050cd0c29701e02d176ce0368f16a497770660cff40facfbe80d426e01cfca12

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
27-01-2024 11:39

Target

2024-01-27_b83a4e5722f5f917a9acfa2a586cb2f2_mafia.exe
Size

433KB
MD5

b83a4e5722f5f917a9acfa2a586cb2f2
SHA1

2e6e7b3b8fb892faccd597dc9367347763a4632d
SHA256

050cd0c29701e02d176ce0368f16a497770660cff40facfbe80d426e01cfca12
SHA512

647eb12a5f6bf92f264c0fc6ea29691fa5e060a1ede4488a90d7860e726fccc3c9781f2127a10415f7fe69fd971a9c9ac7ff9bd1bafd356ad179d2dc0ed8762d
SSDEEP

12288:Ci4g+yU+0pAiv+r4OsH28HBZtQ3rhISHAXFsiCbn:Ci4gXn0pD+r4OsWs2r7HAX8

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2992	37C3.tmp

Executes dropped EXE 1 IoCs

pid	Process
2992	37C3.tmp

Loads dropped DLL 1 IoCs

pid	Process
2228	2024-01-27_b83a4e5722f5f917a9acfa2a586cb2f2_mafia.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 2992	2228	2024-01-27_b83a4e5722f5f917a9acfa2a586cb2f2_mafia.exe	28
PID 2228 wrote to memory of 2992	2228	2024-01-27_b83a4e5722f5f917a9acfa2a586cb2f2_mafia.exe	28
PID 2228 wrote to memory of 2992	2228	2024-01-27_b83a4e5722f5f917a9acfa2a586cb2f2_mafia.exe	28
PID 2228 wrote to memory of 2992	2228	2024-01-27_b83a4e5722f5f917a9acfa2a586cb2f2_mafia.exe	28

C:\Users\Admin\AppData\Local\Temp\37C3.tmp

Filesize
433KB

MD5
0b754eaf160977bb5a0940605246ef25

SHA1
38d9bb39e6fd0c68d629b3c486cfe7f955593ba7

SHA256
606e27629514e3823c395f90006df4693ae4e82818f8ead767ed9783b13e0112

SHA512
a3bbf094ae8c12208aa155405340f2fe64386c4456ef3bd782b690fc939fc14132047bb8b4306787ee3654295f477b1078a1b58e60a7ad115114082847f883e7

Download Submit