cf2a2a628d905213e6e1084011d87f093989ecc992d16f19c2b3c13bb964a62e

Analysis

max time kernel
92s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
12-02-2024 18:30

Target

2024-02-12_d8d1dcb758ccd9175143a5b95316b953_mafia.exe
Size

414KB
MD5

d8d1dcb758ccd9175143a5b95316b953
SHA1

d30a11a544c6d608345c943989a1226b1a3b7550
SHA256

cf2a2a628d905213e6e1084011d87f093989ecc992d16f19c2b3c13bb964a62e
SHA512

7f1f872f49409e21692f479cb3862a6a4226f16d79fc70a421f1cf80287f2baa3409ff6a14afaeb672f84ee1fbd799169b7eae862ab8f1cfce11fd0d11742c68
SSDEEP

12288:Wq4w/ekieZgU6Vr10X4UwAYPnHTRcvA+Dlx:Wq4w/ekieH6oYPnzC4+Dr

Score

7^/10

Deletes itself 1 IoCs

Processes:

4A38.tmp

pid process

216 4A38.tmp
Executes dropped EXE 1 IoCs

Processes:

4A38.tmp

pid process

216 4A38.tmp

pid	process
216	4A38.tmp

pid	process
216	4A38.tmp

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

2024-02-12_d8d1dcb758ccd9175143a5b95316b953_mafia.exe

description	pid	process	target process
PID 1648 wrote to memory of 216	1648	2024-02-12_d8d1dcb758ccd9175143a5b95316b953_mafia.exe	4A38.tmp
PID 1648 wrote to memory of 216	1648	2024-02-12_d8d1dcb758ccd9175143a5b95316b953_mafia.exe	4A38.tmp
PID 1648 wrote to memory of 216	1648	2024-02-12_d8d1dcb758ccd9175143a5b95316b953_mafia.exe	4A38.tmp

C:\Users\Admin\AppData\Local\Temp\2024-02-12_d8d1dcb758ccd9175143a5b95316b953_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-02-12_d8d1dcb758ccd9175143a5b95316b953_mafia.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1648

C:\Users\Admin\AppData\Local\Temp\4A38.tmp

Filesize
414KB

MD5
1e8699238f11c98f8a146b546834c963

SHA1
442bf4d4c7922edbc20f799f4f0c60c690d052d2

SHA256
10704c63bc9acc34186b4f437d68d779cbf8a90b51c11752a21de918e633f174

SHA512
13a0f836b2ab2ccf0565cf04ac329bc9ca81b596d84ea6b57898cd3fcbcf97fbf28565dbc3b5d7d8c2e1053da15f650ed4fae60f1d7c347d4c14e392aff5651d

Download Submit