d39e98ade8058a323ff38a9aafd0baeb911cd87c620504022c707a050aa27b42

Analysis

max time kernel
139s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12-02-2024 17:45

Target

2024-02-12_9d8b66881928c8638e2c1135cd319a19_mafia.exe
Size

479KB
MD5

9d8b66881928c8638e2c1135cd319a19
SHA1

5b8485638008da85cc9227118269e339b2f392d6
SHA256

d39e98ade8058a323ff38a9aafd0baeb911cd87c620504022c707a050aa27b42
SHA512

9eb3a21e6fe7e8c0178a3441bcf8ce2971fa33e09dbe86d6dfd681f60967f3b69a262dfc71326a406c2325f4aa6ca56ff26bd1f0e00c4bf51ddaafde3032ee01
SSDEEP

12288:bO4rfItL8HARaXN36wy6s1+7w0jNDTYPodMnA+ShB75UO:bO4rQtGARaXNK9Ww0jN3Yw+fShBVUO

Score

7^/10

Deletes itself 1 IoCs

Processes:

E86C.tmp

pid process

2704 E86C.tmp
Executes dropped EXE 1 IoCs

Processes:

E86C.tmp

pid process

2704 E86C.tmp

pid	process
2704	E86C.tmp

pid	process
2704	E86C.tmp

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

2024-02-12_9d8b66881928c8638e2c1135cd319a19_mafia.exe

description	pid	process	target process
PID 3516 wrote to memory of 2704	3516	2024-02-12_9d8b66881928c8638e2c1135cd319a19_mafia.exe	E86C.tmp
PID 3516 wrote to memory of 2704	3516	2024-02-12_9d8b66881928c8638e2c1135cd319a19_mafia.exe	E86C.tmp
PID 3516 wrote to memory of 2704	3516	2024-02-12_9d8b66881928c8638e2c1135cd319a19_mafia.exe	E86C.tmp

C:\Users\Admin\AppData\Local\Temp\2024-02-12_9d8b66881928c8638e2c1135cd319a19_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-02-12_9d8b66881928c8638e2c1135cd319a19_mafia.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3516

C:\Users\Admin\AppData\Local\Temp\E86C.tmp

Filesize
479KB

MD5
be9537fb2669bfe476c4e91bb78af59e

SHA1
1b0e4be20dff8b9d269d576e4d04c0cfbf5e7ade

SHA256
47718796a0b4acb6d2eb834c29139cd52aee272e4ed1952289f3b9f81758343d

SHA512
bc6f71e09de3d00083dda37ef162a9591e6472bd284c4919de8b8ed8b094580de9d09518a4fbdfa6d4920b0f7f7dccd9a1cb77b052e6e0f646d1371ba82368a4

Download Submit