0b1dbd53c6afadfef8d4b6df0cd102c17cf9448ed5defd369204ffbdb81ac186

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
04-02-2024 00:32

Target

2024-02-04_9767cde46295b4931d113eb4c0299749_mafia.exe
Size

435KB
MD5

9767cde46295b4931d113eb4c0299749
SHA1

80a155cb673d7ef29e3facaef4db23b6a4f2a92b
SHA256

0b1dbd53c6afadfef8d4b6df0cd102c17cf9448ed5defd369204ffbdb81ac186
SHA512

905335446a68170bd3d6761f0d31af002a9361861f1ead098d36d3cfdb9811f681ab4551ab357dfce0d526c3f97e6d6e49fdaf025457665d080d77df8be6e378
SSDEEP

12288:9W4ufepiqKQ1mblnSQJ4YzVriXHkMnnRJ:9W4ufepiqhmph4YpWXl

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2960	445.tmp

Executes dropped EXE 1 IoCs

pid	Process
2960	445.tmp

Loads dropped DLL 1 IoCs

pid	Process
2360	2024-02-04_9767cde46295b4931d113eb4c0299749_mafia.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2360 wrote to memory of 2960	2360	2024-02-04_9767cde46295b4931d113eb4c0299749_mafia.exe	28
PID 2360 wrote to memory of 2960	2360	2024-02-04_9767cde46295b4931d113eb4c0299749_mafia.exe	28
PID 2360 wrote to memory of 2960	2360	2024-02-04_9767cde46295b4931d113eb4c0299749_mafia.exe	28
PID 2360 wrote to memory of 2960	2360	2024-02-04_9767cde46295b4931d113eb4c0299749_mafia.exe	28

C:\Users\Admin\AppData\Local\Temp\445.tmp

Filesize
435KB

MD5
657370237669ca904fce6d8af96822d7

SHA1
df030f31f2fe8d64ea70616a93d132bf9253f26f

SHA256
3f99131bd5f5cb057598fe239ff448de32587309c2c84ec0b9688de5ea5a0df6

SHA512
bbc88a7bdc0a08711846e8c2cdd14daed6f8fe278e8f34310c967697305be4117ee4253d6eea58e7655f8e42ac994081a4abad682a3dea1f81966f81354fb1f7

Download Submit