4bdfbe867c70423426fe46b02486dc2db7ea2914f4c62c28a5775c9a64985842

Analysis

max time kernel
139s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12-02-2024 17:52

Target

2024-02-12_dada41e3335d946f7687f9fe4820e9d3_mafia.exe
Size

486KB
MD5

dada41e3335d946f7687f9fe4820e9d3
SHA1

dce7840f92630f464941aa26bf3c2b5be04eb7c6
SHA256

4bdfbe867c70423426fe46b02486dc2db7ea2914f4c62c28a5775c9a64985842
SHA512

47237b669e476f02a3c927fbf492e5f19fd2db035a311582c37d1ed91773f8acfdfce01374d30a098fcea434cec7ba2ff0491a0c4a5f4d71a92dab079efaadf0
SSDEEP

12288:3O4rfItL8HPS8KYSGNhSBQ99idWwp/CT7rKxUYXhW:3O4rQtGPS8KYSGNcRJs3KxUYXhW

Score

7^/10

Deletes itself 1 IoCs

Processes:

EA7F.tmp

pid process

872 EA7F.tmp
Executes dropped EXE 1 IoCs

Processes:

EA7F.tmp

pid process

872 EA7F.tmp

pid	process
872	EA7F.tmp

pid	process
872	EA7F.tmp

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

2024-02-12_dada41e3335d946f7687f9fe4820e9d3_mafia.exe

description	pid	process	target process
PID 1388 wrote to memory of 872	1388	2024-02-12_dada41e3335d946f7687f9fe4820e9d3_mafia.exe	EA7F.tmp
PID 1388 wrote to memory of 872	1388	2024-02-12_dada41e3335d946f7687f9fe4820e9d3_mafia.exe	EA7F.tmp
PID 1388 wrote to memory of 872	1388	2024-02-12_dada41e3335d946f7687f9fe4820e9d3_mafia.exe	EA7F.tmp

C:\Users\Admin\AppData\Local\Temp\2024-02-12_dada41e3335d946f7687f9fe4820e9d3_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-02-12_dada41e3335d946f7687f9fe4820e9d3_mafia.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1388

C:\Users\Admin\AppData\Local\Temp\EA7F.tmp

Filesize
486KB

MD5
c52704b1c593ea83a3287bb134c8d329

SHA1
4fa256ef98844fa17886efe82c7171de951ff5e7

SHA256
7b09c78ddfe62da368d9007c0b6b4cd3bc58797ed008e7b282ebca49ee462aa6

SHA512
de2786dd9e4cc5554f78c3e67575249ebcf4c1b8cf3f44df12c2e83e2f77d5bb44eea865ed367da78746e634e249cac1cf61f3d9c47cdc6fc2f0ef624f45fc68

Download Submit