723663cf42c5c61d75cd6e1a8118a3169f6d3eb0861bf1c8c954904fa3dce9c635ba04cac47cd77
SSDEEP

12288:U6PCrIc9kph5MRjl7oXIxvJ+TRchwzNLV9/:U6QIcOh5Uj+TRc4N59

Score

7^/10

Deletes itself 1 IoCs

Processes:

4A59.tmp

pid	Process
2984	4A59.tmp

Executes dropped EXE 1 IoCs

Processes:

4A59.tmp

pid	Process
2984	4A59.tmp

Loads dropped DLL 1 IoCs

Processes:

2024-01-25_21310de8491318d13f60ab90a082e518_mafia.exe

pid	Process
1152	2024-01-25_21310de8491318d13f60ab90a082e518_mafia.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

2024-01-25_21310de8491318d13f60ab90a082e518_mafia.exe

description	pid	Process	procid_target
PID 1152 wrote to memory of 2984	1152	2024-01-25_21310de8491318d13f60ab90a082e518_mafia.exe	28
PID 1152 wrote to memory of 2984	1152	2024-01-25_21310de8491318d13f60ab90a082e518_mafia.exe	28
PID 1152 wrote to memory of 2984	1152	2024-01-25_21310de8491318d13f60ab90a082e518_mafia.exe	28
PID 1152 wrote to memory of 2984	1152	2024-01-25_21310de8491318d13f60ab90a082e518_mafia.exe	28

C:\Users\Admin\AppData\Local\Temp\4A59.tmp

Filesize
412KB

MD5
7b5b4ad12fc6806ef276c61f8b515889

SHA1
59c47437cf595e24227430e12cb50658ac4b1464

SHA256
dc854423056ba42ab3c94e89b1c50852728e69e0d46740e96a2c93ad8d46d971

SHA512
c4d05cf590cbffbcee49b8a5a22f9281b2926a93e369419dc36883e4ef2ea39f7e979fc713cff52b48ca6b25cebe0c24decffd4445b2851a05edb64a6fed2851

Download Submit