d4a5496b596ff6d160ee6756e320ab8bccf68bd2bd7cbdf085c68a52d2e39b3f

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
27/01/2024, 01:31

Target

2024-01-27_cbfddd77264759b357a32c707d1826a2_mafia.exe
Size

428KB
MD5

cbfddd77264759b357a32c707d1826a2
SHA1

9ca973c349ce0b2f104b6790c27a2532fdd3c1b7
SHA256

d4a5496b596ff6d160ee6756e320ab8bccf68bd2bd7cbdf085c68a52d2e39b3f
SHA512

9327246ef46671bf3cd9bf244becf1410b246091708879251ad5a1ab3713916e5ccafeda7a1558fa19d8500db4b119a372665c14f8b222ba420f83e010d73222
SSDEEP

12288:Z594+AcL4tBekiuKzErin929Sov0KSnQufl:BL4tBekiuVrinoSBIuf

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2460	190C.tmp

Executes dropped EXE 1 IoCs

pid	Process
2460	190C.tmp

Loads dropped DLL 1 IoCs

pid	Process
1572	2024-01-27_cbfddd77264759b357a32c707d1826a2_mafia.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1572 wrote to memory of 2460	1572	2024-01-27_cbfddd77264759b357a32c707d1826a2_mafia.exe	28
PID 1572 wrote to memory of 2460	1572	2024-01-27_cbfddd77264759b357a32c707d1826a2_mafia.exe	28
PID 1572 wrote to memory of 2460	1572	2024-01-27_cbfddd77264759b357a32c707d1826a2_mafia.exe	28
PID 1572 wrote to memory of 2460	1572	2024-01-27_cbfddd77264759b357a32c707d1826a2_mafia.exe	28

C:\Users\Admin\AppData\Local\Temp\190C.tmp

Filesize
428KB

MD5
cc00479c56a6c5e9047681f366499d27

SHA1
92dd847ad38142b346e708141d81afe2ad9d955f

SHA256
a38b2f0f9cec2731a3272fa29572337e0a9d7c28a13ec9ffcbdcd2c9b6df5210

SHA512
941ff1cfa046a517ca92d73b1d8539a5ef3b430e2297489b1e55d03582855ef8e4342b8f2998309f88d6adff5ed74daedc5f4563faa3051cddcbe9d38edb7347

Download Submit