24592e26c4aab323bc2c8dcdf2c1d9905b1926ecfd4be0395800665306c1687e

Analysis

max time kernel
144s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
12-02-2024 17:50

Target

2024-02-12_cfba430e7c5fb9efa9253d4461c8cf65_mafia.exe
Size

414KB
MD5

cfba430e7c5fb9efa9253d4461c8cf65
SHA1

fee80a75bd40d8fa65c0a37431c0482e002a9eb6
SHA256

24592e26c4aab323bc2c8dcdf2c1d9905b1926ecfd4be0395800665306c1687e
SHA512

264a3427616cfe3817cebaa7756336adeaa24a640125960d2b5d291f7c9df060879ea2dd70a07a150414aec6c7bf1037011fc09fcff7da856187ef25a791f560
SSDEEP

12288:Wq4w/ekieZgU6ZoqwqFSheJsJHGZt/tuZAl:Wq4w/ekieH6HwIIsluy

Score

7^/10

Deletes itself 1 IoCs

Processes:

44F8.tmp

pid process

348 44F8.tmp
Executes dropped EXE 1 IoCs

Processes:

44F8.tmp

pid process

348 44F8.tmp

pid	process
348	44F8.tmp

pid	process
348	44F8.tmp

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

2024-02-12_cfba430e7c5fb9efa9253d4461c8cf65_mafia.exe

description	pid	process	target process
PID 4696 wrote to memory of 348	4696	2024-02-12_cfba430e7c5fb9efa9253d4461c8cf65_mafia.exe	44F8.tmp
PID 4696 wrote to memory of 348	4696	2024-02-12_cfba430e7c5fb9efa9253d4461c8cf65_mafia.exe	44F8.tmp
PID 4696 wrote to memory of 348	4696	2024-02-12_cfba430e7c5fb9efa9253d4461c8cf65_mafia.exe	44F8.tmp

C:\Users\Admin\AppData\Local\Temp\2024-02-12_cfba430e7c5fb9efa9253d4461c8cf65_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-02-12_cfba430e7c5fb9efa9253d4461c8cf65_mafia.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4696

C:\Users\Admin\AppData\Local\Temp\44F8.tmp

Filesize
414KB

MD5
1c06c01bc0aa3ef6e760d3dd4cf79f12

SHA1
f1581603c88a22344ca1282c7465159fd9480139

SHA256
dda4ab8ea045cba786344f4d09667b94738bd73321f35a53d66c4c0fccc9456f

SHA512
07e370bc9fb120feebd729bf79e4396342c5b400c206bd0382a87e5b393191ccebc7c8b10faf4e3e259794ac7d7cff86c8a43b0adc987d7c6c943fc54dabc495

Download Submit