8724f7cb88d613a4fb184ca5e3d2ea051acb6018785668628cba33935c455dbd

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28-01-2024 14:23

Target

2024-01-28_1832d2847d0a7a5be3611ff636fb7f04_mafia.exe
Size

428KB
MD5

1832d2847d0a7a5be3611ff636fb7f04
SHA1

e6bf998f643af7565ad325488829cd965b8ce5f4
SHA256

8724f7cb88d613a4fb184ca5e3d2ea051acb6018785668628cba33935c455dbd
SHA512

967791ca15cb62b2e0120b92e31f6635cd688a45810600f0f1a11e6d005ba92706dc196bf228a9aa34ff7d01bce92d7b49d19b00d3db032ea8dbcd1d73ca6eb5
SSDEEP

6144:gVdvczEb7GUOpYWhNVynE/mFyGPSlEnwHhiGZ+0op2bMXjeW9waNeqHR:gZLolhNVyEZGKlEnqop2bMzD9wLqHR

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2420	5985.tmp

Executes dropped EXE 1 IoCs

pid	Process
2420	5985.tmp

Loads dropped DLL 1 IoCs

pid	Process
2968	2024-01-28_1832d2847d0a7a5be3611ff636fb7f04_mafia.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2968 wrote to memory of 2420	2968	2024-01-28_1832d2847d0a7a5be3611ff636fb7f04_mafia.exe	28
PID 2968 wrote to memory of 2420	2968	2024-01-28_1832d2847d0a7a5be3611ff636fb7f04_mafia.exe	28
PID 2968 wrote to memory of 2420	2968	2024-01-28_1832d2847d0a7a5be3611ff636fb7f04_mafia.exe	28
PID 2968 wrote to memory of 2420	2968	2024-01-28_1832d2847d0a7a5be3611ff636fb7f04_mafia.exe	28

C:\Users\Admin\AppData\Local\Temp\5985.tmp

Filesize
428KB

MD5
7156bc20f4ff5d23541eb57df57bd05c

SHA1
f83087c4296d9f687166ca488c8d49e385beac08

SHA256
542035f177dc2c8e0795cfdb42ca6d844523d5a5d0ff76844d9bae21e299ee5a

SHA512
9aa07a17eba8ee567bee4fe3c453ea50972e03fb3bd1c609073ff224348b557ebb4e2738bd8ae6d3427340a5162b3da703cb652b528ed6599e55644d76b70178

Download Submit