38eb17900b3672e865f6da2616bdcd1503bc7dbfb3e3c7f390cd941d75a5d6e1

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
27-01-2024 13:26

Target

2024-01-27_2a3216b55e5485cbb1fcbc9d1e8a0293_mafia.exe
Size

414KB
MD5

2a3216b55e5485cbb1fcbc9d1e8a0293
SHA1

1c88aabcf090f01a7b82042fd28d95c305ef4e70
SHA256

38eb17900b3672e865f6da2616bdcd1503bc7dbfb3e3c7f390cd941d75a5d6e1
SHA512

3ac91042ce201b8413a40cb35a5c3bfc3e7e140a0df77d736d00a71e57ca1523e97a853a3216711f7b4663e2952f0065b27da4a0655e0c26817e68a872d719fd
SSDEEP

12288:Wq4w/ekieZgU6Sob28muG0kdvrquEfxol:Wq4w/ekieH6Sob2BrvrmfC

Score

7^/10

Deletes itself 1 IoCs

pid	Process
1444	3D8.tmp

Executes dropped EXE 1 IoCs

pid	Process
1444	3D8.tmp

Loads dropped DLL 1 IoCs

pid	Process
2948	2024-01-27_2a3216b55e5485cbb1fcbc9d1e8a0293_mafia.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2948 wrote to memory of 1444	2948	2024-01-27_2a3216b55e5485cbb1fcbc9d1e8a0293_mafia.exe	28
PID 2948 wrote to memory of 1444	2948	2024-01-27_2a3216b55e5485cbb1fcbc9d1e8a0293_mafia.exe	28
PID 2948 wrote to memory of 1444	2948	2024-01-27_2a3216b55e5485cbb1fcbc9d1e8a0293_mafia.exe	28
PID 2948 wrote to memory of 1444	2948	2024-01-27_2a3216b55e5485cbb1fcbc9d1e8a0293_mafia.exe	28

\Users\Admin\AppData\Local\Temp\3D8.tmp

Filesize
414KB

MD5
bfb51ed927731db208c07377cbb39114

SHA1
0b89ccedbddf8056a19862965e804532ae66b797

SHA256
26a9865c6c9133a9acc1e73f0df3d9a05eabcc9a1481371708bfcac06e1d52e2

SHA512
fc304a884f3ad3058c7c996406b8f2ae39f9f17e4a8bd40e744e67c1659860ec5e0788434cba2cd396693f7ddbaaebb27fe1068a2260f21ceec66cc456decae2

Download Submit