0c5ab1de4e0d41f19c161e5d3644033984d972c428bd42e70aced26f28076a0d

Analysis

max time kernel
141s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12-02-2024 17:51

Target

2024-02-12_d59ea4121ad9ec0c1c81f5ec74a26b91_mafia.exe
Size

479KB
MD5

d59ea4121ad9ec0c1c81f5ec74a26b91
SHA1

799d934e9ac4248c12654950e2ecbee697d6d6b0
SHA256

0c5ab1de4e0d41f19c161e5d3644033984d972c428bd42e70aced26f28076a0d
SHA512

9cf7fae830ec66952362281952d402529b37e78ac95fc2f57c977c040bc873db40cec59cf5bb90a1fcd88d7018970d9e979b0ccf34f680601706a04a041b7799
SSDEEP

12288:bO4rfItL8HAo2xcbh8mv8D+uU+fdF8OpmgF75UO:bO4rQtGATxct8mVL+fdaMVUO

Score

7^/10

Deletes itself 1 IoCs

Processes:

B2D5.tmp

pid process

4480 B2D5.tmp
Executes dropped EXE 1 IoCs

Processes:

B2D5.tmp

pid process

4480 B2D5.tmp

pid	process
4480	B2D5.tmp

pid	process
4480	B2D5.tmp

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

2024-02-12_d59ea4121ad9ec0c1c81f5ec74a26b91_mafia.exe

description	pid	process	target process
PID 3148 wrote to memory of 4480	3148	2024-02-12_d59ea4121ad9ec0c1c81f5ec74a26b91_mafia.exe	B2D5.tmp
PID 3148 wrote to memory of 4480	3148	2024-02-12_d59ea4121ad9ec0c1c81f5ec74a26b91_mafia.exe	B2D5.tmp
PID 3148 wrote to memory of 4480	3148	2024-02-12_d59ea4121ad9ec0c1c81f5ec74a26b91_mafia.exe	B2D5.tmp

C:\Users\Admin\AppData\Local\Temp\2024-02-12_d59ea4121ad9ec0c1c81f5ec74a26b91_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-02-12_d59ea4121ad9ec0c1c81f5ec74a26b91_mafia.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3148

C:\Users\Admin\AppData\Local\Temp\B2D5.tmp

Filesize
479KB

MD5
a73a51af7eeaf09563c90abf631662b5

SHA1
9dd7dcbe1ac4f71bd8b18e9dd1f57ac67899e1fa

SHA256
5052b0df4b50983b7b613a1c33b9ae83fc1bff16f0738982d989f5518b89364c

SHA512
021e42cdee216e10f2acc524875ff430840d7151c982e81989c9f101ebde42737b4b267c6ec6bc62790f360cdd7ee12b06af1963a7032f4bb873fac6cf5ef852

Download Submit