23e3c36ca416c2d2531e74891aca0b128812c8e55e62c742381a0b5381c32a92

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/02/2024, 15:46

Target

2024-02-12_be2c2cba24d2f9ba9c54849bdfeed226_mafia.exe
Size

412KB
MD5

be2c2cba24d2f9ba9c54849bdfeed226
SHA1

767dfbc3201863efa7fb2c5f7ee3959840ee4597
SHA256

23e3c36ca416c2d2531e74891aca0b128812c8e55e62c742381a0b5381c32a92
SHA512

db2a9baa5dbddda2c56a48c58f50ac84c6362bf88ef0fda3f05d551578d48fd6aabd80d97d39ede404a2cde8717c2e1f7f0bb6aac56bc5288843043d82441646
SSDEEP

12288:U6PCrIc9kph5WVjq7T1JPQfHWQYTDtrs7i:U6QIcOh5OG7T1FBQYN

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2704	539C.tmp

Executes dropped EXE 1 IoCs

pid	Process
2704	539C.tmp

Loads dropped DLL 1 IoCs

pid	Process
2252	2024-02-12_be2c2cba24d2f9ba9c54849bdfeed226_mafia.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2252 wrote to memory of 2704	2252	2024-02-12_be2c2cba24d2f9ba9c54849bdfeed226_mafia.exe	28
PID 2252 wrote to memory of 2704	2252	2024-02-12_be2c2cba24d2f9ba9c54849bdfeed226_mafia.exe	28
PID 2252 wrote to memory of 2704	2252	2024-02-12_be2c2cba24d2f9ba9c54849bdfeed226_mafia.exe	28
PID 2252 wrote to memory of 2704	2252	2024-02-12_be2c2cba24d2f9ba9c54849bdfeed226_mafia.exe	28

\Users\Admin\AppData\Local\Temp\539C.tmp

Filesize
412KB

MD5
a1358668b19c924d439c5f15939f4d66

SHA1
cba8b911f3b5001ee56418047066aa37ee685f9d

SHA256
2bf4ec10da129cc609f8ea7bb248c156b8d09baa6158398f2ba0b7aad2abcb11

SHA512
c2d856565a71282b593f2acd367c51b5f976df62d07ed32d870b56582d783b9cc983df3ef8e1e818293b9574fb4dc7dc1f5d48a2107789b5126a1435ab00a80e

Download Submit